first XKMS implementation framework (disabled by default)

10 files changed, 676 insertions, 19 deletions

diff --git a/ChangeLog b/ChangeLog
index 366286a1..6d60c6e7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Apr 29 16:37:18 2003  Aleksey Sanin  <aleksey@aleksey.com>
+
+	* configure.in include/xmlsec/Makefile.am include/xmlsec/strings.h
+	include/xmlsec/xkms.h include/xmlsec/xmlsec.h
+	src/Makefile.am src/strings.c src/xkms.c apps/xmlsec.c: first 
+	XKMS framework (disabled by default)
+
 Mon Apr 28 21:13:03 2003  Aleksey Sanin  <aleksey@aleksey.com>
 
 	* docs/download.html docs/index.html docs/news.html: preparing
diff --git a/apps/xmlsec.c b/apps/xmlsec.c
index e8befd21..cb4b3479 100644
--- a/apps/xmlsec.c
+++ b/apps/xmlsec.c
@@ -33,6 +33,7 @@
 #include <xmlsec/transforms.h>
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/xmlenc.h>
+#include <xmlsec/xkms.h>
 #include <xmlsec/parser.h>
 #include <xmlsec/templates.h>
 #include <xmlsec/errors.h>
@@ -71,6 +72,10 @@ static const char helpCommands2[] =
     "  --encrypt   "	"\tencrypt data and output XML document\n"
     "  --decrypt   "	"\tdecrypt data from XML document\n"
 #endif /* XMLSEC_NO_XMLENC */
+#ifndef XMLSEC_NO_XKMS
+    "  --xkms-locate "	"\tprocess data as XKMS locate key request\n"
+    "  --xkms-validate ""\tprocess data as XKMS validate key request\n"
+#endif /* XMLSEC_NO_XKMS */
     ;
 
 static const char helpVersion[] = 
@@ -106,6 +111,14 @@ static const char helpDecrypt[] =
     "Usage: xmlsec decrypt [<options>] <file>\n"
     "Decrypts XML Encryption data in the <file>\n";
 
+static const char helpXkmsLocate[] =  
+    "Usage: xmlsec xkms-locate [<options>] <file>\n"
+    "Processes the <file> as XKMS (XKISS) locate request and outputs the response\n";
+
+static const char helpXkmsValidate[] =  
+    "Usage: xmlsec xkms-validate [<options>] <file>\n"
+    "Processes the <file> as XKMS (XKISS) validate request and outputs the response\n";
+
 static const char helpListKeyData[] =     
     "Usage: xmlsec list-key-data\n"
     "Prints the list of known key data klasses\n";
@@ -121,9 +134,10 @@ static const char helpListTransforms[] =
 #define xmlSecAppCmdLineTopicEncCommon		0x0010
 #define xmlSecAppCmdLineTopicEncEncrypt		0x0020
 #define xmlSecAppCmdLineTopicEncDecrypt		0x0040
-#define xmlSecAppCmdLineTopicKeysMngr		0x0080
-#define xmlSecAppCmdLineTopicX509Certs		0x0100
-#define xmlSecAppCmdLineTopicVersion		0x0200
+#define xmlSecAppCmdLineTopicXkmsCommon		0x0080
+#define xmlSecAppCmdLineTopicKeysMngr		0x1000
+#define xmlSecAppCmdLineTopicX509Certs		0x2000
+#define xmlSecAppCmdLineTopicVersion		0x4000
 #define xmlSecAppCmdLineTopicAll		0xFFFF
 
 /****************************************************************
@@ -671,7 +685,9 @@ typedef enum {
     xmlSecAppCommandSignTmpl,
     xmlSecAppCommandEncrypt,
     xmlSecAppCommandDecrypt,
-    xmlSecAppCommandEncryptTmpl
+    xmlSecAppCommandEncryptTmpl,
+    xmlSecAppCommandXkmsLocate,
+    xmlSecAppCommandXkmsValidate
 } xmlSecAppCommand;
 
 typedef struct _xmlSecAppXmlData				xmlSecAppXmlData,
@@ -719,6 +735,13 @@ static int			xmlSecAppPrepareEncCtx		(xmlSecEncCtxPtr encCtx);
 static void			xmlSecAppPrintEncCtx		(xmlSecEncCtxPtr encCtx);
 #endif /* XMLSEC_NO_XMLENC */
 
+#ifndef XMLSEC_NO_XKMS
+static int			xmlSecAppXkmsLocate		(const char* filename);
+static int			xmlSecAppXkmsValidate		(const char* filename);
+static int			xmlSecAppPrepareXkmsCtx		(xmlSecXkmsCtxPtr xkmsCtx);
+static void			xmlSecAppPrintXkmsCtx		(xmlSecXkmsCtxPtr xkmsCtx);
+#endif /* XMLSEC_NO_XKMS */
+
 static void			xmlSecAppListKeyData		(void);
 static void			xmlSecAppListTransforms		(void);
 
