1--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am	2009-06-25 22:53:18.000000000 +0200
2+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am	2009-09-21 14:02:48.563253008 +0200
3@@ -3,6 +3,7 @@
4 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
5
6 xmlsecmscryptoinc_HEADERS = \
7+akmngr.h \
8 app.h \
9 certkeys.h \
10 crypto.h \
11--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in	2009-06-25 22:53:30.000000000 +0200
12+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in	2009-09-21 14:02:48.571021349 +0200
13@@ -281,6 +281,7 @@
14 NULL =
15 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
16 xmlsecmscryptoinc_HEADERS = \
17+akmngr.h \
18 app.h \
19 certkeys.h \
20 crypto.h \
21--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h	2009-09-21 14:07:19.052318336 +0200
22+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h	2009-09-21 14:02:48.504966762 +0200
23@@ -1 +1,71 @@
24-dummy
25+/**
26+ * XMLSec library
27+ *
28+ * This is free software; see Copyright file in the source
29+ * distribution for preciese wording.
30+ *
31+ * Copyright ..........................
32+ */
33+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
34+#define __XMLSEC_MSCRYPTO_AKMNGR_H__
35+
36+#include <windows.h>
37+#include <wincrypt.h>
38+
39+#include <xmlsec/xmlsec.h>
40+#include <xmlsec/keys.h>
41+#include <xmlsec/transforms.h>
42+
43+#ifdef __cplusplus
44+extern "C" {
45+#endif /* __cplusplus */
46+
47+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
48+xmlSecMSCryptoAppliedKeysMngrCreate(
49+    HCERTSTORE keyStore ,
50+    HCERTSTORE certStore
51+) ;
52+
53+XMLSEC_CRYPTO_EXPORT int
54+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
55+	xmlSecKeysMngrPtr	mngr ,
56+	HCRYPTKEY	symKey
57+) ;
58+
59+XMLSEC_CRYPTO_EXPORT int
60+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
61+	xmlSecKeysMngrPtr	mngr ,
62+	HCRYPTKEY	pubKey
63+) ;
64+
65+XMLSEC_CRYPTO_EXPORT int
66+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
67+	xmlSecKeysMngrPtr	mngr ,
68+	HCRYPTKEY	priKey
69+) ;
70+
71+XMLSEC_CRYPTO_EXPORT int
72+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
73+	xmlSecKeysMngrPtr	mngr ,
74+	HCERTSTORE keyStore
75+) ;
76+
77+XMLSEC_CRYPTO_EXPORT int
78+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
79+	xmlSecKeysMngrPtr	mngr ,
80+	HCERTSTORE trustedStore
81+) ;
82+
83+XMLSEC_CRYPTO_EXPORT int
84+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
85+	xmlSecKeysMngrPtr	mngr ,
86+	HCERTSTORE untrustedStore
87+) ;
88+
89+#ifdef __cplusplus
90+}
91+#endif /* __cplusplus */
92+
93+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
94+
95+
96--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am	2009-06-25 22:53:18.000000000 +0200
97+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am	2009-09-21 14:02:48.577933031 +0200
98@@ -10,6 +10,9 @@
99 keysstore.h \
100 pkikeys.h \
101 x509.h \
102+akmngr.h \
103+tokens.h \
104+ciphers.h \
105 $(NULL)
106
107 install-exec-hook:
108--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in	2009-06-25 22:53:31.000000000 +0200
109+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in	2009-09-21 14:02:48.585376325 +0200
110@@ -288,6 +288,9 @@
111 keysstore.h \
112 pkikeys.h \
113 x509.h \
114+akmngr.h \
115+tokens.h \
116+ciphers.h \
117 $(NULL)
118
119 all: all-am
120--- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h	2009-09-21 14:07:19.105517659 +0200
121+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h	2009-09-21 14:02:48.510978278 +0200
122@@ -1 +1,56 @@
123-dummy
124+/**
125+ * XMLSec library
126+ *
127+ * This is free software; see Copyright file in the source
128+ * distribution for preciese wording.
129+ *
130+ * Copyright ..........................
131+ */
132+#ifndef __XMLSEC_NSS_AKMNGR_H__
133+#define __XMLSEC_NSS_AKMNGR_H__
134+
135+#include <nss.h>
136+#include <nspr.h>
137+#include <pk11func.h>
138+#include <cert.h>
139+
140+#include <xmlsec/xmlsec.h>
141+#include <xmlsec/keys.h>
142+#include <xmlsec/transforms.h>
143+
144+#ifdef __cplusplus
145+extern "C" {
146+#endif /* __cplusplus */
147+
148+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
149+xmlSecNssAppliedKeysMngrCreate(
150+    PK11SlotInfo** slots,
151+	int cSlots,
152+    CERTCertDBHandle* handler
153+) ;
154+
155+XMLSEC_CRYPTO_EXPORT int
156+xmlSecNssAppliedKeysMngrSymKeyLoad(
157+	xmlSecKeysMngrPtr	mngr ,
158+	PK11SymKey*			symKey
159+) ;
160+
161+XMLSEC_CRYPTO_EXPORT int
162+xmlSecNssAppliedKeysMngrPubKeyLoad(
163+	xmlSecKeysMngrPtr	mngr ,
164+	SECKEYPublicKey*	pubKey
165+) ;
166+
167+XMLSEC_CRYPTO_EXPORT int
168+xmlSecNssAppliedKeysMngrPriKeyLoad(
169+	xmlSecKeysMngrPtr	mngr ,
170+	SECKEYPrivateKey*	priKey
171+) ;
172+
173+#ifdef __cplusplus
174+}
175+#endif /* __cplusplus */
176+
177+#endif /* __XMLSEC_NSS_AKMNGR_H__ */
178+
179+
180--- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h	2009-06-25 22:53:18.000000000 +0200
181+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h	2009-09-21 14:02:48.612847068 +0200
182@@ -22,6 +22,9 @@
183 #include <xmlsec/keysmngr.h>
184 #include <xmlsec/transforms.h>
185
186+#include <xmlsec/nss/tokens.h>
187+#include <xmlsec/nss/akmngr.h>
188+
189 /**
190  * Init/shutdown
191  */
192@@ -36,6 +39,8 @@
193 									    xmlSecKeyPtr key);
194 XMLSEC_CRYPTO_EXPORT int 		xmlSecNssAppDefaultKeysMngrLoad	(xmlSecKeysMngrPtr mngr,
195 									 const char* uri);
196+XMLSEC_CRYPTO_EXPORT int		xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
197+									 xmlSecNssKeySlotPtr keySlot);
198 XMLSEC_CRYPTO_EXPORT int 		xmlSecNssAppDefaultKeysMngrSave	(xmlSecKeysMngrPtr mngr,
199 									 const char* filename,
200 									 xmlSecKeyDataType type);
201--- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h	2009-09-21 14:07:19.146496548 +0200
202+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h	2009-09-21 14:02:48.516689712 +0200
203@@ -1 +1,35 @@
204-dummy
205+/**
206+ * XMLSec library
207+ *
208+ * This is free software; see Copyright file in the source
209+ * distribution for preciese wording.
210+ *
211+ * Copyright ..........................
212+ */
213+#ifndef __XMLSEC_NSS_CIPHERS_H__
214+#define __XMLSEC_NSS_CIPHERS_H__
215+
216+#ifdef __cplusplus
217+extern "C" {
218+#endif /* __cplusplus */
219+
220+#include <xmlsec/xmlsec.h>
221+#include <xmlsec/keys.h>
222+#include <xmlsec/transforms.h>
223+
224+
225+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
226+									PK11SymKey* symkey ) ;
227+
228+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
229+
230+XMLSEC_CRYPTO_EXPORT PK11SymKey*   xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
231+
232+
233+#ifdef __cplusplus
234+}
235+#endif /* __cplusplus */
236+
237+#endif /* __XMLSEC_NSS_CIPHERS_H__ */
238+
239+
240--- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h	2009-06-25 22:53:18.000000000 +0200
241+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h	2009-09-21 14:02:48.626261748 +0200
242@@ -16,6 +16,8 @@
243 #endif /* __cplusplus */
244
245 #include <xmlsec/xmlsec.h>
246+#include <xmlsec/keysmngr.h>
247+#include <xmlsec/nss/tokens.h>
248
249 /****************************************************************************
250  *
251@@ -31,6 +33,8 @@
252 XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId	xmlSecNssKeysStoreGetKlass	(void);
253 XMLSEC_CRYPTO_EXPORT int		xmlSecNssKeysStoreAdoptKey	(xmlSecKeyStorePtr store,
254 									 xmlSecKeyPtr key);
255+XMLSEC_CRYPTO_EXPORT int		xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
256+									 xmlSecNssKeySlotPtr keySlot);
257 XMLSEC_CRYPTO_EXPORT int		xmlSecNssKeysStoreLoad 	(xmlSecKeyStorePtr store,
258 								 const char *uri,
259 								 xmlSecKeysMngrPtr keysMngr);
260--- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h	2009-09-21 14:07:19.172421448 +0200
261+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h	2009-09-21 14:02:48.522913605 +0200
262@@ -1 +1,182 @@
263-dummy
264+/**
265+ * XMLSec library
266+ *
267+ * This is free software; see Copyright file in the source
268+ * distribution for preciese wording.
269+ *
270+ * Copyright (c) 2003 Sun Microsystems, Inc.  All rights reserved.
271+ *
272+ * Contributor(s): _____________________________
273+ *
274+ */
275+#ifndef __XMLSEC_NSS_TOKENS_H__
276+#define __XMLSEC_NSS_TOKENS_H__
277+
278+#include <string.h>
279+
280+#include <nss.h>
281+#include <pk11func.h>
282+
283+#include <xmlsec/xmlsec.h>
284+#include <xmlsec/list.h>
285+
286+#ifdef __cplusplus
287+extern "C" {
288+#endif /* __cplusplus */
289+
290+/**
291+ * xmlSecNssKeySlotListId
292+ *
293+ * The crypto mechanism list klass
294+ */
295+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
296+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
297+
298+/*******************************************
299+ * KeySlot interfaces
300+ *******************************************/
301+/**
302+ * Internal NSS key slot data
303+ * @mechanismList:		the mechanisms that the slot bound with.
304+ * @slot:				the pkcs slot
305+ *
306+ * This context is located after xmlSecPtrList
307+ */
308+typedef struct _xmlSecNssKeySlot	xmlSecNssKeySlot ;
309+typedef struct _xmlSecNssKeySlot*	xmlSecNssKeySlotPtr ;
310+
311+struct _xmlSecNssKeySlot {
312+	CK_MECHANISM_TYPE_PTR	mechanismList ; /* mech. array, NULL ternimated */
313+	PK11SlotInfo*			slot ;
314+} ;
315+
316+XMLSEC_CRYPTO_EXPORT int
317+xmlSecNssKeySlotSetMechList(
318+	xmlSecNssKeySlotPtr keySlot ,
319+	CK_MECHANISM_TYPE_PTR mechanismList
320+) ;
321+
322+XMLSEC_CRYPTO_EXPORT int
323+xmlSecNssKeySlotEnableMech(
324+	xmlSecNssKeySlotPtr keySlot ,
325+	CK_MECHANISM_TYPE mechanism
326+) ;
327+
328+XMLSEC_CRYPTO_EXPORT int
329+xmlSecNssKeySlotDisableMech(
330+	xmlSecNssKeySlotPtr keySlot ,
331+	CK_MECHANISM_TYPE mechanism
332+) ;
333+
334+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
335+xmlSecNssKeySlotGetMechList(
336+    xmlSecNssKeySlotPtr keySlot
337+) ;
338+
339+XMLSEC_CRYPTO_EXPORT int
340+xmlSecNssKeySlotSetSlot(
341+    xmlSecNssKeySlotPtr keySlot ,
342+	PK11SlotInfo* slot
343+) ;
344+
345+XMLSEC_CRYPTO_EXPORT int
346+xmlSecNssKeySlotInitialize(
347+    xmlSecNssKeySlotPtr keySlot ,
348+	PK11SlotInfo* slot
349+) ;
350+
351+XMLSEC_CRYPTO_EXPORT void
352+xmlSecNssKeySlotFinalize(
353+    xmlSecNssKeySlotPtr keySlot
354+) ;
355+
356+XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
357+xmlSecNssKeySlotGetSlot(
358+	xmlSecNssKeySlotPtr keySlot
359+) ;
360+
361+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
362+xmlSecNssKeySlotCreate() ;
363+
364+XMLSEC_CRYPTO_EXPORT int
365+xmlSecNssKeySlotCopy(
366+	xmlSecNssKeySlotPtr newKeySlot ,
367+	xmlSecNssKeySlotPtr keySlot
368+) ;
369+
370+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
371+xmlSecNssKeySlotDuplicate(
372+	xmlSecNssKeySlotPtr keySlot
373+) ;
374+
375+XMLSEC_CRYPTO_EXPORT void
376+xmlSecNssKeySlotDestroy(
377+	    xmlSecNssKeySlotPtr keySlot
378+) ;
379+
380+XMLSEC_CRYPTO_EXPORT int
381+xmlSecNssKeySlotBindMech(
382+	xmlSecNssKeySlotPtr keySlot ,
383+	CK_MECHANISM_TYPE type
384+) ;
385+
386+XMLSEC_CRYPTO_EXPORT int
387+xmlSecNssKeySlotSupportMech(
388+	xmlSecNssKeySlotPtr keySlot ,
389+	CK_MECHANISM_TYPE type
390+) ;
391+
392+
393+/************************************************************************
394+ * PKCS#11 crypto token interfaces
395+ *
396+ * A PKCS#11 slot repository will be defined internally. From the
397+ * repository, a user can specify a particular slot for a certain crypto
398+ * mechanism.
399+ *
400+ * In some situation, some cryptographic operation should act in a user
401+ * designated devices. The interfaces defined here provide the way. If
402+ * the user do not initialize the repository distinctly, the interfaces
403+ * use the default functions provided by NSS itself.