@@ -882,6 +905,25 @@ int main(int argc, const char **argv) {
 	    break;
 #endif /* XMLSEC_NO_TMPL_TEST */
 #endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_XKMS
+	case xmlSecAppCommandXkmsLocate:
+	    for(i = pos; i < argc; ++i) {
+    	        if(xmlSecAppXkmsLocate(argv[i]) < 0) {
+		    fprintf(stderr, "Error: failed to process xkms locate request from file \"%s\"\n", argv[i]);
+		    goto fail;
+		}
+	    }
+	    break;
+	case xmlSecAppCommandXkmsValidate:
+	    for(i = pos; i < argc; ++i) {
+    	        if(xmlSecAppXkmsValidate(argv[i]) < 0) {
+		    fprintf(stderr, "Error: failed to process xkms locate request from file \"%s\"\n", argv[i]);
+		    goto fail;
+		}
+	    }
+	    break;
+#endif /* XMLSEC_NO_XKMS */
 	default:
 	    fprintf(stderr, "Error: invalid command %d\n", command);
 	    xmlSecAppPrintUsage();
@@ -1565,6 +1607,175 @@ xmlSecAppPrintEncCtx(xmlSecEncCtxPtr encCtx) {
 
 #endif /* XMLSEC_NO_XMLENC */
 
+#ifndef XMLSEC_NO_XKMS
+static int 
+xmlSecAppXkmsLocate(const char* filename) {
+    xmlSecAppXmlDataPtr data = NULL;
+    xmlSecXkmsCtx xkmsCtx;
+    clock_t start_time;
+    int res = -1;
+
+    if(filename == NULL) {
+	return(-1);
+    }
+
+    if(xmlSecXkmsCtxInitialize(&xkmsCtx, gKeysMngr) < 0) {
+	fprintf(stderr, "Error: xkms context initialization failed\n");
+	return(-1);
+    }
+    if(xmlSecAppPrepareXkmsCtx(&xkmsCtx) < 0) {
+	fprintf(stderr, "Error: xkms context preparation failed\n");
+	goto done;
+    }
+
+    /* parse template and select start node */
+    data = xmlSecAppXmlDataCreate(filename, xmlSecNodeLocateRequest, xmlSecXkmsNs);
+    if(data == NULL) {
+	fprintf(stderr, "Error: failed to load template \"%s\"\n", filename);
+	goto done;
+    }
+
+    start_time = clock();  
+        
+#ifdef TODO
+    if(xmlSecXkmsCtxLocate(&xkmsCtx, data->startNode) < 0) {
+	fprintf(stderr, "Error: failed to process locate request\n");
+	goto done;
+    }
+#endif /* TODO */    
+    total_time += clock() - start_time;    
+    
+    /* print out result only once per execution */
+#ifdef TODO
+    if(repeats <= 1) {
+	if(xkmsCtx.resultReplaced) {
+	    if(xmlSecAppWriteResult(data->doc, NULL) < 0) {
+		goto done;
+	    }
+	} else {
+	    if(xmlSecAppWriteResult(NULL, xkmsCtx.result) < 0) {
+		goto done;
+	    }
+	}	
+    }
+#endif /* TODO */    
+
+    res = 0;    
+
+done:
+    /* print debug info if requested */
+    if(repeats <= 1) { 
+        xmlSecAppPrintXkmsCtx(&xkmsCtx);
+    }
+    xmlSecXkmsCtxFinalize(&xkmsCtx);
+
+    if(data != NULL) {
+	xmlSecAppXmlDataDestroy(data);
+    }
+    return(res);
+}
+
+static int 
+xmlSecAppXkmsValidate(const char* filename) {
+    xmlSecAppXmlDataPtr data = NULL;
+    xmlSecXkmsCtx xkmsCtx;
+    clock_t start_time;
+    int res = -1;
+
+    if(filename == NULL) {
+	return(-1);
+    }
+
+    if(xmlSecXkmsCtxInitialize(&xkmsCtx, gKeysMngr) < 0) {
+	fprintf(stderr, "Error: xkms context initialization failed\n");
+	return(-1);
+    }
+    if(xmlSecAppPrepareXkmsCtx(&xkmsCtx) < 0) {
+	fprintf(stderr, "Error: xkms context preparation failed\n");
+	goto done;
+    }
+
+    /* parse template and select start node */
+    data = xmlSecAppXmlDataCreate(filename, xmlSecNodeValidateRequest, xmlSecXkmsNs);
+    if(data == NULL) {
+	fprintf(stderr, "Error: failed to load template \"%s\"\n", filename);
+	goto done;
+    }
+
+    start_time = clock();  
+        
+#ifdef TODO
+    if(xmlSecXkmsCtxValidate(&xkmsCtx, data->startNode) < 0) {
+	fprintf(stderr, "Error: failed to process validate request\n");
+	goto done;
+    }
+#endif /* TODO */    
+    total_time += clock() - start_time;    
+    
+    /* print out result only once per execution */
+#ifdef TODO
+    if(repeats <= 1) {
+	if(xkmsCtx.resultReplaced) {
+	    if(xmlSecAppWriteResult(data->doc, NULL) < 0) {
+		goto done;
+	    }
+	} else {
+	    if(xmlSecAppWriteResult(NULL, xkmsCtx.result) < 0) {
+		goto done;
+	    }
+	}	
+    }
+#endif /* TODO */    
+
+    res = 0;    
+
+done:
+    /* print debug info if requested */
+    if(repeats <= 1) { 
+        xmlSecAppPrintXkmsCtx(&xkmsCtx);
+    }
+    xmlSecXkmsCtxFinalize(&xkmsCtx);
+
+    if(data != NULL) {
+	xmlSecAppXmlDataDestroy(data);
+    }
+    return(res);
+}
+
+static int
+xmlSecAppPrepareXkmsCtx(xmlSecXkmsCtxPtr xkmsCtx) {    
+    if(xkmsCtx == NULL) {
+	fprintf(stderr, "Error: xkms context is null\n");
+	return(-1);
+    }
+
+    /* set key info params */
+    if(xmlSecAppPrepareKeyInfoReadCtx(&(xkmsCtx->keyInfoReadCtx)) < 0) {
+	fprintf(stderr, "Error: failed to prepare key info context\n");
+	return(-1);
+    }
+
+    return(0);
+}
+
+static void 
+xmlSecAppPrintXkmsCtx(xmlSecXkmsCtxPtr xkmsCtx) {
+    if(xkmsCtx == NULL) {
+	return;
+    }
+    
+    /* print debug info if requested */
+    if((print_debug != 0) || xmlSecAppCmdLineParamIsSet(&printDebugParam)) {
+	xmlSecXkmsCtxDebugDump(xkmsCtx, stdout);
+    }
+    
+    if(xmlSecAppCmdLineParamIsSet(&printXmlDebugParam)) {	   
+	xmlSecXkmsCtxDebugXmlDump(xkmsCtx, stdout);
+    }
+}
+
+#endif /* XMLSEC_NO_XKMS */
+
 static void 
 xmlSecAppListKeyData(void) {
     fprintf(stdout, "Registered key data klasses:\n");
@@ -2155,6 +2366,23 @@ xmlSecAppParseCommand(const char* cmd, xmlSecAppCmdLineParamTopic* cmdLineTopics
 #endif /* XMLSEC_NO_TMPL_TEST */
 #endif /* XMLSEC_NO_XMLENC */
 