404+ *
405+ ************************************************************************/
406+/**
407+ * Initialize NSS pkcs#11 slot repository
408+ *
409+ * Returns 0 if success or -1 if an error occurs.
410+ */
411+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
412+
413+/**
414+ * Shutdown and destroy NSS pkcs#11 slot repository
415+ */
416+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
417+
418+/**
419+ * Get PKCS#11 slot handler
420+ * @type	the mechanism that the slot must support.
421+ *
422+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
423+ *
424+ * Notes: The returned handler must be destroied distinctly.
425+ */
426+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
427+
428+/**
429+ * Adopt a pkcs#11 slot with a mechanism into the repository
430+ * @slot:	the pkcs#11 slot.
431+ * @mech:	the mechanism.
432+ *
433+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
434+ * this mechanism only can perform on the @slot.
435+ *
436+ * Returns 0 if success or -1 if an error occurs.
437+ */
438+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
439+
440+#ifdef __cplusplus
441+}
442+#endif /* __cplusplus */
443+
444+#endif	/* __XMLSEC_NSS_TOKENS_H__ */
445+
446--- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c	2009-09-21 14:07:19.078910929 +0200
447+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c	2009-09-21 14:02:48.531281225 +0200
448@@ -1 +1,236 @@
449-dummy
450+/**
451+ * XMLSec library
452+ *
453+ * This is free software; see Copyright file in the source
454+ * distribution for preciese wording.
455+ *
456+ * Copyright.........................
457+ */
458+#include "globals.h"
459+
460+#include <xmlsec/xmlsec.h>
461+#include <xmlsec/keys.h>
462+#include <xmlsec/keysmngr.h>
463+#include <xmlsec/transforms.h>
464+#include <xmlsec/errors.h>
465+
466+#include <xmlsec/mscrypto/crypto.h>
467+#include <xmlsec/mscrypto/keysstore.h>
468+#include <xmlsec/mscrypto/akmngr.h>
469+#include <xmlsec/mscrypto/x509.h>
470+
471+/**
472+ * xmlSecMSCryptoAppliedKeysMngrCreate:
473+ * @hKeyStore:		the pointer to key store.
474+ * @hCertStore:		the pointer to certificate database.
475+ *
476+ * Create and load key store and certificate database into keys manager
477+ *
478+ * Returns keys manager pointer on success or NULL otherwise.
479+ */
480+xmlSecKeysMngrPtr
481+xmlSecMSCryptoAppliedKeysMngrCreate(
482+    HCERTSTORE hKeyStore ,
483+    HCERTSTORE hCertStore
484+) {
485+	xmlSecKeyDataStorePtr	certStore = NULL ;
486+	xmlSecKeysMngrPtr		keyMngr = NULL ;
487+	xmlSecKeyStorePtr		keyStore = NULL ;
488+
489+	keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
490+	if( keyStore == NULL ) {
491+		xmlSecError( XMLSEC_ERRORS_HERE ,
492+			NULL ,
493+			"xmlSecKeyStoreCreate" ,
494+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
495+			XMLSEC_ERRORS_NO_MESSAGE ) ;
496+		return NULL ;
497+	}
498+
499+	/*-
500+	 * At present, MS Crypto engine do not provide a way to setup a key store.
501+	 */
502+	if( keyStore != NULL ) {
503+		/*TODO: binding key store.*/
504+	}
505+
506+	keyMngr = xmlSecKeysMngrCreate() ;
507+	if( keyMngr == NULL ) {
508+		xmlSecError( XMLSEC_ERRORS_HERE ,
509+			NULL ,
510+			"xmlSecKeysMngrCreate" ,
511+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
512+			XMLSEC_ERRORS_NO_MESSAGE ) ;
513+
514+		xmlSecKeyStoreDestroy( keyStore ) ;
515+		return NULL ;
516+	}
517+
518+	/*-
519+	 * Add key store to manager, from now on keys manager destroys the store if
520+	 * needed
521+	 */
522+	if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
523+		xmlSecError( XMLSEC_ERRORS_HERE ,
524+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
525+			"xmlSecKeysMngrAdoptKeyStore" ,
526+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
527+			XMLSEC_ERRORS_NO_MESSAGE ) ;
528+
529+		xmlSecKeyStoreDestroy( keyStore ) ;
530+		xmlSecKeysMngrDestroy( keyMngr ) ;
531+		return NULL ;
532+	}
533+
534+	/*-
535+	 * Initialize crypto library specific data in keys manager
536+	 */
537+	if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
538+		xmlSecError( XMLSEC_ERRORS_HERE ,
539+			NULL ,
540+			"xmlSecMSCryptoKeysMngrInit" ,
541+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
542+			XMLSEC_ERRORS_NO_MESSAGE ) ;
543+
544+		xmlSecKeysMngrDestroy( keyMngr ) ;
545+		return NULL ;
546+	}
547+
548+	/*-
549+	 * Set certificate databse to X509 key data store
550+	 */
551+	/*-
552+	 * At present, MS Crypto engine do not provide a way to setup a cert store.
553+	 */
554+
555+	/*-
556+	 * Set the getKey callback
557+	 */
558+	keyMngr->getKey = xmlSecKeysMngrGetKey ;
559+
560+	return keyMngr ;
561+}
562+
563+int
564+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
565+	xmlSecKeysMngrPtr	mngr ,
566+	HCRYPTKEY			symKey
567+) {
568+	/*TODO: import the key into keys manager.*/
569+	return(0) ;
570+}
571+
572+int
573+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
574+	xmlSecKeysMngrPtr	mngr ,
575+	HCRYPTKEY	pubKey
576+) {
577+	/*TODO: import the key into keys manager.*/
578+	return(0) ;
579+}
580+
581+int
582+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
583+	xmlSecKeysMngrPtr	mngr ,
584+	HCRYPTKEY	priKey
585+) {
586+	/*TODO: import the key into keys manager.*/
587+	return(0) ;
588+}
589+
590+int
591+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
592+	xmlSecKeysMngrPtr	mngr ,
593+	HCERTSTORE keyStore
594+) {
595+	xmlSecKeyDataStorePtr x509Store ;
596+
597+	xmlSecAssert2( mngr != NULL, -1 ) ;
598+	xmlSecAssert2( keyStore != NULL, -1 ) ;
599+
600+    x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
601+	if( x509Store == NULL ) {
602+		xmlSecError( XMLSEC_ERRORS_HERE ,
603+			NULL ,
604+			"xmlSecKeysMngrGetDataStore" ,
605+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
606+			XMLSEC_ERRORS_NO_MESSAGE ) ;
607+		return( -1 ) ;
608+	}
609+
610+	if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
611+		xmlSecError( XMLSEC_ERRORS_HERE ,
612+			xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
613+			"xmlSecMSCryptoX509StoreAdoptKeyStore" ,
614+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
615+			XMLSEC_ERRORS_NO_MESSAGE ) ;
616+		return( -1 ) ;
617+	}
618+
619+	return( 0 ) ;
620+}
621+
622+int
623+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
624+	xmlSecKeysMngrPtr	mngr ,
625+	HCERTSTORE trustedStore
626+) {
627+	xmlSecKeyDataStorePtr x509Store ;
628+
629+	xmlSecAssert2( mngr != NULL, -1 ) ;
630+	xmlSecAssert2( trustedStore != NULL, -1 ) ;
631+
632+    x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
633+	if( x509Store == NULL ) {
634+		xmlSecError( XMLSEC_ERRORS_HERE ,
635+			NULL ,
636+			"xmlSecKeysMngrGetDataStore" ,
637+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
638+			XMLSEC_ERRORS_NO_MESSAGE ) ;
639+		return( -1 ) ;
640+	}
641+
642+	if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
643+		xmlSecError( XMLSEC_ERRORS_HERE ,
644+			xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
645+			"xmlSecMSCryptoX509StoreAdoptKeyStore" ,
646+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
647+			XMLSEC_ERRORS_NO_MESSAGE ) ;
648+		return( -1 ) ;
649+	}
650+
651+	return( 0 ) ;
652+}
653+
654+int
655+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
656+	xmlSecKeysMngrPtr	mngr ,
657+	HCERTSTORE untrustedStore
658+) {
659+	xmlSecKeyDataStorePtr x509Store ;
660+
661+	xmlSecAssert2( mngr != NULL, -1 ) ;
662+	xmlSecAssert2( untrustedStore != NULL, -1 ) ;
663+
664+    x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
665+	if( x509Store == NULL ) {
666+		xmlSecError( XMLSEC_ERRORS_HERE ,
667+			NULL ,
668+			"xmlSecKeysMngrGetDataStore" ,
669+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
670+			XMLSEC_ERRORS_NO_MESSAGE ) ;
671+		return( -1 ) ;
672+	}
673+
674+	if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
675+		xmlSecError( XMLSEC_ERRORS_HERE ,
676+			xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
677+			"xmlSecMSCryptoX509StoreAdoptKeyStore" ,
678+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
679+			XMLSEC_ERRORS_NO_MESSAGE ) ;
680+		return( -1 ) ;
681+	}
682+
683+	return( 0 ) ;
684+}
685+
686--- misc/xmlsec1-1.2.14/src/nss/Makefile.am	2009-06-25 22:53:18.000000000 +0200
687+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am	2009-09-21 14:02:48.591560472 +0200
688@@ -35,6 +35,9 @@
689 	kw_des.c \
690 	kw_aes.c \
691 	globals.h \
692+	akmngr.c \
693+	keywrapers.c \
694+	tokens.c \
695 	$(NULL)
696
697 if SHAREDLIB_HACK
698--- misc/xmlsec1-1.2.14/src/nss/Makefile.in	2009-06-25 22:53:33.000000000 +0200
699+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in	2009-09-21 14:02:48.599339718 +0200
700@@ -72,7 +72,8 @@
701 am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
702 	digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
703 	x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
704-	../strings.c
705+	../strings.c \
706+	akmngr.c keywrapers.c tokens.c
707 am__objects_1 =
708 @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
709 am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
710@@ -83,6 +84,8 @@
711 	libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
712 	libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
713 	libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
714+	libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \
715+	libxmlsec1_nss_la-tokens.lo \
716 	$(am__objects_1) $(am__objects_2)
717 libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
718 libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
719@@ -333,6 +336,7 @@
720 libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
721 	digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
722 	x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
723+	akmngr.c keywrapers.c tokens.c \
724 	$(NULL) $(am__append_1)
725 libxmlsec1_nss_la_LIBADD = \
726 	../libxmlsec1.la \
727@@ -439,6 +443,9 @@
728 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
729 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
730 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
731+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
732+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@
733+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
734
735 .c.o:
736 @am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
737@@ -468,6 +475,27 @@
738 @AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
739 @am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
740
741+libxmlsec1_nss_la-akmngr.lo: akmngr.c
742+@am__fastdepCC_TRUE@	if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
743+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
744+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
745+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
746+@am__fastdepCC_FALSE@	$(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
747+
748+libxmlsec1_nss_la-keywrapers.lo: keywrapers.c
749+@am__fastdepCC_TRUE@	if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \
750+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi
751+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@
752+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
753+@am__fastdepCC_FALSE@	$(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c
754+
755+libxmlsec1_nss_la-tokens.lo: tokens.c
756+@am__fastdepCC_TRUE@	if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
757+@am__fastdepCC_TRUE@	then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
758+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
759+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
760+@am__fastdepCC_FALSE@	$(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
761+
762 libxmlsec1_nss_la-bignum.lo: bignum.c
763 @am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
764 @am__fastdepCC_TRUE@	$(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
765--- misc/xmlsec1-1.2.14/src/nss/akmngr.c	2009-09-21 14:07:19.197249962 +0200
766+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c	2009-09-21 14:02:48.539616129 +0200
767@@ -1 +1,384 @@
768-dummy
769+/**
770+ * XMLSec library
771+ *
772+ * This is free software; see Copyright file in the source
773+ * distribution for preciese wording.
774+ *
775+ * Copyright.........................
776+ */
777+#include "globals.h"
778+
779+#include <nspr.h>
780+#include <nss.h>
781+#include <pk11func.h>
782+#include <cert.h>
783+#include <keyhi.h>
784+
785+#include <xmlsec/xmlsec.h>
786+#include <xmlsec/keys.h>
787+#include <xmlsec/transforms.h>
788+#include <xmlsec/errors.h>
789+
790+#include <xmlsec/nss/crypto.h>
791+#include <xmlsec/nss/tokens.h>
792+#include <xmlsec/nss/akmngr.h>
793+#include <xmlsec/nss/pkikeys.h>
794+#include <xmlsec/nss/ciphers.h>
795+#include <xmlsec/nss/keysstore.h>
796+
797+/**
798+ * xmlSecNssAppliedKeysMngrCreate:
799+ * @slot:			array of pointers to NSS PKCS#11 slot information.
800+ * @cSlots:			number of slots in the array
801+ * @handler:		the pointer to NSS certificate database.
802+ *
803+ * Create and load NSS crypto slot and certificate database into keys manager
804+ *
805+ * Returns keys manager pointer on success or NULL otherwise.
806+ */
807+xmlSecKeysMngrPtr
808+xmlSecNssAppliedKeysMngrCreate(
809+	PK11SlotInfo** slots,
810+	int cSlots,
811+	CERTCertDBHandle* handler
812+) {
813+	xmlSecKeyDataStorePtr	certStore = NULL ;
814+	xmlSecKeysMngrPtr		keyMngr = NULL ;
815+	xmlSecKeyStorePtr		keyStore = NULL ;
816+	int islot = 0;
817+	keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
818+	if( keyStore == NULL ) {
819+		xmlSecError( XMLSEC_ERRORS_HERE ,
820+			NULL ,
821+			"xmlSecKeyStoreCreate" ,
822+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
823+			XMLSEC_ERRORS_NO_MESSAGE ) ;
824+		return NULL ;
825+	}
826+
827+	for (islot = 0; islot < cSlots; islot++)
828+	{
829+		xmlSecNssKeySlotPtr		keySlot ;
830+
831+		/* Create a key slot */
832+		keySlot = xmlSecNssKeySlotCreate() ;
833+		if( keySlot == NULL ) {
834+			xmlSecError( XMLSEC_ERRORS_HERE ,
835+				xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
836+				"xmlSecNssKeySlotCreate" ,
837+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
838+				XMLSEC_ERRORS_NO_MESSAGE ) ;
839+
840+			xmlSecKeyStoreDestroy( keyStore ) ;
841+			return NULL ;
842+		}
843+
844+		/* Set slot */
845+		if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
846+			xmlSecError( XMLSEC_ERRORS_HERE ,
847+				xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
848+				"xmlSecNssKeySlotSetSlot" ,
849+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
850+				XMLSEC_ERRORS_NO_MESSAGE ) ;
851+
852+			xmlSecKeyStoreDestroy( keyStore ) ;
853+			xmlSecNssKeySlotDestroy( keySlot ) ;
854+			return NULL ;
855+		}
856+
857+		/* Adopt keySlot */
858+		if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
859+			xmlSecError( XMLSEC_ERRORS_HERE ,
860+				xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
861+				"xmlSecNssKeysStoreAdoptKeySlot" ,
862+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
863+				XMLSEC_ERRORS_NO_MESSAGE ) ;
864+
865+			xmlSecKeyStoreDestroy( keyStore ) ;
866+			xmlSecNssKeySlotDestroy( keySlot ) ;
867+			return NULL ;
868+		}
869+	}
870+
871+	keyMngr = xmlSecKeysMngrCreate() ;
872+	if( keyMngr == NULL ) {
873+		xmlSecError( XMLSEC_ERRORS_HERE ,
874+			NULL ,
875+			"xmlSecKeysMngrCreate" ,
876+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
877+			XMLSEC_ERRORS_NO_MESSAGE ) ;
878+
879+		xmlSecKeyStoreDestroy( keyStore ) ;
880+		return NULL ;
881+	}
882+
883+	/*-
884+	 * Add key store to manager, from now on keys manager destroys the store if
885+	 * needed
886+	 */
887+	if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
888+		xmlSecError( XMLSEC_ERRORS_HERE ,
889+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
890+			"xmlSecKeysMngrAdoptKeyStore" ,
891+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
892+			XMLSEC_ERRORS_NO_MESSAGE ) ;
893+
894+		xmlSecKeyStoreDestroy( keyStore ) ;
895+		xmlSecKeysMngrDestroy( keyMngr ) ;
896+		return NULL ;
897+	}
898+
899+	/*-
900+	 * Initialize crypto library specific data in keys manager
901+	 */
902+	if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
903+		xmlSecError( XMLSEC_ERRORS_HERE ,
904+			NULL ,
905+			"xmlSecKeysMngrCreate" ,
906+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
907+			XMLSEC_ERRORS_NO_MESSAGE ) ;
908+
909+		xmlSecKeysMngrDestroy( keyMngr ) ;
910+		return NULL ;
911+	}
912+
913+	/*-
914+	 * Set certificate databse to X509 key data store
915+	 */
916+	/**
917+	 * Because Tej's implementation of certDB use the default DB, so I ignore
918+	 * the certDB handler at present. I'll modify the cert store sources to
919+	 * accept particular certDB instead of default ones.
920+	certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
921+	if( certStore == NULL ) {
922+		xmlSecError( XMLSEC_ERRORS_HERE ,
923+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
924+			"xmlSecKeysMngrGetDataStore" ,
925+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
926+			XMLSEC_ERRORS_NO_MESSAGE ) ;
927+
928+		xmlSecKeysMngrDestroy( keyMngr ) ;
929+		return NULL ;
930+	}
931+
932+	if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
933+		xmlSecError( XMLSEC_ERRORS_HERE ,
934+			xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
935+			"xmlSecNssKeyDataStoreX509SetCertDb" ,
936+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
937+			XMLSEC_ERRORS_NO_MESSAGE ) ;
938+
939+		xmlSecKeysMngrDestroy( keyMngr ) ;
940+		return NULL ;
941+	}
942+	*/
943+
944+	/*-
945+	 * Set the getKey callback
946+	 */
947+	keyMngr->getKey = xmlSecKeysMngrGetKey ;
948+
949+	return keyMngr ;
950+}
951+
952+int
953+xmlSecNssAppliedKeysMngrSymKeyLoad(
954+	xmlSecKeysMngrPtr	mngr ,
955+	PK11SymKey*			symKey
956+) {
957+	xmlSecKeyPtr		key ;
958+	xmlSecKeyDataPtr	data ;
959+	xmlSecKeyStorePtr	keyStore ;
960+
961+	xmlSecAssert2( mngr != NULL , -1 ) ;
962+	xmlSecAssert2( symKey != NULL , -1 ) ;
963+
964+	keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
965+	if( keyStore == NULL ) {
966+		xmlSecError( XMLSEC_ERRORS_HERE ,
967+			NULL ,
968+			"xmlSecKeysMngrGetKeysStore" ,
969+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
970+			XMLSEC_ERRORS_NO_MESSAGE ) ;
971+		return(-1) ;
972+	}
973+	xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
974+
975+	data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
976+	if( data == NULL ) {
977+		xmlSecError( XMLSEC_ERRORS_HERE ,
978+			NULL ,
979+			"xmlSecNssSymKeyDataKeyAdopt" ,
980+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
981+			XMLSEC_ERRORS_NO_MESSAGE ) ;
982+		return(-1) ;
983+	}
984+
985+	key = xmlSecKeyCreate() ;
986+	if( key == NULL ) {
987+		xmlSecError( XMLSEC_ERRORS_HERE ,
988+			NULL ,
989+			"xmlSecNssSymKeyDataKeyAdopt" ,
990+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
991+			XMLSEC_ERRORS_NO_MESSAGE ) ;
992+		xmlSecKeyDataDestroy( data ) ;
993+		return(-1) ;
994+	}
995+
996+	if( xmlSecKeySetValue( key , data ) < 0 ) {
997+		xmlSecError( XMLSEC_ERRORS_HERE ,
998+			NULL ,
999+			"xmlSecNssSymKeyDataKeyAdopt" ,
1000+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1001+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1002+		xmlSecKeyDataDestroy( data ) ;
1003+		return(-1) ;
1004+	}
1005+
1006+	if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
1007+		xmlSecError( XMLSEC_ERRORS_HERE ,
1008+			NULL ,
1009+			"xmlSecNssSymKeyDataKeyAdopt" ,
1010+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1011+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1012+		xmlSecKeyDestroy( key ) ;
1013+		return(-1) ;
1014+	}
1015+
1016+	return(0) ;
1017+}
1018+
1019+int
1020+xmlSecNssAppliedKeysMngrPubKeyLoad(
1021+	xmlSecKeysMngrPtr	mngr ,
1022+	SECKEYPublicKey*	pubKey
1023+) {
1024+	xmlSecKeyPtr		key ;
1025+	xmlSecKeyDataPtr	data ;
1026+	xmlSecKeyStorePtr	keyStore ;
1027+
1028+	xmlSecAssert2( mngr != NULL , -1 ) ;
1029+	xmlSecAssert2( pubKey != NULL , -1 ) ;
1030+
1031+	keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
1032+	if( keyStore == NULL ) {
1033+		xmlSecError( XMLSEC_ERRORS_HERE ,
1034+			NULL ,
1035+			"xmlSecKeysMngrGetKeysStore" ,
1036+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1037+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1038+		return(-1) ;
1039+	}
1040+	xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
1041+
1042+	data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
1043+	if( data == NULL ) {
1044+		xmlSecError( XMLSEC_ERRORS_HERE ,
1045+			NULL ,
1046+			"xmlSecNssPKIAdoptKey" ,
1047+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1048+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1049+		return(-1) ;
1050+	}
1051+
1052+	key = xmlSecKeyCreate() ;
1053+	if( key == NULL ) {
1054+		xmlSecError( XMLSEC_ERRORS_HERE ,
1055+			NULL ,
1056+			"xmlSecNssSymKeyDataKeyAdopt" ,
1057+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1058+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1059+		xmlSecKeyDataDestroy( data ) ;
1060+		return(-1) ;
1061+	}
1062+
1063+	if( xmlSecKeySetValue( key , data ) < 0 ) {
1064+		xmlSecError( XMLSEC_ERRORS_HERE ,
1065+			NULL ,
1066+			"xmlSecNssSymKeyDataKeyAdopt" ,
1067+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1068+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1069+		xmlSecKeyDataDestroy( data ) ;
1070+		return(-1) ;
1071+	}
1072+
1073+	if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
1074+		xmlSecError( XMLSEC_ERRORS_HERE ,
1075+			NULL ,
1076+			"xmlSecNssSymKeyDataKeyAdopt" ,
1077+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1078+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1079+		xmlSecKeyDestroy( key ) ;
1080+		return(-1) ;
1081+	}
1082+
1083+	return(0) ;
1084+}
1085+
1086+int
1087+xmlSecNssAppliedKeysMngrPriKeyLoad(
1088+	xmlSecKeysMngrPtr	mngr ,
1089+	SECKEYPrivateKey*	priKey
1090+) {
1091+	xmlSecKeyPtr		key ;
1092+	xmlSecKeyDataPtr	data ;
1093+	xmlSecKeyStorePtr	keyStore ;
1094+
1095+	xmlSecAssert2( mngr != NULL , -1 ) ;
1096+	xmlSecAssert2( priKey != NULL , -1 ) ;
1097+
1098+	keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
1099+	if( keyStore == NULL ) {
1100+		xmlSecError( XMLSEC_ERRORS_HERE ,
1101+			NULL ,
1102+			"xmlSecKeysMngrGetKeysStore" ,
1103+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1104+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1105+		return(-1) ;
1106+	}
1107+	xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
1108+
1109+	data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
1110+	if( data == NULL ) {
1111+		xmlSecError( XMLSEC_ERRORS_HERE ,
1112+			NULL ,
1113+			"xmlSecNssPKIAdoptKey" ,
1114+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1115+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1116+		return(-1) ;
1117+	}
1118+
1119+	key = xmlSecKeyCreate() ;
1120+	if( key == NULL ) {
1121+		xmlSecError( XMLSEC_ERRORS_HERE ,
1122+			NULL ,
1123+			"xmlSecNssSymKeyDataKeyAdopt" ,
1124+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1125+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1126+		xmlSecKeyDataDestroy( data ) ;
1127+		return(-1) ;
1128+	}
1129+
1130+	if( xmlSecKeySetValue( key , data ) < 0 ) {
1131+		xmlSecError( XMLSEC_ERRORS_HERE ,
1132+			NULL ,
1133+			"xmlSecNssSymKeyDataKeyAdopt" ,
1134+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1135+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1136+		xmlSecKeyDataDestroy( data ) ;
1137+		return(-1) ;
1138+	}
1139+
1140+	if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
1141+		xmlSecError( XMLSEC_ERRORS_HERE ,
1142+			NULL ,
1143+			"xmlSecNssSymKeyDataKeyAdopt" ,
1144+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1145+			XMLSEC_ERRORS_NO_MESSAGE ) ;
1146+		xmlSecKeyDestroy( key ) ;
1147+		return(-1) ;
1148+	}
1149+
1150+	return(0) ;
1151+}
1152+
1153--- misc/xmlsec1-1.2.14/src/nss/hmac.c	2009-06-26 06:18:13.000000000 +0200
1154+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c	2009-09-21 14:02:48.649065288 +0200
1155@@ -23,8 +23,8 @@
1156 #include <xmlsec/transforms.h>
1157 #include <xmlsec/errors.h>
1158
1159-#include <xmlsec/nss/app.h>
1160 #include <xmlsec/nss/crypto.h>
1161+#include <xmlsec/nss/tokens.h>
1162
1163 /* sizes in bits */
1164 #define XMLSEC_NSS_MIN_HMAC_SIZE		80
1165@@ -286,13 +286,13 @@
1166     keyItem.data = xmlSecBufferGetData(buffer);
1167     keyItem.len  = xmlSecBufferGetSize(buffer);
1168
1169-    slot = PK11_GetBestSlot(ctx->digestType, NULL);
1170+    slot = xmlSecNssSlotGet(ctx->digestType);
1171     if(slot == NULL) {
1172 	xmlSecError(XMLSEC_ERRORS_HERE,
1173 		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1174-		    "PK11_GetBestSlot",
1175+		    "xmlSecNssSlotGet",
1176 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
1177-		    XMLSEC_ERRORS_NO_MESSAGE);
1178+		    "error code=%d", PORT_GetError());
1179 	return(-1);
1180     }
1181
1182--- misc/xmlsec1-1.2.14/src/nss/keysstore.c	2009-06-25 22:53:18.000000000 +0200
1183+++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c	2009-09-21 14:02:48.633533885 +0200
1184@@ -1,36 +1,56 @@
1185 /**
1186  * XMLSec library
1187  *
1188- * Nss keys store that uses Simple Keys Store under the hood. Uses the
1189- * Nss DB as a backing store for the finding keys, but the NSS DB is
1190- * not written to by the keys store.
1191- * So, if store->findkey is done and the key is not found in the simple
1192- * keys store, the NSS DB is looked up.
1193- * If store is called to adopt a key, that key is not written to the NSS
1194- * DB.
1195- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
1196- * source of keys for xmlsec
1197- *
1198  * This is free software; see Copyright file in the source
1199  * distribution for precise wording.
1200  *
1201  * Copyright (c) 2003 America Online, Inc.  All rights reserved.
1202  */
1203+
1204+/**
1205+ * NSS key store uses a key list and a slot list as the key repository. NSS slot
1206+ * list is a backup repository for the finding keys. If a key is not found from
1207+ * the key list, the NSS slot list is looked up.
1208+ *
1209+ * Any key in the key list will not save to pkcs11 slot. When a store to called
1210+ * to adopt a key, the key is resident in the key list; While a store to called
1211+ * to set a is resident in the key list; While a store to called to set a slot
1212+ * list, which means that the keys in the listed slot can be used for xml sign-
1213+ * nature or encryption.