+#ifndef XMLSEC_NO_XKMS
+    if((strcmp(cmd, "xkms-locate") == 0) || (strcmp(cmd, "--xkms-locate") == 0)) {
+	(*cmdLineTopics) = xmlSecAppCmdLineTopicGeneral |
+			xmlSecAppCmdLineTopicXkmsCommon |
+			xmlSecAppCmdLineTopicKeysMngr |
+			xmlSecAppCmdLineTopicX509Certs;
+	return(xmlSecAppCommandXkmsLocate);
+    } else 
+    if((strcmp(cmd, "xkms-validate") == 0) || (strcmp(cmd, "--xkms-validate") == 0)) {
+	(*cmdLineTopics) = xmlSecAppCmdLineTopicGeneral |
+			xmlSecAppCmdLineTopicXkmsCommon |
+			xmlSecAppCmdLineTopicKeysMngr |
+			xmlSecAppCmdLineTopicX509Certs;
+	return(xmlSecAppCommandXkmsValidate);
+    } else
+#endif /* XMLSEC_NO_XKMS */
+
     if(1) {
 	(*cmdLineTopics) = 0;
 	return(xmlSecAppCommandUnknown);
@@ -2198,6 +2426,12 @@ xmlSecAppPrintHelp(xmlSecAppCommand command, xmlSecAppCmdLineParamTopic topics)
     case xmlSecAppCommandEncryptTmpl:
 	fprintf(stdout, "%s\n", helpEncryptTmpl);
         break;
+    case xmlSecAppCommandXkmsLocate:
+	fprintf(stdout, "%s\n", helpXkmsLocate);
+        break;
+    case xmlSecAppCommandXkmsValidate:
+	fprintf(stdout, "%s\n", helpXkmsValidate);
+        break;
     }
     if(topics != 0) {
 	fprintf(stdout, "Options:\n");
diff --git a/configure.in b/configure.in
index 634630a3..dee05b3d 100644
--- a/configure.in
+++ b/configure.in
@@ -61,22 +61,22 @@ XMLSEC_DEFINES=""
 
 dnl ==========================================================================
 dnl Specific setup for Aleksey's development environment: 
+dnl	- with xkms support (while in development)
 dnl	- with debug
 dnl 	- with pedantic compiler flags
 dnl	- with static binaries
 dnl ==========================================================================
-XMLSEC_STATIC_BINARIES=""
 AC_MSG_CHECKING(for development environment) 
-AC_ARG_ENABLE(development,   [  --enable-development       enable development environment (no)])
+AC_ARG_ENABLE(development,   [  --enable-development    enable development environment (no)])
 if test "$enable_development" = "yes" -o "${LOGNAME}" = "aleksey" ; then
-    dnl CFLAGS="$CFLAGS -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
-    CFLAGS="$CFLAGS -g -O -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
-    XMLSEC_STATIC_BINARIES="-static"
+    enable_xkms="yes"
+    enable_debuging="yes"
+    enable_pedantic="yes"
+    enable_static_linking="yes"
     AC_MSG_RESULT(yes)
 else
     AC_MSG_RESULT(no)
 fi    
-AC_SUBST(XMLSEC_STATIC_BINARIES)
 
 
 dnl ==========================================================================
@@ -99,8 +99,8 @@ LIBXML_PREFIX=""
 LIBXML_CFLAG=""
 LIBXML_LIBS=""
 AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_MIN_VERSION) 
-AC_ARG_WITH(libxml, [  --with-libxml=[PFX]     libxml2 location])
-if test "$with_libxml" = "no" ; then
+AC_ARG_WITH(libxml, [  --with-libxml=[PFX]       libxml2 location])
+if test "$with_libxml" = "no" ; then 
     AC_MSG_ERROR(libxml2 is required for $PACKAGE)
 else
     if test "$with_libxml" != "" ; then
@@ -141,7 +141,7 @@ LIBXSLT_PREFIX=""
 LIBXSLT_CFLAGS=""
 LIBXSLT_LIBS=""
 AC_MSG_CHECKING(for libxslt libraries >= $LIBXSLT_MIN_VERSION) 
-AC_ARG_WITH(libxslt, [  --with-libxslt=[PFX]    libxslt location])
+AC_ARG_WITH(libxslt, [  --with-libxslt=[PFX]      libxslt location])
 if test "$with_libxslt" = "no" ; then
     LIBXSLT_WITHOUT="yes"
     XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1"
@@ -207,7 +207,7 @@ OPENSSL_CFLAGS=""
 OPENSSL_LIBS=""
 OPENSSL_LDADDS=""
 AC_MSG_CHECKING(for openssl libraries >= $OPENSSL_MIN_VERSION) 
-AC_ARG_WITH(openssl, [  --with-openssl=[PFX]    openssl location])
+AC_ARG_WITH(openssl, [  --with-openssl=[PFX]      openssl location])
 if test "$with_openssl" = "no" ; then
     OPENSSL_WITHOUT="yes"
     XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST openssl"
@@ -320,7 +320,7 @@ GNUTLS_CFLAGS=""
 GNUTLS_LIBS=""
 GNUTLS_LDADDS=""
 AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION) 
-AC_ARG_WITH(gnutls, [  --with-gnutls=[PFX]    gnutls location])
+AC_ARG_WITH(gnutls, [  --with-gnutls=[PFX]       gnutls location])
 if test "$with_gnutls" = "no" ; then
     GNUTLS_WITHOUT="yes"
     XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gnutls"
@@ -395,7 +395,7 @@ ac_mozilla_name=mozilla-$NSS_MIN_VERSION
 ac_nss_lib_dir="/usr/lib /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
 ac_nss_inc_dir="/usr/include /usr/local/include /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
 AC_MSG_CHECKING(for nss libraries >= $NSS_MIN_VERSION) 
-AC_ARG_WITH(nss, [  --with-nss=[PFX]    nss location])
+AC_ARG_WITH(nss, [  --with-nss=[PFX]          nss location])
 if test "$with_nss" = "no" ; then
     NSS_WITHOUT="yes"
     XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST nss"
@@ -636,6 +636,21 @@ fi
 AC_SUBST(XMLSEC_NO_XMLENC)
 