1214+ *
1215+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
1216+ *
1217+ * The framework will decrease the user interfaces to administrate xmlSec crypto
1218+ * engine. He can only focus on NSS layer functions. For examples, after the
1219+ * user set up a slot list handler to the keys store, he do not need to do any
1220+ * other work atop xmlSec interfaces, his action on the slot list handler, such
1221+ * as add a token to, delete a token from the list, will directly effect the key
1222+ * store behaviors.
1223+ *
1224+ * For example, a scenariio:
1225+ * 0. Create a slot list;( NSS interfaces )
1226+ * 1. Create a keys store;( xmlSec interfaces )
1227+ * 2. Set slot list with the keys store;( xmlSec Interfaces )
1228+ * 3. Add a slot to the slot list;( NSS interfaces )
1229+ * 4. Perform xml signature; ( xmlSec Interfaces )
1230+ * 5. Deleter a slot from the slot list;( NSS interfaces )
1231+ * 6. Perform xml encryption; ( xmlSec Interfaces )
1232+ * 7. Perform xml signature;( xmlSec Interfaces )
1233+ * 8. Destroy the keys store;( xmlSec Interfaces )
1234+ * 8. Destroy the slot list.( NSS Interfaces )
1235+ */
1236 #include "globals.h"
1237
1238 #include <stdlib.h>
1239 #include <string.h>
1240
1241 #include <nss.h>
1242-#include <cert.h>
1243 #include <pk11func.h>
1244+#include <prinit.h>
1245 #include <keyhi.h>
1246
1247-#include <libxml/tree.h>
1248-
1249 #include <xmlsec/xmlsec.h>
1250-#include <xmlsec/buffer.h>
1251-#include <xmlsec/base64.h>
1252+#include <xmlsec/keys.h>
1253 #include <xmlsec/errors.h>
1254 #include <xmlsec/xmltree.h>
1255
1256@@ -38,82 +58,461 @@
1257
1258 #include <xmlsec/nss/crypto.h>
1259 #include <xmlsec/nss/keysstore.h>
1260-#include <xmlsec/nss/x509.h>
1261+#include <xmlsec/nss/tokens.h>
1262+#include <xmlsec/nss/ciphers.h>
1263 #include <xmlsec/nss/pkikeys.h>
1264
1265 /****************************************************************************
1266  *
1267- * Nss Keys Store. Uses Simple Keys Store under the hood
1268+ * Internal NSS key store context
1269  *
1270- * Simple Keys Store ptr is located after xmlSecKeyStore
1271+ * This context is located after xmlSecKeyStore
1272  *
1273  ***************************************************************************/
1274+typedef struct _xmlSecNssKeysStoreCtx  xmlSecNssKeysStoreCtx ;
1275+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
1276+
1277+struct _xmlSecNssKeysStoreCtx {
1278+       xmlSecPtrListPtr                keyList ;
1279+       xmlSecPtrListPtr                slotList ;
1280+} ;
1281+
1282 #define xmlSecNssKeysStoreSize \
1283-	(sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
1284+	( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
1285
1286-#define xmlSecNssKeysStoreGetSS(store) \
1287-    ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
1288-     (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
1289-     (xmlSecKeyStorePtr*)NULL)
1290-
1291-static int			xmlSecNssKeysStoreInitialize	(xmlSecKeyStorePtr store);
1292-static void			xmlSecNssKeysStoreFinalize	(xmlSecKeyStorePtr store);
1293-static xmlSecKeyPtr 		xmlSecNssKeysStoreFindKey	(xmlSecKeyStorePtr store,
1294-								 const xmlChar* name,
1295-								 xmlSecKeyInfoCtxPtr keyInfoCtx);
1296+#define xmlSecNssKeysStoreGetCtx( data ) \
1297+       ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
1298
1299-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
1300-    sizeof(xmlSecKeyStoreKlass),
1301-    xmlSecNssKeysStoreSize,
1302+int xmlSecNssKeysStoreAdoptKeySlot(
1303+       xmlSecKeyStorePtr               store ,
1304+       xmlSecNssKeySlotPtr             keySlot
1305+) {
1306+       xmlSecNssKeysStoreCtxPtr context = NULL ;
1307+
1308+       xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
1309+       xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
1310+       context = xmlSecNssKeysStoreGetCtx( store ) ;
1311+       if( context == NULL ) {
1312+               xmlSecError( XMLSEC_ERRORS_HERE ,
1313+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1314+                       "xmlSecNssKeysStoreGetCtx" ,
1315+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1316+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1317+               return -1 ;
1318+       }
1319+
1320+       if( context->slotList == NULL ) {
1321+               if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
1322+                       xmlSecError( XMLSEC_ERRORS_HERE ,
1323+                               xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1324+                               "xmlSecPtrListCreate" ,
1325+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1326+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
1327+                       return -1 ;
1328+               }
1329+       }
1330+
1331+       if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
1332+               xmlSecError( XMLSEC_ERRORS_HERE ,
1333+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1334+                       "xmlSecPtrListCheckId" ,
1335+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1336+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1337+               return -1 ;
1338+       }
1339+
1340+       if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
1341+               xmlSecError( XMLSEC_ERRORS_HERE ,
1342+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1343+                       "xmlSecPtrListAdd" ,
1344+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1345+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1346+               return -1 ;
1347+       }
1348+       return 0 ;
1349+}
1350
1351-    /* data */
1352-    BAD_CAST "NSS-keys-store",		/* const xmlChar* name; */
1353-
1354-    /* constructors/destructor */
1355-    xmlSecNssKeysStoreInitialize,	/* xmlSecKeyStoreInitializeMethod initialize; */
1356-    xmlSecNssKeysStoreFinalize,		/* xmlSecKeyStoreFinalizeMethod finalize; */
1357-    xmlSecNssKeysStoreFindKey,		/* xmlSecKeyStoreFindKeyMethod findKey; */
1358-
1359-    /* reserved for the future */
1360-    NULL,				/* void* reserved0; */
1361-    NULL,				/* void* reserved1; */
1362-};
1363+int xmlSecNssKeysStoreAdoptKey(
1364+       xmlSecKeyStorePtr       store ,
1365+       xmlSecKeyPtr            key
1366+) {
1367+       xmlSecNssKeysStoreCtxPtr context = NULL ;
1368+
1369+       xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
1370+       xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
1371+
1372+       context = xmlSecNssKeysStoreGetCtx( store ) ;
1373+       if( context == NULL ) {
1374+               xmlSecError( XMLSEC_ERRORS_HERE ,
1375+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1376+                       "xmlSecNssKeysStoreGetCtx" ,
1377+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1378+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1379+               return -1 ;
1380+       }
1381+
1382+       if( context->keyList == NULL ) {
1383+               if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
1384+                       xmlSecError( XMLSEC_ERRORS_HERE ,
1385+                               xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1386+                               "xmlSecPtrListCreate" ,
1387+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1388+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
1389+                       return -1 ;
1390+               }
1391+       }
1392+
1393+       if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
1394+               xmlSecError( XMLSEC_ERRORS_HERE ,
1395+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1396+                       "xmlSecPtrListCheckId" ,
1397+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1398+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1399+               return -1 ;
1400+       }
1401+
1402+       if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
1403+               xmlSecError( XMLSEC_ERRORS_HERE ,
1404+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1405+                       "xmlSecPtrListAdd" ,
1406+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1407+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1408+               return -1 ;
1409+       }
1410
1411-/**
1412- * xmlSecNssKeysStoreGetKlass:
1413- *
1414- * The Nss list based keys store klass.
1415+       return 0 ;
1416+}
1417+
1418+/*
1419+ * xmlSecKeyStoreInitializeMethod:
1420+ * @store:             the store.
1421+ *
1422+ * Keys store specific initialization method.
1423  *
1424- * Returns: Nss list based keys store klass.
1425+ * Returns 0 on success or a negative value if an error occurs.
1426  */
1427-xmlSecKeyStoreId
1428-xmlSecNssKeysStoreGetKlass(void) {
1429-    return(&xmlSecNssKeysStoreKlass);
1430+static int
1431+xmlSecNssKeysStoreInitialize(
1432+       xmlSecKeyStorePtr store
1433+) {
1434+       xmlSecNssKeysStoreCtxPtr context = NULL ;
1435+
1436+       xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
1437+       xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
1438+
1439+       context = xmlSecNssKeysStoreGetCtx( store ) ;
1440+       if( context == NULL ) {
1441+               xmlSecError( XMLSEC_ERRORS_HERE ,
1442+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1443+                       "xmlSecNssKeysStoreGetCtx" ,
1444+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1445+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1446+               return -1 ;
1447+       }
1448+
1449+       context->keyList = NULL ;
1450+       context->slotList = NULL ;
1451+
1452+       return 0 ;
1453 }
1454
1455 /**
1456- * xmlSecNssKeysStoreAdoptKey:
1457- * @store:		the pointer to Nss keys store.
1458- * @key:		the pointer to key.
1459- *
1460- * Adds @key to the @store.
1461  *
1462- * Returns: 0 on success or a negative value if an error occurs.
1463+ * xmlSecKeyStoreFinalizeMethod:
1464+ * @store:             the store.
1465+ *
1466+ * Keys store specific finalization (destroy) method.
1467  */
1468-int
1469-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
1470-    xmlSecKeyStorePtr *ss;
1471-
1472-    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
1473-    xmlSecAssert2((key != NULL), -1);
1474+void
1475+xmlSecNssKeysStoreFinalize(
1476+       xmlSecKeyStorePtr store
1477+) {
1478+       xmlSecNssKeysStoreCtxPtr context = NULL ;
1479+
1480+       xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
1481+       xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
1482+
1483+       context = xmlSecNssKeysStoreGetCtx( store ) ;
1484+       if( context == NULL ) {
1485+               xmlSecError( XMLSEC_ERRORS_HERE ,
1486+                       xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1487+                       "xmlSecNssKeysStoreGetCtx" ,
1488+                       XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1489+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
1490+               return ;
1491+       }
1492+
1493+       if( context->keyList != NULL ) {
1494+               xmlSecPtrListDestroy( context->keyList ) ;
1495+               context->keyList = NULL ;
1496+       }
1497+
1498+       if( context->slotList != NULL ) {
1499+               xmlSecPtrListDestroy( context->slotList ) ;
1500+               context->slotList = NULL ;
1501+       }
1502+}
1503+
1504+xmlSecKeyPtr
1505+xmlSecNssKeysStoreFindKeyFromSlot(
1506+       PK11SlotInfo* slot,
1507+       const xmlChar* name,
1508+       xmlSecKeyInfoCtxPtr keyInfoCtx
1509+) {
1510+       xmlSecKeyPtr            key = NULL ;
1511+       xmlSecKeyDataPtr        data = NULL ;
1512+       int                                     length ;
1513+
1514+       xmlSecAssert2( slot != NULL , NULL ) ;
1515+       xmlSecAssert2( name != NULL , NULL ) ;
1516+       xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
1517+
1518+       if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
1519+               PK11SymKey*                     symKey ;
1520+               PK11SymKey*                     curKey ;
1521+
1522+               /* Find symmetric key from the slot by name */
1523+               symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
1524+               for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
1525+                       /* Check the key request */
1526+                       length = PK11_GetKeyLength( curKey ) ;
1527+                       length *= 8 ;
1528+                       if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
1529+                               ( length > 0 ) &&
1530+                               ( length < keyInfoCtx->keyReq.keyBitsSize ) )
1531+                               continue ;
1532+
1533+                       /* We find a eligible key */
1534+                       data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
1535+                       if( data == NULL ) {
1536+                               /* Do nothing */
1537+                       }
1538+                       break ;
1539+               }
1540+
1541+               /* Destroy the sym key list */
1542+               for( curKey = symKey ; curKey != NULL ; ) {
1543+                       symKey = curKey ;
1544+                       curKey = PK11_GetNextSymKey( symKey ) ;
1545+                       PK11_FreeSymKey( symKey ) ;
1546+               }
1547+       } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
1548+               SECKEYPublicKeyList*            pubKeyList ;
1549+               SECKEYPublicKey*                        pubKey ;
1550+               SECKEYPublicKeyListNode*        curPub ;
1551+
1552+               /* Find asymmetric key from the slot by name */
1553+               pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
1554+               pubKey = NULL ;
1555+               curPub = PUBKEY_LIST_HEAD(pubKeyList);
1556+               for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
1557+                       /* Check the key request */
1558+                       length = SECKEY_PublicKeyStrength( curPub->key ) ;
1559+                       length *= 8 ;
1560+                       if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
1561+                               ( length > 0 ) &&
1562+                               ( length < keyInfoCtx->keyReq.keyBitsSize ) )
1563+                               continue ;
1564+
1565+                       /* We find a eligible key */
1566+                       pubKey = curPub->key ;
1567+                       break ;
1568+               }
1569+
1570+               if( pubKey != NULL ) {
1571+                       data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
1572+                       if( data == NULL ) {
1573+                               /* Do nothing */
1574+                       }
1575+               }
1576+
1577+               /* Destroy the public key list */
1578+               SECKEY_DestroyPublicKeyList( pubKeyList ) ;
1579+       } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
1580+               SECKEYPrivateKeyList*           priKeyList = NULL ;
1581+               SECKEYPrivateKey*                       priKey = NULL ;
1582+               SECKEYPrivateKeyListNode*       curPri ;
1583+
1584+               /* Find asymmetric key from the slot by name */
1585+               priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
1586+               priKey = NULL ;
1587+               curPri = PRIVKEY_LIST_HEAD(priKeyList);
1588+               for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
1589+                       /* Check the key request */
1590+                       length = PK11_SignatureLen( curPri->key ) ;
1591+                       length *= 8 ;
1592+                       if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
1593+                               ( length > 0 ) &&
1594+                               ( length < keyInfoCtx->keyReq.keyBitsSize ) )
1595+                               continue ;
1596+
1597+                       /* We find a eligible key */
1598+                       priKey = curPri->key ;
1599+                       break ;
1600+               }
1601+
1602+               if( priKey != NULL ) {
1603+                       data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
1604+                       if( data == NULL ) {
1605+                               /* Do nothing */
1606+                       }
1607+               }
1608+
1609+               /* Destroy the private key list */
1610+               SECKEY_DestroyPrivateKeyList( priKeyList ) ;
1611+       }
1612+
1613+       /* If we have gotten the key value */
1614+       if( data != NULL ) {
1615+               if( ( key = xmlSecKeyCreate() ) == NULL ) {
1616+                       xmlSecError( XMLSEC_ERRORS_HERE ,
1617+                               NULL ,
1618+                               "xmlSecKeyCreate" ,
1619+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1620+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
1621+
1622+                       xmlSecKeyDataDestroy( data ) ;
1623+                       return NULL ;
1624+               }
1625+
1626+               if( xmlSecKeySetValue( key , data ) < 0 ) {
1627+                       xmlSecError( XMLSEC_ERRORS_HERE ,
1628+                               NULL ,
1629+                               "xmlSecKeySetValue" ,
1630+                               XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1631+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
1632+
1633+                       xmlSecKeyDestroy( key ) ;
1634+                       xmlSecKeyDataDestroy( data ) ;
1635+                       return NULL ;
1636+               }
1637+       }
1638
1639-    ss = xmlSecNssKeysStoreGetSS(store);
1640-    xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
1641-		   (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
1642+    return(key);
1643+}
1644+
1645+/**
1646+ * xmlSecKeyStoreFindKeyMethod:
1647+ * @store:             the store.