 dnl ==========================================================================
+dnl See do we need XKMS suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for XMKMS support) 
+AC_ARG_ENABLE(xkms,   [  --enable-xkms           enable XKMS support (no)])
+if test "$enable_xkms" = "yes" ; then
+    XMLSEC_NO_XKMS="0"
+    AC_MSG_RESULT(yes)
+else
+    XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XKMS=1"
+    XMLSEC_NO_XKMS="1"
+    AC_MSG_RESULT(no)
+fi    
+AC_SUBST(XMLSEC_NO_XKMS)
+
+dnl ==========================================================================
 dnl See do we need Simple Keys Manager 
 dnl ==========================================================================
 AC_MSG_CHECKING(for Simple Keys Manager testing) 
@@ -651,8 +666,8 @@ dnl ==========================================================================
 dnl See do we need templates tests
 dnl ==========================================================================
 AC_MSG_CHECKING(for templates testing) 
-AC_ARG_ENABLE(skm,   [  --enable-tmpl-tests           enable templates testing in xmlsec utility (yes)])
-if test "$enable_tmpl_tests" = "no" ; then
+AC_ARG_ENABLE(skm,   [  --enable-tmpl-tests     enable templates testing in xmlsec utility (yes)])
+if test "$enable_tmpl_tests" = "yes" ; then
     XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_TMPL_TEST=1"
     AC_MSG_RESULT(no)
 else
@@ -660,18 +675,57 @@ else
 fi    
 
 dnl ==========================================================================
+dnl Debug 
+dnl ==========================================================================
+AC_MSG_CHECKING(for debuging) 
+AC_ARG_ENABLE(debuging,   [  --enable-debuging       enable debuging compilation flags (no)])
+if test "$enable_debuging" = "yes" ; then
+    CFLAGS="$CFLAGS -g"
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi    
+
+dnl ==========================================================================
 dnl Profiling 
 dnl ==========================================================================
 AC_MSG_CHECKING(for profiling) 
-AC_ARG_ENABLE(profiling,   [  --enable-profiling       enable profiling compilation flags (no)])
+AC_ARG_ENABLE(profiling,   [  --enable-profiling      enable profiling compilation flags (no)])
 if test "$enable_profiling" = "yes" ; then
     CFLAGS="$CFLAGS -pg"
     AC_MSG_RESULT(yes)
 else
     AC_MSG_RESULT(no)
+fi 
+
+dnl ==========================================================================
+dnl Pedantic compilation
+dnl ==========================================================================
+AC_MSG_CHECKING(for pedantic) 
+AC_ARG_ENABLE(pedantic,   [  --enable-pedantic       enable pedantic compilation flags (no)])
+if test "$enable_pedantic" = "yes" ; then
+    dnl CFLAGS="$CFLAGS -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+    CFLAGS="$CFLAGS -O -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
 fi    
 
 dnl ==========================================================================
+dnl Static linking
+dnl ==========================================================================
+XMLSEC_STATIC_BINARIES=""
+AC_MSG_CHECKING(for static linking) 
+AC_ARG_ENABLE(static_linking,   [  --enable-static-linking enable static linking (no)])
+if test "$enable_static_linking" = "yes" ; then
+    XMLSEC_STATIC_BINARIES="-static"
+    AC_MSG_RESULT(yes)
+else
+    AC_MSG_RESULT(no)
+fi    
+AC_SUBST(XMLSEC_STATIC_BINARIES)
+
+dnl ==========================================================================
 dnl Final steps: xmlsec config
 dnl ==========================================================================
 XMLSEC_CFLAGS="$XMLSEC_DEFINES -I${includedir}/xmlsec1 $LIBXML_CFLAGS $LIBXSLT_CFLAGS $XMLSEC_CRYPTO_CFLAGS -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\""
diff --git a/include/xmlsec/Makefile.am b/include/xmlsec/Makefile.am
index 33126135..30cf405a 100644
--- a/include/xmlsec/Makefile.am
+++ b/include/xmlsec/Makefile.am
@@ -24,6 +24,7 @@ xmlsecinc_HEADERS = \
 	templates.h \
 	transforms.h \
 	version.h \
+	xkms.h \
 	xmldsig.h \
 	xmlenc.h \
 	xmlsec.h \
diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h
index 4b4c5b9f..4ea42ea1 100644
--- a/include/xmlsec/strings.h
+++ b/include/xmlsec/strings.h
@@ -27,6 +27,7 @@ extern "C" {
 XMLSEC_EXPORT_VAR const xmlChar xmlSecNs[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecDSigNs[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecEncNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsNs[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecXPathNs[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2Ns[];
 XMLSEC_EXPORT_VAR const xmlChar xmlSecXPointerNs[];
@@ -68,6 +69,14 @@ XMLSEC_EXPORT_VAR const xmlChar xmlSecTypeEncElement[];
 
 /*************************************************************************
  *
+ * XKMS Nodes
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeLocateRequest[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValidateRequest[];
+
+/*************************************************************************
+ *
  * KeyInfo and Transform Nodes
  *
  ************************************************************************/
diff --git a/include/xmlsec/xkms.h b/include/xmlsec/xkms.h
new file mode 100644
index 00000000..fa07388d
--- /dev/null
+++ b/include/xmlsec/xkms.h
@@ -0,0 +1,77 @@
+/** 
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Key Management Specification v 2.0" implementation
+ *  http://www.w3.org/TR/xkms2/
+ * 
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ * 
+ * Copyrigth (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_XKMS_H__
+#define __XMLSEC_XKMS_H__    
+
+#ifndef XMLSEC_NO_XKMS
+	
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */ 
+#include <stdio.h>		
+
+#include <libxml/tree.h>
+#include <libxml/parser.h> 
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+
+/** 
+ * xmlSecXkmsCtx:
+ * @userData:			the pointer to user data (xmlsec and xmlsec-crypto libraries
+ *				never touches this).
+ * @flags:			the XML Encryption processing flags.
+ * @flags2:			the XML Encryption processing flags.
+ * @keyInfoReadCtx:		the reading key context.
+ * @keyInfoWriteCtx:		the writing key context (not used for signature verification).
+ * @reserved0:			reserved for the future.
+ * @reserved1:			reserved for the future.
+ * 
+ * XKMS context.
+ */
+struct _xmlSecXkmsCtx {
+    /* these data user can set before performing the operation */
+    void*			userData;
+    unsigned int		flags;
+    unsigned int		flags2;    
+    xmlSecKeyInfoCtx		keyInfoReadCtx;
+    xmlSecKeyInfoCtx		keyInfoWriteCtx;
+    
+    /* reserved for future */
+    void*			reserved0;
+    void*			reserved1;
+};
+
+XMLSEC_EXPORT xmlSecXkmsCtxPtr	xmlSecXkmsCtxCreate		(xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void 		xmlSecXkmsCtxDestroy		(xmlSecXkmsCtxPtr xkmsCtx);
+XMLSEC_EXPORT int		xmlSecXkmsCtxInitialize		(xmlSecXkmsCtxPtr xkmsCtx,
+								 xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void		xmlSecXkmsCtxFinalize		(xmlSecXkmsCtxPtr xkmsCtx);
+XMLSEC_EXPORT int		xmlSecXkmsCtxCopyUserPref	(xmlSecXkmsCtxPtr dst,
+								 xmlSecXkmsCtxPtr src);
+XMLSEC_EXPORT void		xmlSecXkmsCtxReset		(xmlSecXkmsCtxPtr xkmsCtx);
+XMLSEC_EXPORT void		xmlSecXkmsCtxDebugDump		(xmlSecXkmsCtxPtr xkmsCtx,
+								 FILE* output);
+XMLSEC_EXPORT void		xmlSecXkmsCtxDebugXmlDump	(xmlSecXkmsCtxPtr xkmsCtx,
+								 FILE* output);
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_XKMS */
+
+#endif /* __XMLSEC_XKMS_H__ */
+
diff --git a/include/xmlsec/xmlsec.h b/include/xmlsec/xmlsec.h
index 5455f945..3a01c932 100644
--- a/include/xmlsec/xmlsec.h
+++ b/include/xmlsec/xmlsec.h
@@ -76,6 +76,10 @@ typedef struct _xmlSecDSigCtx 			xmlSecDSigCtx, *xmlSecDSigCtxPtr;
 typedef struct _xmlSecEncCtx 			xmlSecEncCtx, *xmlSecEncCtxPtr; 
 #endif /* XMLSEC_NO_XMLENC */
 
+#ifndef XMLSEC_NO_XKMS
+typedef struct _xmlSecXkmsCtx 			xmlSecXkmsCtx, *xmlSecXkmsCtxPtr; 
+#endif /* XMLSEC_NO_XKMS */
+
 XMLSEC_EXPORT int	xmlSecInit		(void);
 XMLSEC_EXPORT int	xmlSecShutdown		(void);
 
diff --git a/src/Makefile.am b/src/Makefile.am
index 5c0c5f04..48adafba 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -38,6 +38,7 @@ libxmlsec1_la_SOURCES =\
 	strings.c \
 	templates.c \
 	transforms.c \
+	xkms.c \
 	xmldsig.c \
 	xmlenc.c \
 	xmlsec.c \
diff --git a/src/strings.c b/src/strings.c
index dc01f7bf..8f7347b0 100644
--- a/src/strings.c
+++ b/src/strings.c
@@ -22,6 +22,7 @@
 const xmlChar xmlSecNs[] 			= "http://www.aleksey.com/xmlsec/2002";
 const xmlChar xmlSecDSigNs[] 			= "http://www.w3.org/2000/09/xmldsig#";
 const xmlChar xmlSecEncNs[] 			= "http://www.w3.org/2001/04/xmlenc#";
+const xmlChar xmlSecXkmsNs[] 			= "http://www.w3.org/2002/03/xkms#";
 const xmlChar xmlSecXPathNs[] 			= "http://www.w3.org/TR/1999/REC-xpath-19991116";
 const xmlChar xmlSecXPath2Ns[] 			= "http://www.w3.org/2002/06/xmldsig-filter2";
 const xmlChar xmlSecXPointerNs[]		= "http://www.w3.org/2001/04/xmldsig-more/xptr";
@@ -62,6 +63,14 @@ const xmlChar xmlSecTypeEncElement[]		= "http://www.w3.org/2001/04/xmlenc#Elemen
 