1648+ * @name:              the desired key name.
1649+ * @keyInfoCtx:        the pointer to key info context.
1650+ *
1651+ * Keys store specific find method. The caller is responsible for destroying
1652+ * the returned key using #xmlSecKeyDestroy method.
1653+ *
1654+ * Returns the pointer to a key or NULL if key is not found or an error occurs.
1655+ */
1656+static xmlSecKeyPtr
1657+xmlSecNssKeysStoreFindKey(
1658+       xmlSecKeyStorePtr store ,
1659+       const xmlChar* name ,
1660+       xmlSecKeyInfoCtxPtr keyInfoCtx
1661+) {
1662+    xmlSecNssKeysStoreCtxPtr context = NULL ;
1663+    xmlSecKeyPtr    key = NULL ;
1664+    xmlSecNssKeySlotPtr     keySlot = NULL ;
1665+    xmlSecSize              pos ;
1666+    xmlSecSize              size ;
1667+
1668+    xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
1669+    xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
1670+    xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
1671+
1672+    context = xmlSecNssKeysStoreGetCtx( store ) ;
1673+    if( context == NULL ) {
1674+            xmlSecError( XMLSEC_ERRORS_HERE ,
1675+                    xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1676+                    "xmlSecNssKeysStoreGetCtx" ,
1677+                    XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1678+                    XMLSEC_ERRORS_NO_MESSAGE ) ;
1679+            return NULL ;
1680+    }
1681+
1682+    /*-
1683+     * Look for key at keyList at first.
1684+     */
1685+    if( context->keyList != NULL ) {
1686+            size = xmlSecPtrListGetSize( context->keyList ) ;
1687+            for( pos = 0 ; pos < size ; pos ++ ) {
1688+                    key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
1689+                    if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
1690+                            return xmlSecKeyDuplicate( key ) ;
1691+                    }
1692+            }
1693+    }
1694+
1695+    /*-
1696+     * Find the key from slotList
1697+     */
1698+    if( context->slotList != NULL ) {
1699+            PK11SlotInfo*                   slot = NULL ;
1700+
1701+            size = xmlSecPtrListGetSize( context->slotList ) ;
1702+            for( pos = 0 ; pos < size ; pos ++ ) {
1703+                    keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
1704+                    slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
1705+                    if( slot == NULL ) {
1706+                            continue ;
1707+                    } else {
1708+                            key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
1709+                            if( key == NULL ) {
1710+                                    continue ;
1711+                            } else {
1712+                                    return( key ) ;
1713+                            }
1714+                    }
1715+            }
1716+    }
1717+
1718+    /*-
1719+     * Create a session key if we can not find the key from keyList and slotList
1720+     */
1721+    if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
1722+            key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
1723+            if( key == NULL ) {
1724+                    xmlSecError( XMLSEC_ERRORS_HERE ,
1725+                            xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1726+                            "xmlSecKeySetValue" ,
1727+                            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1728+                            XMLSEC_ERRORS_NO_MESSAGE ) ;
1729+                    return NULL ;
1730+            }
1731+
1732+            return key ;
1733+    }
1734+
1735+   /**
1736+    * We have no way to find the key any more.
1737+    */
1738+    return NULL ;
1739+}
1740+
1741+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
1742+       sizeof( xmlSecKeyStoreKlass ) ,
1743+       xmlSecNssKeysStoreSize ,
1744+       BAD_CAST "implicit_nss_keys_store" ,
1745+       xmlSecNssKeysStoreInitialize ,
1746+       xmlSecNssKeysStoreFinalize ,
1747+       xmlSecNssKeysStoreFindKey ,
1748+       NULL ,
1749+       NULL
1750+} ;
1751
1752-    return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
1753+/**
1754+ * xmlSecNssKeysStoreGetKlass:
1755+ *
1756+ * The simple list based keys store klass.
1757+ *
1758+ */
1759+xmlSecKeyStoreId
1760+xmlSecNssKeysStoreGetKlass( void ) {
1761+    return &xmlSecNssKeysStoreKlass ;
1762 }
1763
1764+/**************************
1765+ * Application routines
1766+ */
1767+
1768 /**
1769  * xmlSecNssKeysStoreLoad:
1770  * @store:		the pointer to Nss keys store.
1771@@ -252,234 +651,147 @@
1772  */
1773 int
1774 xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
1775-    xmlSecKeyStorePtr *ss;
1776+    xmlSecKeyInfoCtx keyInfoCtx;
1777+    xmlSecNssKeysStoreCtxPtr context ;
1778+    xmlSecPtrListPtr list;
1779+    xmlSecKeyPtr key;
1780+    xmlSecSize i, keysSize;
1781+    xmlDocPtr doc;
1782+    xmlNodePtr cur;
1783+    xmlSecKeyDataPtr data;
1784+    xmlSecPtrListPtr idsList;
1785+    xmlSecKeyDataId dataId;
1786+    xmlSecSize idsSize, j;
1787+    int ret;
1788
1789     xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
1790-    xmlSecAssert2((filename != NULL), -1);
1791-
1792-    ss = xmlSecNssKeysStoreGetSS(store);
1793-    xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
1794-		   (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
1795-
1796-    return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
1797-}
1798-
1799-static int
1800-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
1801-    xmlSecKeyStorePtr *ss;
1802+    xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
1803+    xmlSecAssert2(filename != NULL, -1);
1804
1805-    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
1806+    context = xmlSecNssKeysStoreGetCtx( store ) ;
1807+    xmlSecAssert2( context != NULL, -1 );
1808
1809-    ss = xmlSecNssKeysStoreGetSS(store);
1810-    xmlSecAssert2((*ss == NULL), -1);
1811+    list = context->keyList ;
1812+       xmlSecAssert2( list != NULL, -1 );
1813+    xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
1814
1815-    *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
1816-    if(*ss == NULL) {
1817-	xmlSecError(XMLSEC_ERRORS_HERE,
1818+    /* create doc */
1819+    doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
1820+    if(doc == NULL) {
1821+	    xmlSecError(XMLSEC_ERRORS_HERE,
1822 		    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1823-		    "xmlSecKeyStoreCreate",
1824+		    "xmlSecCreateTree",
1825 		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
1826-		    "xmlSecSimpleKeysStoreId");
1827+		    XMLSEC_ERRORS_NO_MESSAGE);
1828 	return(-1);
1829     }
1830
1831-    return(0);
1832-}
1833-
1834-static void
1835-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
1836-    xmlSecKeyStorePtr *ss;
1837-
1838-    xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
1839-
1840-    ss = xmlSecNssKeysStoreGetSS(store);
1841-    xmlSecAssert((ss != NULL) && (*ss != NULL));
1842-
1843-    xmlSecKeyStoreDestroy(*ss);
1844-}
1845-
1846-static xmlSecKeyPtr
1847-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
1848-		          xmlSecKeyInfoCtxPtr keyInfoCtx) {
1849-    xmlSecKeyStorePtr* ss;
1850-    xmlSecKeyPtr key = NULL;
1851-    xmlSecKeyPtr retval = NULL;
1852-    xmlSecKeyReqPtr keyReq = NULL;
1853-    CERTCertificate *cert = NULL;
1854-    SECKEYPublicKey *pubkey = NULL;
1855-    SECKEYPrivateKey *privkey = NULL;
1856-    xmlSecKeyDataPtr data = NULL;
1857-    xmlSecKeyDataPtr x509Data = NULL;
1858-    int ret;
1859-
1860-    xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
1861-    xmlSecAssert2(keyInfoCtx != NULL, NULL);
1862-
1863-    ss = xmlSecNssKeysStoreGetSS(store);
1864-    xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
1865-
1866-    key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
1867-    if (key != NULL) {
1868-	return (key);
1869-    }
1870-
1871-    /* Try to find the key in the NSS DB, and construct an xmlSecKey.
1872-     * we must have a name to lookup keys in NSS DB.
1873-     */
1874-    if (name == NULL) {
1875-	goto done;
1876-    }
1877+    idsList = xmlSecKeyDataIdsGet();
1878+    xmlSecAssert2(idsList != NULL, -1);
1879
1880-    /* what type of key are we looking for?
1881-     * TBD: For now, we'll look only for public/private keys using the
1882-     * name as a cert nickname. Later on, we can attempt to find
1883-     * symmetric keys using PK11_FindFixedKey
1884-     */
1885-    keyReq = &(keyInfoCtx->keyReq);
1886-    if (keyReq->keyType &
1887-	(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
1888-	cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
1889-	if (cert == NULL) {
1890-	    goto done;
1891-	}
1892+    keysSize = xmlSecPtrListGetSize(list);
1893+    idsSize = xmlSecPtrListGetSize(idsList);
1894+    for(i = 0; i < keysSize; ++i) {
1895+        key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
1896+        xmlSecAssert2(key != NULL, -1);
1897
1898-	if (keyReq->keyType & xmlSecKeyDataTypePublic) {
1899- 	    pubkey = CERT_ExtractPublicKey(cert);
1900-	    if (pubkey == NULL) {
1901+        cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
1902+        if(cur == NULL) {
1903 		xmlSecError(XMLSEC_ERRORS_HERE,
1904-			    NULL,
1905-			    "CERT_ExtractPublicKey",
1906-			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
1907-			    XMLSEC_ERRORS_NO_MESSAGE);
1908-		goto done;
1909-	    }
1910+                    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1911+                    "xmlSecAddChild",
1912+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
1913+                    "node=%s",
1914+                    xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
1915+            xmlFreeDoc(doc);
1916+            return(-1);
1917 	}
1918
1919-	if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
1920- 	    privkey = PK11_FindKeyByAnyCert(cert, NULL);
1921-	    if (privkey == NULL) {
1922+        /* special data key name */
1923+        if(xmlSecKeyGetName(key) != NULL) {
1924+            if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
1925 		xmlSecError(XMLSEC_ERRORS_HERE,
1926-			    NULL,
1927-			    "PK11_FindKeyByAnyCert",
1928-			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
1929-			    XMLSEC_ERRORS_NO_MESSAGE);
1930-		goto done;
1931+                xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1932+                "xmlSecAddChild",
1933+                XMLSEC_ERRORS_R_XMLSEC_FAILED,
1934+                "node=%s",
1935+                xmlSecErrorsSafeString(xmlSecNodeKeyName));
1936+            xmlFreeDoc(doc);
1937+            return(-1);
1938 	    }
1939 	}
1940
1941-	data = xmlSecNssPKIAdoptKey(privkey, pubkey);
1942-	if(data == NULL) {
1943-	    xmlSecError(XMLSEC_ERRORS_HERE,
1944-			NULL,
1945-			"xmlSecNssPKIAdoptKey",
1946-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
1947-			XMLSEC_ERRORS_NO_MESSAGE);
1948-	    goto done;
1949-	}
1950-	privkey = NULL;
1951-	pubkey = NULL;
1952-
1953-        key = xmlSecKeyCreate();
1954-        if (key == NULL) {
1955-	    xmlSecError(XMLSEC_ERRORS_HERE,
1956-			NULL,
1957-			"xmlSecKeyCreate",
1958-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
1959-			XMLSEC_ERRORS_NO_MESSAGE);
1960-	    return (NULL);
1961-        }
1962-
1963-	x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
1964-	if(x509Data == NULL) {
1965-	    xmlSecError(XMLSEC_ERRORS_HERE,
1966-			NULL,
1967-			"xmlSecKeyDataCreate",
1968-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
1969-			"transform=%s",
1970-			xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
1971-	    goto done;
1972-	}
1973+        /* create nodes for other keys data */
1974+        for(j = 0; j < idsSize; ++j) {
1975+            dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
1976+            xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
1977+
1978+            if(dataId->dataNodeName == NULL) {
1979+                continue;
1980+            }
1981+
1982+            data = xmlSecKeyGetData(key, dataId);
1983+            if(data == NULL) {
1984+                continue;
1985+	    }
1986
1987-	ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
1988-	if (ret < 0) {
1989-	    xmlSecError(XMLSEC_ERRORS_HERE,
1990-			NULL,
1991-			"xmlSecNssKeyDataX509AdoptKeyCert",
1992-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
1993-			"data=%s",
1994-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
1995-	    goto done;
1996-	}
1997-	cert = CERT_DupCertificate(cert);
1998-	if (cert == NULL) {
1999-	    xmlSecError(XMLSEC_ERRORS_HERE,
2000-			NULL,
2001-			"CERT_DupCertificate",
2002-			XMLSEC_ERRORS_R_CRYPTO_FAILED,
2003-			"data=%s",
2004-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
2005-	    goto done;
2006+            if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
2007+	        xmlSecError(XMLSEC_ERRORS_HERE,
2008+                xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2009+                "xmlSecAddChild",
2010+		XMLSEC_ERRORS_R_XMLSEC_FAILED,
2011+                "node=%s",
2012+                xmlSecErrorsSafeString(dataId->dataNodeName));
2013+                xmlFreeDoc(doc);
2014+                return(-1);
2015+	    }
2016 	}
2017
2018-	ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
2019+	ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
2020 	if (ret < 0) {
2021 	    xmlSecError(XMLSEC_ERRORS_HERE,
2022-			NULL,
2023-			"xmlSecNssKeyDataX509AdoptCert",
2024+            xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2025+            "xmlSecKeyInfoCtxInitialize",
2026 			XMLSEC_ERRORS_R_XMLSEC_FAILED,
2027-			"data=%s",
2028-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
2029-	    goto done;
2030+            XMLSEC_ERRORS_NO_MESSAGE);
2031+            xmlFreeDoc(doc);
2032+            return(-1);
2033 	}
2034-	cert = NULL;
2035
2036-	ret = xmlSecKeySetValue(key, data);
2037-	if (ret < 0) {
2038-	    xmlSecError(XMLSEC_ERRORS_HERE,
2039-			NULL,
2040-			"xmlSecKeySetValue",
2041-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
2042-			"data=%s",
2043-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
2044-	    goto done;
2045-	}
2046-	data = NULL;
2047+        keyInfoCtx.mode                 = xmlSecKeyInfoModeWrite;
2048+        keyInfoCtx.keyReq.keyId         = xmlSecKeyDataIdUnknown;
2049+        keyInfoCtx.keyReq.keyType       = type;
2050+        keyInfoCtx.keyReq.keyUsage      = xmlSecKeyDataUsageAny;
2051
2052-	ret = xmlSecKeyAdoptData(key, x509Data);
2053+        /* finally write key in the node */
2054+        ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
2055 	if (ret < 0) {
2056 	    xmlSecError(XMLSEC_ERRORS_HERE,
2057-			NULL,
2058-			"xmlSecKeyAdoptData",
2059+            xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2060+            "xmlSecKeyInfoNodeWrite",
2061 			XMLSEC_ERRORS_R_XMLSEC_FAILED,
2062-			"data=%s",
2063-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
2064-	    goto done;
2065-	}
2066-	x509Data = NULL;
2067+            XMLSEC_ERRORS_NO_MESSAGE);
2068+        xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
2069+        xmlFreeDoc(doc);
2070+        return(-1);
2071+        }
2072
2073-	retval = key;
2074-	key = NULL;
2075+        xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
2076     }
2077
2078-done:
2079-    if (cert != NULL) {
2080-	CERT_DestroyCertificate(cert);
2081-    }
2082-    if (pubkey != NULL) {
2083-	SECKEY_DestroyPublicKey(pubkey);
2084-    }
2085-    if (privkey != NULL) {
2086-	SECKEY_DestroyPrivateKey(privkey);
2087-    }
2088-    if (data != NULL) {
2089-	xmlSecKeyDataDestroy(data);
2090-    }
2091-    if (x509Data != NULL) {
2092-	xmlSecKeyDataDestroy(x509Data);
2093-    }
2094-    if (key != NULL) {
2095-	xmlSecKeyDestroy(key);
2096+    /* now write result */
2097+    ret = xmlSaveFormatFile(filename, doc, 1);
2098+    if (ret < 0) {
2099+        xmlSecError(XMLSEC_ERRORS_HERE,
2100+                    xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2101+            "xmlSaveFormatFile",
2102+            XMLSEC_ERRORS_R_XML_FAILED,
2103+            "filename=%s",
2104+            xmlSecErrorsSafeString(filename));
2105+        xmlFreeDoc(doc);
2106+        return(-1);
2107     }
2108
2109-    return (retval);
2110+    xmlFreeDoc(doc);
2111+    return(0);
2112 }
2113--- misc/xmlsec1-1.2.14/src/nss/keywrapers.c	2009-09-21 14:07:19.223802688 +0200
2114+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c	2009-09-21 14:02:48.548869372 +0200
2115@@ -1 +1,1213 @@
2116-dummy
2117+/**
2118+ *
2119+ * XMLSec library
2120+ *
2121+ * AES Algorithm support
2122+ *
2123+ * This is free software; see Copyright file in the source
2124+ * distribution for preciese wording.
2125+ *
2126+ * Copyright .................................
2127+ */
2128+#include "globals.h"
2129+
2130+#include <stdlib.h>
2131+#include <stdio.h>
2132+#include <string.h>
2133+
2134+#include <nss.h>
2135+#include <pk11func.h>
2136+#include <hasht.h>
2137+
2138+#include <xmlsec/xmlsec.h>
2139+#include <xmlsec/xmltree.h>
2140+#include <xmlsec/keys.h>
2141+#include <xmlsec/transforms.h>
2142+#include <xmlsec/errors.h>
2143+
2144+#include <xmlsec/nss/crypto.h>
2145+#include <xmlsec/nss/ciphers.h>
2146+
2147+#define XMLSEC_NSS_AES128_KEY_SIZE		16
2148+#define XMLSEC_NSS_AES192_KEY_SIZE		24
2149+#define XMLSEC_NSS_AES256_KEY_SIZE		32
2150+#define XMLSEC_NSS_DES3_KEY_SIZE		24
2151+#define XMLSEC_NSS_DES3_KEY_LENGTH      24
2152+#define XMLSEC_NSS_DES3_IV_LENGTH       8
2153+#define XMLSEC_NSS_DES3_BLOCK_LENGTH    8
2154+
2155+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
2156+    0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
2157+};
2158+
2159+/*********************************************************************
2160+ *
2161+ * key wrap transforms
2162+ *
2163+ ********************************************************************/
2164+typedef struct _xmlSecNssKeyWrapCtx			xmlSecNssKeyWrapCtx ;
2165+typedef struct _xmlSecNssKeyWrapCtx*		xmlSecNssKeyWrapCtxPtr ;
2166+
2167+#define xmlSecNssKeyWrapSize	\
2168+	( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
2169+
2170+#define xmlSecNssKeyWrapGetCtx( transform ) \
2171+	( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
2172+
2173+struct _xmlSecNssKeyWrapCtx {
2174+	CK_MECHANISM_TYPE		cipher ;
2175+	PK11SymKey*				symkey ;
2176+	xmlSecKeyDataId			keyId ;
2177+	xmlSecBufferPtr			material ; /* to be encrypted/decrypted key material */
2178+} ;
2179+
2180+static int 		xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
2181+static void 	xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
2182+static int  	xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
2183+							 xmlSecKeyReqPtr keyReq);
2184+static int  	xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
2185+							 xmlSecKeyPtr key);
2186+static int  	xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
2187+							 int last,
2188+							 xmlSecTransformCtxPtr transformCtx);
2189+static xmlSecSize  	xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
2190+
2191+static int
2192+xmlSecNssKeyWrapCheckId(
2193+	xmlSecTransformPtr transform
2194+) {
2195+	#ifndef XMLSEC_NO_DES
2196+	if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
2197+		return(1);
2198+	}
2199+	#endif /* XMLSEC_NO_DES */
2200+
2201+	#ifndef XMLSEC_NO_AES
2202+	if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
2203+		xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
2204+		xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
2205+
2206+		return(1);
2207+    }
2208+	#endif /* XMLSEC_NO_AES */
2209+
2210+    return(0);
2211+}
2212+
2213+static xmlSecSize
2214+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
2215+#ifndef XMLSEC_NO_DES
2216+	if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
2217+		return(XMLSEC_NSS_DES3_KEY_SIZE);
2218+	} else
2219+#endif /* XMLSEC_NO_DES */
2220+
2221+#ifndef XMLSEC_NO_AES
2222+    if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
2223+		return(XMLSEC_NSS_AES128_KEY_SIZE);
2224+    } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
2225+		return(XMLSEC_NSS_AES192_KEY_SIZE);
2226+    } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
2227+		return(XMLSEC_NSS_AES256_KEY_SIZE);
2228+    } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
2229+		return(XMLSEC_NSS_AES256_KEY_SIZE);
2230+    } else
2231+#endif /* XMLSEC_NO_AES */
2232+
2233+	if(1)
2234+   		return(0);
2235+}
2236+
2237+
2238+static int
2239+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
2240+	xmlSecNssKeyWrapCtxPtr context ;
2241+    int ret;
2242+
2243+    xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
2244+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
2245+
2246+	context = xmlSecNssKeyWrapGetCtx( transform ) ;
2247+	xmlSecAssert2( context != NULL , -1 ) ;
2248+
2249+	#ifndef XMLSEC_NO_DES
2250+	if( transform->id == xmlSecNssTransformKWDes3Id ) {
2251+		context->cipher = CKM_DES3_CBC ;
2252+		context->keyId = xmlSecNssKeyDataDesId ;
2253+	} else
2254+	#endif		/* XMLSEC_NO_DES */
2255+
2256+	#ifndef XMLSEC_NO_AES
2257+	if( transform->id == xmlSecNssTransformKWAes128Id ) {
2258+	/*	context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
2259+		context->cipher = CKM_AES_CBC ;
2260+		context->keyId = xmlSecNssKeyDataAesId ;
2261+	} else
2262+	if( transform->id == xmlSecNssTransformKWAes192Id ) {
2263+	/*	context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
2264+		context->cipher = CKM_AES_CBC ;
2265+		context->keyId = xmlSecNssKeyDataAesId ;
2266+	} else
2267+	if( transform->id == xmlSecNssTransformKWAes256Id ) {
2268+	/*	context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
2269+		context->cipher = CKM_AES_CBC ;
2270+		context->keyId = xmlSecNssKeyDataAesId ;
2271+	} else
2272+	#endif		/* XMLSEC_NO_AES */
2273+
2274+
2275+	if( 1 ) {
2276+		xmlSecError( XMLSEC_ERRORS_HERE ,
2277+		    xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
2278+		    NULL ,
2279+		    XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2280+		    XMLSEC_ERRORS_NO_MESSAGE ) ;
2281+		return(-1);
2282+	}
2283+
2284+	context->symkey = NULL ;
2285+	context->material = NULL ;
2286+
2287+    return(0);
2288+}
2289+
2290+static void
2291+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
2292+	xmlSecNssKeyWrapCtxPtr context ;
2293+
2294+    xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
2295+    xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
2296+
2297+	context = xmlSecNssKeyWrapGetCtx( transform ) ;
2298+	xmlSecAssert( context != NULL ) ;
2299+
2300+	if( context->symkey != NULL ) {
2301+		PK11_FreeSymKey( context->symkey ) ;
2302+		context->symkey = NULL ;
2303+	}
2304+
2305+	if( context->material != NULL ) {
2306+		xmlSecBufferDestroy(context->material);
2307+		context->material = NULL ;
2308+	}
2309+}
2310+
2311+static int
2312+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,  xmlSecKeyReqPtr keyReq) {
2313+	xmlSecNssKeyWrapCtxPtr context ;
2314+	xmlSecSize cipherSize = 0 ;
2315+
2316+
2317+    xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
2318+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
2319+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
2320+    xmlSecAssert2(keyReq != NULL, -1);
2321+
2322+	context = xmlSecNssKeyWrapGetCtx( transform ) ;
2323+	xmlSecAssert2( context != NULL , -1 ) ;
2324+
2325+    keyReq->keyId 	 = context->keyId;
2326+    keyReq->keyType  = xmlSecKeyDataTypeSymmetric;
2327+    if(transform->operation == xmlSecTransformOperationEncrypt) {
2328+		keyReq->keyUsage = xmlSecKeyUsageEncrypt;
2329+    } else {
2330+		keyReq->keyUsage = xmlSecKeyUsageDecrypt;
2331+    }
2332+
2333+	keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
2334+
2335+    return(0);
2336+}
2337+
2338+static int
2339+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
2340+	xmlSecNssKeyWrapCtxPtr context = NULL ;
2341+	xmlSecKeyDataPtr	keyData = NULL ;
2342+	PK11SymKey*			symkey = NULL ;
2343+
2344+    xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
2345+    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
2346+    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
2347+    xmlSecAssert2(key != NULL, -1);
2348+
2349+	context = xmlSecNssKeyWrapGetCtx( transform ) ;
2350+	if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
2351+		xmlSecError( XMLSEC_ERRORS_HERE ,
2352+		    xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
2353+		    "xmlSecNssKeyWrapGetCtx" ,
2354+		    XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2355+		    XMLSEC_ERRORS_NO_MESSAGE ) ;
2356+		return(-1);
2357+	}
2358+	xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
2359+
2360+	keyData = xmlSecKeyGetValue( key ) ;
2361+	if( keyData == NULL ) {
2362+		xmlSecError( XMLSEC_ERRORS_HERE ,
2363+		    xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
2364+		    "xmlSecKeyGetValue" ,
2365+		    XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2366+		    XMLSEC_ERRORS_NO_MESSAGE ) ;
2367+		return(-1);
2368+	}
2369+
2370+	if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
2371+		xmlSecError( XMLSEC_ERRORS_HERE ,
2372+		    xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
2373+		    "xmlSecNssSymKeyDataGetKey" ,
2374+		    XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2375+		    XMLSEC_ERRORS_NO_MESSAGE ) ;
2376+		return(-1);
2377+	}
2378+
2379+	context->symkey = symkey ;
2380+