 /*************************************************************************
  *
+ * XKMS Nodes
+ *
+ ************************************************************************/
+const xmlChar xmlSecNodeLocateRequest[]		= "LocateRequest";
+const xmlChar xmlSecNodeValidateRequest[]	= "ValidateRequest";
+
+/*************************************************************************
+ *
  * KeyInfo Nodes
  *
  ************************************************************************/
diff --git a/src/xkms.c b/src/xkms.c
new file mode 100644
index 00000000..72329e3c
--- /dev/null
+++ b/src/xkms.c
@@ -0,0 +1,261 @@
+/** 
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Key Management Specification v 2.0" implementation
+ *  http://www.w3.org/TR/xkms2/
+ * 
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ * 
+ * Copyrigth (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_XKMS
+ 
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h> 
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/xkms.h>
+#include <xmlsec/errors.h>
+
+/* The ID attribute in XKMS is 'Id' */
+static const xmlChar*		xmlSecXkmsIds[] = { BAD_CAST "Id", NULL };
+
+
+/**
+ * xmlSecXkmsCtxCreate:
+ * @keysMngr: 		the pointer to keys manager.
+ *
+ * Creates XKMS processing context.
+ * The caller is responsible for destroying returend object by calling 
+ * #xmlSecXkmsCtxDestroy function.
+ *
+ * Returns pointer to newly allocated context object or NULL if an error
+ * occurs.
+ */
+xmlSecXkmsCtxPtr	
+xmlSecXkmsCtxCreate(xmlSecKeysMngrPtr keysMngr) {
+    xmlSecXkmsCtxPtr xkmsCtx;
+    int ret;
+    
+    xkmsCtx = (xmlSecXkmsCtxPtr) xmlMalloc(sizeof(xmlSecXkmsCtx));
+    if(xkmsCtx == NULL) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    NULL,
+		    XMLSEC_ERRORS_R_MALLOC_FAILED,
+		    "sizeof(xmlSecXkmsCtx)=%d", 
+		    sizeof(xmlSecXkmsCtx));
+	return(NULL);
+    }
+    
+    ret = xmlSecXkmsCtxInitialize(xkmsCtx, keysMngr);
+    if(ret < 0) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "xmlSecXkmsCtxInitialize",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	xmlSecXkmsCtxDestroy(xkmsCtx);
+	return(NULL);   
+    }
+    return(xkmsCtx);    
+}
+
+/**
+ * xmlSecXkmsCtxDestroy:
+ * @xkmsCtx:		the pointer to XKMS processing context.
+ *
+ * Destroy context object created with #xmlSecXkmsCtxCreate function.
+ */
+void  
+xmlSecXkmsCtxDestroy(xmlSecXkmsCtxPtr xkmsCtx) {
+    xmlSecAssert(xkmsCtx != NULL);
+    
+    xmlSecXkmsCtxFinalize(xkmsCtx);
+    xmlFree(xkmsCtx);
+}
+
+/**
+ * xmlSecXkmsCtxInitialize:
+ * @xkmsCtx:		the pointer to XKMS processing context.
+ * @keysMngr: 		the pointer to keys manager.
+ *
+ * Initializes XKMS element processing context.
+ * The caller is responsible for cleaing up returend object by calling 
+ * #xmlSecXkmsCtxFinalize function.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int 
+xmlSecXkmsCtxInitialize(xmlSecXkmsCtxPtr xkmsCtx, xmlSecKeysMngrPtr keysMngr) {
+    int ret;
+    
+    xmlSecAssert2(xkmsCtx != NULL, -1);
+    
+    memset(xkmsCtx, 0, sizeof(xmlSecXkmsCtx));
+
+    /* initialize key info */
+    ret = xmlSecKeyInfoCtxInitialize(&(xkmsCtx->keyInfoReadCtx), keysMngr);
+    if(ret < 0) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "xmlSecKeyInfoCtxInitialize",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);   
+    }
+    xkmsCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
+    
+    ret = xmlSecKeyInfoCtxInitialize(&(xkmsCtx->keyInfoWriteCtx), keysMngr);
+    if(ret < 0) {
+	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "xmlSecKeyInfoCtxInitialize",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);   