2381+	return(0) ;
2382+}
2383+
2384+/**
2385+ * key wrap transform
2386+ */
2387+static int
2388+xmlSecNssKeyWrapCtxInit(
2389+	xmlSecNssKeyWrapCtxPtr		ctx ,
2390+	xmlSecBufferPtr 			in ,
2391+	xmlSecBufferPtr 			out ,
2392+	int 						encrypt ,
2393+	xmlSecTransformCtxPtr 		transformCtx
2394+) {
2395+	xmlSecSize			blockSize ;
2396+
2397+	xmlSecAssert2( ctx != NULL , -1 ) ;
2398+	xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2399+	xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2400+	xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2401+	xmlSecAssert2( in != NULL , -1 ) ;
2402+	xmlSecAssert2( out != NULL , -1 ) ;
2403+	xmlSecAssert2( transformCtx != NULL , -1 ) ;
2404+
2405+	if( ctx->material != NULL ) {
2406+		xmlSecBufferDestroy( ctx->material ) ;
2407+		ctx->material = NULL ;
2408+	}
2409+
2410+	if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
2411+		xmlSecError( XMLSEC_ERRORS_HERE ,
2412+			NULL ,
2413+			"PK11_GetBlockSize" ,
2414+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2415+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2416+		return(-1);
2417+	}
2418+
2419+	ctx->material = xmlSecBufferCreate( blockSize ) ;
2420+	if( ctx->material == NULL ) {
2421+		xmlSecError( XMLSEC_ERRORS_HERE ,
2422+			NULL ,
2423+			"xmlSecBufferCreate" ,
2424+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2425+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2426+		return(-1);
2427+	}
2428+
2429+	/* read raw key material into context */
2430+	if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
2431+		xmlSecError( XMLSEC_ERRORS_HERE ,
2432+			NULL ,
2433+			"xmlSecBufferSetData" ,
2434+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2435+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2436+		return(-1);
2437+	}
2438+
2439+	if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
2440+		xmlSecError( XMLSEC_ERRORS_HERE ,
2441+			NULL ,
2442+			"xmlSecBufferRemoveHead" ,
2443+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2444+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2445+		return(-1);
2446+	}
2447+
2448+	return(0);
2449+}
2450+
2451+/**
2452+ * key wrap transform update
2453+ */
2454+static int
2455+xmlSecNssKeyWrapCtxUpdate(
2456+	xmlSecNssKeyWrapCtxPtr		ctx ,
2457+	xmlSecBufferPtr 			in ,
2458+	xmlSecBufferPtr 			out ,
2459+	int 						encrypt ,
2460+	xmlSecTransformCtxPtr 		transformCtx
2461+) {
2462+	xmlSecAssert2( ctx != NULL , -1 ) ;
2463+	xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2464+	xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2465+	xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2466+	xmlSecAssert2( ctx->material != NULL , -1 ) ;
2467+	xmlSecAssert2( in != NULL , -1 ) ;
2468+	xmlSecAssert2( out != NULL , -1 ) ;
2469+	xmlSecAssert2( transformCtx != NULL , -1 ) ;
2470+
2471+	/* read raw key material and append into context */
2472+	if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
2473+		xmlSecError( XMLSEC_ERRORS_HERE ,
2474+			NULL ,
2475+			"xmlSecBufferAppend" ,
2476+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2477+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2478+		return(-1);
2479+	}
2480+
2481+	if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
2482+		xmlSecError( XMLSEC_ERRORS_HERE ,
2483+			NULL ,
2484+			"xmlSecBufferRemoveHead" ,
2485+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2486+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2487+		return(-1);
2488+	}
2489+
2490+	return(0);
2491+}
2492+
2493+static int
2494+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
2495+    xmlSecSize s;
2496+    xmlSecSize i;
2497+    xmlSecByte c;
2498+
2499+    xmlSecAssert2(buf != NULL, -1);
2500+
2501+    s = size / 2;
2502+    --size;
2503+    for(i = 0; i < s; ++i) {
2504+	c = buf[i];
2505+	buf[i] = buf[size - i];
2506+	buf[size - i] = c;
2507+    }
2508+    return(0);
2509+}
2510+
2511+static xmlSecByte *
2512+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
2513+		     xmlSecByte *out, xmlSecSize outSize)
2514+{
2515+    PK11Context *context = NULL;
2516+    SECStatus s;
2517+    xmlSecByte *digest = NULL;
2518+    unsigned int len;
2519+
2520+    xmlSecAssert2(in != NULL, NULL);
2521+    xmlSecAssert2(out != NULL, NULL);
2522+    xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
2523+
2524+    /* Create a context for hashing (digesting) */
2525+    context = PK11_CreateDigestContext(SEC_OID_SHA1);
2526+    if (context == NULL) {
2527+	xmlSecError(XMLSEC_ERRORS_HERE,
2528+		    NULL,
2529+		    "PK11_CreateDigestContext",
2530+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2531+		    "error code = %d", PORT_GetError());
2532+	goto done;
2533+    }
2534+
2535+    s = PK11_DigestBegin(context);
2536+    if (s != SECSuccess) {
2537+	xmlSecError(XMLSEC_ERRORS_HERE,
2538+		    NULL,
2539+		    "PK11_DigestBegin",
2540+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2541+		    "error code = %d", PORT_GetError());
2542+	goto done;
2543+    }
2544+
2545+    s = PK11_DigestOp(context, in, inSize);
2546+    if (s != SECSuccess) {
2547+	xmlSecError(XMLSEC_ERRORS_HERE,
2548+		    NULL,
2549+		    "PK11_DigestOp",
2550+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2551+		    "error code = %d", PORT_GetError());
2552+	goto done;
2553+    }
2554+
2555+    s = PK11_DigestFinal(context, out, &len, outSize);
2556+    if (s != SECSuccess) {
2557+	xmlSecError(XMLSEC_ERRORS_HERE,
2558+		    NULL,
2559+		    "PK11_DigestFinal",
2560+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2561+		    "error code = %d", PORT_GetError());
2562+	goto done;
2563+    }
2564+    xmlSecAssert2(len == SHA1_LENGTH, NULL);
2565+
2566+    digest = out;
2567+
2568+done:
2569+    if (context != NULL) {
2570+	PK11_DestroyContext(context, PR_TRUE);
2571+    }
2572+    return (digest);
2573+}
2574+
2575+static int
2576+xmlSecNssKWDes3Encrypt(
2577+	PK11SymKey*					symKey ,
2578+	CK_MECHANISM_TYPE			cipherMech ,
2579+    const xmlSecByte*			iv ,
2580+	xmlSecSize					ivSize ,
2581+    const xmlSecByte*			in ,
2582+	xmlSecSize					inSize ,
2583+    xmlSecByte*     			out ,
2584+	xmlSecSize					outSize ,
2585+	int							enc
2586+) {
2587+    PK11Context*        EncContext = NULL;
2588+	SECItem				ivItem ;
2589+	SECItem*			secParam = NULL ;
2590+    int					tmp1_outlen;
2591+    unsigned int		tmp2_outlen;
2592+	int                 result_len = -1;
2593+	SECStatus           rv;
2594+
2595+	xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
2596+	xmlSecAssert2( symKey != NULL , -1 ) ;
2597+    xmlSecAssert2(iv != NULL, -1);
2598+    xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
2599+    xmlSecAssert2(in != NULL, -1);
2600+    xmlSecAssert2(inSize > 0, -1);
2601+    xmlSecAssert2(out != NULL, -1);
2602+    xmlSecAssert2(outSize >= inSize, -1);
2603+
2604+	/* Prepare IV */
2605+	ivItem.data = ( unsigned char* )iv ;
2606+	ivItem.len = ivSize ;
2607+
2608+    secParam = PK11_ParamFromIV(cipherMech, &ivItem);
2609+    if (secParam == NULL) {
2610+		xmlSecError(XMLSEC_ERRORS_HERE,
2611+		    NULL,
2612+		    "PK11_ParamFromIV",
2613+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2614+		    "Error code = %d", PORT_GetError());
2615+		goto done;
2616+    }
2617+
2618+    EncContext = PK11_CreateContextBySymKey(cipherMech,
2619+		    			    enc ? CKA_ENCRYPT : CKA_DECRYPT,
2620+					    symKey, secParam);
2621+    if (EncContext == NULL) {
2622+		xmlSecError(XMLSEC_ERRORS_HERE,
2623+		    NULL,
2624+		    "PK11_CreateContextBySymKey",
2625+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2626+		    "Error code = %d", PORT_GetError());
2627+		goto done;
2628+    }
2629+
2630+    tmp1_outlen = tmp2_outlen = 0;
2631+    rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
2632+		       (unsigned char *)in, inSize);
2633+    if (rv != SECSuccess) {
2634+		xmlSecError(XMLSEC_ERRORS_HERE,
2635+		    NULL,
2636+		    "PK11_CipherOp",
2637+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2638+		    "Error code = %d", PORT_GetError());
2639+		goto done;
2640+    }
2641+
2642+    rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
2643+		    	  &tmp2_outlen, outSize-tmp1_outlen);
2644+    if (rv != SECSuccess) {
2645+		xmlSecError(XMLSEC_ERRORS_HERE,
2646+		    NULL,
2647+		    "PK11_DigestFinal",
2648+		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2649+		    "Error code = %d", PORT_GetError());
2650+		goto done;
2651+    }
2652+
2653+    result_len = tmp1_outlen + tmp2_outlen;
2654+
2655+done:
2656+    if (secParam) {
2657+		SECITEM_FreeItem(secParam, PR_TRUE);
2658+    }
2659+    if (EncContext) {
2660+	PK11_DestroyContext(EncContext, PR_TRUE);
2661+    }
2662+
2663+    return(result_len);
2664+}
2665+
2666+static int
2667+xmlSecNssKeyWrapDesOp(
2668+	xmlSecNssKeyWrapCtxPtr		ctx ,
2669+	int 						encrypt ,
2670+	xmlSecBufferPtr 			result
2671+) {
2672+    xmlSecByte sha1[SHA1_LENGTH];
2673+    xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
2674+    xmlSecByte* in;
2675+    xmlSecSize inSize;
2676+    xmlSecByte* out;
2677+    xmlSecSize outSize;
2678+    xmlSecSize s;
2679+    int ret;
2680+    SECStatus status;
2681+
2682+	xmlSecAssert2( ctx != NULL , -1 ) ;
2683+	xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2684+	xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2685+	xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2686+	xmlSecAssert2( ctx->material != NULL , -1 ) ;
2687+	xmlSecAssert2( result != NULL , -1 ) ;
2688+
2689+	in = xmlSecBufferGetData(ctx->material);
2690+	inSize = xmlSecBufferGetSize(ctx->material) ;
2691+	out = xmlSecBufferGetData(result);
2692+	outSize = xmlSecBufferGetMaxSize(result) ;
2693+	if( encrypt ) {
2694+    	/* step 2: calculate sha1 and CMS */
2695+    	if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
2696+			xmlSecError(XMLSEC_ERRORS_HERE,
2697+			    NULL,
2698+			    "xmlSecNssComputeSHA1",
2699+			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
2700+			    XMLSEC_ERRORS_NO_MESSAGE);
2701+			return(-1);
2702+    	}
2703+
2704+	    /* step 3: construct WKCKS */
2705+    	memcpy(out, in, inSize);
2706+	    memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
2707+
2708+    	/* step 4: generate random iv */
2709+    	status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
2710+    	if(status != SECSuccess) {
2711+			xmlSecError(XMLSEC_ERRORS_HERE,
2712+		    	NULL,
2713+		    	"PK11_GenerateRandom",
2714+		    	XMLSEC_ERRORS_R_CRYPTO_FAILED,
2715+		    	"error code = %d", PORT_GetError());
2716+			return(-1);
2717+    	}
2718+
2719+    	/* step 5: first encryption, result is TEMP1 */
2720+    	ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2721+				    iv, XMLSEC_NSS_DES3_IV_LENGTH,
2722+					out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
2723+					out, outSize, 1);
2724+    	if(ret < 0) {
2725+			xmlSecError(XMLSEC_ERRORS_HERE,
2726+		    	NULL,
2727+		    	"xmlSecNssKWDes3Encrypt",
2728+		    	XMLSEC_ERRORS_R_XMLSEC_FAILED,
2729+		    	XMLSEC_ERRORS_NO_MESSAGE);
2730+			return(-1);
2731+    	}
2732+
2733+    	/* step 6: construct TEMP2=IV || TEMP1 */
2734+    	memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
2735+	    	inSize + XMLSEC_NSS_DES3_IV_LENGTH);
2736+    	memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
2737+    		s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
2738+
2739+    	/* step 7: reverse octets order, result is TEMP3 */
2740+	    ret = xmlSecNssKWDes3BufferReverse(out, s);
2741+   	 	if(ret < 0) {
2742+			xmlSecError(XMLSEC_ERRORS_HERE,
2743+			    NULL,
2744+			    "xmlSecNssKWDes3BufferReverse",
2745+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
2746+			    XMLSEC_ERRORS_NO_MESSAGE);
2747+			return(-1);
2748+    	}
2749+
2750+    	/* step 8: second encryption with static IV */
2751+    	ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2752+				    xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
2753+					out, s,
2754+					out, outSize, 1);
2755+    	if(ret < 0) {
2756+			xmlSecError(XMLSEC_ERRORS_HERE,
2757+			    NULL,
2758+			    "xmlSecNssKWDes3Encrypt",
2759+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
2760+			    XMLSEC_ERRORS_NO_MESSAGE);
2761+			return(-1);
2762+    	}
2763+		s = ret;
2764+
2765+		if( xmlSecBufferSetSize( result , s ) < 0 ) {
2766+			xmlSecError(XMLSEC_ERRORS_HERE,
2767+			    NULL,
2768+			    "xmlSecBufferSetSize",
2769+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
2770+			    XMLSEC_ERRORS_NO_MESSAGE);
2771+			return(-1);
2772+		}
2773+	} else {
2774+    	/* step 2: first decryption with static IV, result is TEMP3 */
2775+    	ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2776+				    xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
2777+					in, inSize,
2778+					out, outSize, 0);