+    }
+    xkmsCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
+
+    return(0);
+}
+
+/**
+ * xmlSecXkmsCtxFinalize:
+ * @xkmsCtx:		the pointer to XKMS processing context.
+ *
+ * Cleans up @xkmsCtx object.
+ */
+void 
+xmlSecXkmsCtxFinalize(xmlSecXkmsCtxPtr xkmsCtx) {
+    xmlSecAssert(xkmsCtx != NULL);
+
+    xmlSecXkmsCtxReset(xkmsCtx);
+    
+    xmlSecKeyInfoCtxFinalize(&(xkmsCtx->keyInfoReadCtx));
+    xmlSecKeyInfoCtxFinalize(&(xkmsCtx->keyInfoWriteCtx));
+
+    memset(xkmsCtx, 0, sizeof(xmlSecXkmsCtx));
+}
+
+/**
+ * xmlSecXkmsCtxReset:
+ * @xkmsCtx:		the pointer to XKMS processing context.
+ *
+ * Resets @xkmsCtx object, user settings are not touched.
+ */
+void 
+xmlSecXkmsCtxReset(xmlSecXkmsCtxPtr xkmsCtx) {
+    xmlSecAssert(xkmsCtx != NULL);
+    
+    xmlSecKeyInfoCtxReset(&(xkmsCtx->keyInfoReadCtx));
+    xmlSecKeyInfoCtxReset(&(xkmsCtx->keyInfoWriteCtx));
+}
+
+/**
+ * xmlSecXkmsCtxCopyUserPref:
+ * @dst:		the pointer to destination context.
+ * @src:		the pointer to source context.
+ * 
+ * Copies user preference from @src context to @dst.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int 
+xmlSecXkmsCtxCopyUserPref(xmlSecXkmsCtxPtr dst, xmlSecXkmsCtxPtr src) {
+    int ret;
+    
+    xmlSecAssert2(dst != NULL, -1);
+    xmlSecAssert2(src != NULL, -1);
+
+    dst->userData 	= src->userData;
+    dst->flags		= src->flags;
+    dst->flags2		= src->flags2;
+
+    ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx));
+    if(ret < 0) {
+    	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "xmlSecKeyInfoCtxCopyUserPref",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
+
+    ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx));
+    if(ret < 0) {
+    	xmlSecError(XMLSEC_ERRORS_HERE,
+		    NULL,
+		    "xmlSecKeyInfoCtxCopyUserPref",
+		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+		    XMLSEC_ERRORS_NO_MESSAGE);
+	return(-1);
+    }
+
+    return(0);
+} 
+
+/**
+ * xmlSecXkmsCtxDebugDump:
+ * @xkmsCtx:		the pointer to XKMS processing context.
+ * @output:		the pointer to output FILE.
+ *
+ * Prints the debug information about @xkmsCtx to @output.
+ */
+void 
+xmlSecXkmsCtxDebugDump(xmlSecXkmsCtxPtr xkmsCtx, FILE* output) {
+    xmlSecAssert(xkmsCtx != NULL);
+
+    fprintf(output, "= XKMS CONTEXT\n");
+    fprintf(output, "== flags: 0x%08x\n", xkmsCtx->flags);
+    fprintf(output, "== flags2: 0x%08x\n", xkmsCtx->flags2);
+
+    fprintf(output, "== Key Info Read Ctx:\n");
+    xmlSecKeyInfoCtxDebugDump(&(xkmsCtx->keyInfoReadCtx), output);
+
+    fprintf(output, "== Key Info Write Ctx:\n");
+    xmlSecKeyInfoCtxDebugDump(&(xkmsCtx->keyInfoWriteCtx), output);
+}
+
+/**
+ * xmlSecXkmsCtxDebugXmlDump:
+ * @xkmsCtx:		the pointer to XKMS processing context.
+ * @output:		the pointer to output FILE.
+ *
+ * Prints the debug information about @xkmsCtx to @output in XML format.
+ */
+void 
+xmlSecXkmsCtxDebugXmlDump(xmlSecXkmsCtxPtr xkmsCtx, FILE* output) {
+    xmlSecAssert(xkmsCtx != NULL);
+
+    fprintf(output, "<DataEncryptionContext>\n");
+    fprintf(output, "<Flags>%08x</Flags>\n", xkmsCtx->flags);
+    fprintf(output, "<Flags2>%08x</Flags2>\n", xkmsCtx->flags2);
+
+    fprintf(output, "<KeyInfoReadCtx>\n");
+    xmlSecKeyInfoCtxDebugXmlDump(&(xkmsCtx->keyInfoReadCtx), output);
+    fprintf(output, "</KeyInfoReadCtx>\n");
+
+    fprintf(output, "<KeyInfoWriteCtx>\n");
+    xmlSecKeyInfoCtxDebugXmlDump(&(xkmsCtx->keyInfoWriteCtx), output);
+    fprintf(output, "</KeyInfoWriteCtx>\n");
+    
+    
+    fprintf(output, "</DataEncryptionContext>\n");
+}
+
+#endif /* XMLSEC_NO_XKMS */
+