2779+    	if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
2780+			xmlSecError(XMLSEC_ERRORS_HERE,
2781+		    	NULL,
2782+		    	"xmlSecNssKWDes3Encrypt",
2783+		    	XMLSEC_ERRORS_R_XMLSEC_FAILED,
2784+		    	XMLSEC_ERRORS_NO_MESSAGE);
2785+			return(-1);
2786+    	}
2787+    	s = ret;
2788+
2789+    	/* step 3: reverse octets order in TEMP3, result is TEMP2 */
2790+    	ret = xmlSecNssKWDes3BufferReverse(out, s);
2791+    	if(ret < 0) {
2792+			xmlSecError(XMLSEC_ERRORS_HERE,
2793+		    	NULL,
2794+		    	"xmlSecNssKWDes3BufferReverse",
2795+		    	XMLSEC_ERRORS_R_XMLSEC_FAILED,
2796+		    	XMLSEC_ERRORS_NO_MESSAGE);
2797+			return(-1);
2798+    	}
2799+
2800+    	/* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
2801+    	ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2802+				    out, XMLSEC_NSS_DES3_IV_LENGTH,
2803+					out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
2804+					out, outSize, 0);
2805+    	if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
2806+			xmlSecError(XMLSEC_ERRORS_HERE,
2807+		    	NULL,
2808+		    	"xmlSecNssKWDes3Encrypt",
2809+		    	XMLSEC_ERRORS_R_XMLSEC_FAILED,
2810+		    	XMLSEC_ERRORS_NO_MESSAGE);
2811+			return(-1);
2812+    	}
2813+		s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
2814+
2815+    	/* steps 6 and 7: calculate SHA1 and validate it */
2816+    	if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
2817+			xmlSecError(XMLSEC_ERRORS_HERE,
2818+		    	NULL,
2819+		    	"xmlSecNssComputeSHA1",
2820+		    	XMLSEC_ERRORS_R_CRYPTO_FAILED,
2821+		    	XMLSEC_ERRORS_NO_MESSAGE);
2822+			return(-1);
2823+   		 }
2824+
2825+		if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
2826+			xmlSecError(XMLSEC_ERRORS_HERE,
2827+			    NULL,
2828+		   		 NULL,
2829+			    XMLSEC_ERRORS_R_INVALID_DATA,
2830+			    "SHA1 does not match");
2831+			return(-1);
2832+		}
2833+
2834+		if( xmlSecBufferSetSize( result , s ) < 0 ) {
2835+			xmlSecError(XMLSEC_ERRORS_HERE,
2836+			    NULL,
2837+			    "xmlSecBufferSetSize",
2838+			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
2839+			    XMLSEC_ERRORS_NO_MESSAGE);
2840+			return(-1);
2841+		}
2842+	}
2843+
2844+	return(0);
2845+}
2846+
2847+static int
2848+xmlSecNssKeyWrapAesOp(
2849+	xmlSecNssKeyWrapCtxPtr		ctx ,
2850+	int 						encrypt ,
2851+	xmlSecBufferPtr 			result
2852+) {
2853+    PK11Context*        cipherCtx = NULL;
2854+	SECItem				ivItem ;
2855+	SECItem*			secParam = NULL ;
2856+	xmlSecSize			inSize ;
2857+	xmlSecSize			inBlocks ;
2858+	int					blockSize ;
2859+	int					midSize ;
2860+	int					finSize ;
2861+	xmlSecByte*			out ;
2862+    xmlSecSize			outSize;
2863+
2864+	xmlSecAssert2( ctx != NULL , -1 ) ;
2865+	xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2866+	xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2867+	xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2868+	xmlSecAssert2( ctx->material != NULL , -1 ) ;
2869+	xmlSecAssert2( result != NULL , -1 ) ;
2870+
2871+	/* Do not set any IV */
2872+    memset(&ivItem, 0, sizeof(ivItem));
2873+
2874+	/* Get block size */
2875+	if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
2876+		xmlSecError( XMLSEC_ERRORS_HERE ,
2877+			NULL ,
2878+			"PK11_GetBlockSize" ,
2879+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2880+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2881+		return(-1);
2882+	}
2883+
2884+	inSize = xmlSecBufferGetSize( ctx->material ) ;
2885+	if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
2886+		xmlSecError( XMLSEC_ERRORS_HERE ,
2887+			NULL ,
2888+			"xmlSecBufferSetMaxSize" ,
2889+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2890+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2891+		return(-1);
2892+	}
2893+
2894+	/* Get Param for context initialization */
2895+	if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
2896+		xmlSecError( XMLSEC_ERRORS_HERE ,
2897+			NULL ,
2898+			"PK11_ParamFromIV" ,
2899+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2900+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2901+		return(-1);
2902+	}
2903+
2904+	cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
2905+	if( cipherCtx == NULL ) {
2906+		xmlSecError( XMLSEC_ERRORS_HERE ,
2907+			NULL ,
2908+			"PK11_CreateContextBySymKey" ,
2909+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2910+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2911+		SECITEM_FreeItem( secParam , PR_TRUE ) ;
2912+		return(-1);
2913+	}
2914+
2915+	out = xmlSecBufferGetData(result) ;
2916+	outSize = xmlSecBufferGetMaxSize(result) ;
2917+	if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
2918+		xmlSecError( XMLSEC_ERRORS_HERE ,
2919+			NULL ,
2920+			"PK11_CipherOp" ,
2921+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2922+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2923+		return(-1);
2924+	}
2925+
2926+	if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
2927+		xmlSecError( XMLSEC_ERRORS_HERE ,
2928+			NULL ,
2929+			"PK11_DigestFinal" ,
2930+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2931+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2932+		return(-1);
2933+	}
2934+
2935+	if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
2936+		xmlSecError( XMLSEC_ERRORS_HERE ,
2937+			NULL ,
2938+			"xmlSecBufferSetSize" ,
2939+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2940+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2941+		return(-1);
2942+	}
2943+
2944+	return 0 ;
2945+}
2946+
2947+/**
2948+ * Block cipher transform final
2949+ */
2950+static int
2951+xmlSecNssKeyWrapCtxFinal(
2952+	xmlSecNssKeyWrapCtxPtr		ctx ,
2953+	xmlSecBufferPtr 			in ,
2954+	xmlSecBufferPtr 			out ,
2955+	int 						encrypt ,
2956+	xmlSecTransformCtxPtr 		transformCtx
2957+) {
2958+	PK11SymKey*			targetKey ;
2959+	xmlSecSize			blockSize ;
2960+	xmlSecBufferPtr		result ;
2961+
2962+	xmlSecAssert2( ctx != NULL , -1 ) ;
2963+	xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2964+	xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2965+	xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2966+	xmlSecAssert2( ctx->material != NULL , -1 ) ;
2967+	xmlSecAssert2( in != NULL , -1 ) ;
2968+	xmlSecAssert2( out != NULL , -1 ) ;
2969+	xmlSecAssert2( transformCtx != NULL , -1 ) ;
2970+
2971+	/* read raw key material and append into context */
2972+	if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
2973+		xmlSecError( XMLSEC_ERRORS_HERE ,
2974+			NULL ,
2975+			"xmlSecBufferAppend" ,
2976+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2977+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2978+		return(-1);
2979+	}
2980+
2981+	if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
2982+		xmlSecError( XMLSEC_ERRORS_HERE ,
2983+			NULL ,
2984+			"xmlSecBufferRemoveHead" ,
2985+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2986+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2987+		return(-1);
2988+	}
2989+
2990+	/* Now we get all of the key materail */
2991+	/* from now on we will wrap or unwrap the key */
2992+	if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
2993+		xmlSecError( XMLSEC_ERRORS_HERE ,
2994+			NULL ,
2995+			"PK11_GetBlockSize" ,
2996+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2997+			XMLSEC_ERRORS_NO_MESSAGE ) ;
2998+		return(-1);
2999+	}
3000+
3001+	result = xmlSecBufferCreate( blockSize ) ;
3002+	if( result == NULL ) {
3003+		xmlSecError( XMLSEC_ERRORS_HERE ,
3004+			NULL ,
3005+			"xmlSecBufferCreate" ,
3006+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3007+			XMLSEC_ERRORS_NO_MESSAGE ) ;
3008+		return(-1);
3009+	}
3010+
3011+	switch( ctx->cipher ) {
3012+		case CKM_DES3_CBC :
3013+			if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
3014+				xmlSecError( XMLSEC_ERRORS_HERE ,
3015+					NULL ,
3016+					"xmlSecNssKeyWrapDesOp" ,
3017+					XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3018+					XMLSEC_ERRORS_NO_MESSAGE ) ;
3019+				xmlSecBufferDestroy(result);
3020+				return(-1);
3021+			}
3022+			break ;
3023+	/*	case CKM_NETSCAPE_AES_KEY_WRAP :*/
3024+		case CKM_AES_CBC :
3025+			if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
3026+				xmlSecError( XMLSEC_ERRORS_HERE ,
3027+					NULL ,
3028+					"xmlSecNssKeyWrapAesOp" ,
3029+					XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3030+					XMLSEC_ERRORS_NO_MESSAGE ) ;
3031+				xmlSecBufferDestroy(result);
3032+				return(-1);
3033+			}
3034+			break ;
3035+	}
3036+
3037+	/* Write output */
3038+	if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
3039+		xmlSecError( XMLSEC_ERRORS_HERE ,
3040+			NULL ,
3041+			"xmlSecBufferAppend" ,
3042+			XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3043+			XMLSEC_ERRORS_NO_MESSAGE ) ;
3044+		xmlSecBufferDestroy(result);
3045+		return(-1);
3046+	}
3047+	xmlSecBufferDestroy(result);
3048+
3049+	return(0);
3050+}
3051+
3052+static int
3053+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
3054+	xmlSecNssKeyWrapCtxPtr 	context = NULL ;
3055+	xmlSecBufferPtr			inBuf, outBuf ;
3056+	int						operation ;
3057+	int						rtv ;
3058+
3059+	xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
3060+	xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
3061+    xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
3062+	xmlSecAssert2( transformCtx != NULL , -1 ) ;
3063+
3064+	context = xmlSecNssKeyWrapGetCtx( transform ) ;
3065+	if( context == NULL ) {
3066+		xmlSecError( XMLSEC_ERRORS_HERE ,
3067+		    xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3068+		    "xmlSecNssKeyWrapGetCtx" ,
3069+		    XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3070+		    XMLSEC_ERRORS_NO_MESSAGE ) ;
3071+		return(-1);
3072+	}
3073+
3074+	inBuf = &( transform->inBuf ) ;
3075+	outBuf = &( transform->outBuf ) ;
3076+
3077+	if( transform->status == xmlSecTransformStatusNone ) {
3078+		transform->status = xmlSecTransformStatusWorking ;
3079+	}
3080+
3081+	operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
3082+	if( transform->status == xmlSecTransformStatusWorking ) {
3083+		if( context->material == NULL ) {
3084+			rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
3085+			if( rtv < 0 ) {
3086+				xmlSecError( XMLSEC_ERRORS_HERE ,
3087+					xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3088+					"xmlSecNssKeyWrapCtxInit" ,
3089+					XMLSEC_ERRORS_R_INVALID_STATUS ,
3090+					XMLSEC_ERRORS_NO_MESSAGE ) ;
3091+				return(-1);
3092+			}
3093+		}
3094+
3095+		if( context->material == NULL && last != 0 ) {
3096+			xmlSecError( XMLSEC_ERRORS_HERE ,
3097+				xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3098+				NULL ,
3099+				XMLSEC_ERRORS_R_INVALID_STATUS ,
3100+				"No enough data to initialize transform" ) ;
3101+			return(-1);
3102+		}
3103+
3104+		if( context->material != NULL ) {
3105+			rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
3106+			if( rtv < 0 ) {
3107+				xmlSecError( XMLSEC_ERRORS_HERE ,
3108+					xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3109+					"xmlSecNssKeyWrapCtxUpdate" ,
3110+					XMLSEC_ERRORS_R_INVALID_STATUS ,
3111+					XMLSEC_ERRORS_NO_MESSAGE ) ;
3112+				return(-1);
3113+			}
3114+		}
3115+
3116+		if( last ) {
3117+			rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
3118+			if( rtv < 0 ) {
3119+				xmlSecError( XMLSEC_ERRORS_HERE ,
3120+					xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3121+					"xmlSecNssKeyWrapCtxFinal" ,
3122+					XMLSEC_ERRORS_R_INVALID_STATUS ,
3123+					XMLSEC_ERRORS_NO_MESSAGE ) ;
3124+				return(-1);
3125+			}
3126+			transform->status = xmlSecTransformStatusFinished ;
3127+		}
3128+	} else if( transform->status == xmlSecTransformStatusFinished ) {
3129+		if( xmlSecBufferGetSize( inBuf ) != 0 ) {
3130+			xmlSecError( XMLSEC_ERRORS_HERE ,
3131+				xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3132+				NULL ,
3133+				XMLSEC_ERRORS_R_INVALID_STATUS ,
3134+				"status=%d", transform->status ) ;
3135+			return(-1);
3136+		}
3137+	} else {
3138+		xmlSecError( XMLSEC_ERRORS_HERE ,
3139+			xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3140+			NULL ,
3141+			XMLSEC_ERRORS_R_INVALID_STATUS ,
3142+			"status=%d", transform->status ) ;
3143+		return(-1);
3144+	}
3145+
3146+	return(0);
3147+}
3148+
3149+#ifndef XMLSEC_NO_AES
3150+
3151+
3152+#ifdef __MINGW32__ // for runtime-pseudo-reloc
3153+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
3154+#else
3155+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
3156+#endif
3157+    /* klass/object sizes */
3158+    sizeof(xmlSecTransformKlass),		/* xmlSecSize klassSize */
3159+    xmlSecNssKeyWrapSize,				/* xmlSecSize objSize */
3160+
3161+    xmlSecNameKWAes128,				/* const xmlChar* name; */
3162+    xmlSecHrefKWAes128,				/* const xmlChar* href; */
3163+    xmlSecTransformUsageEncryptionMethod,	/* xmlSecAlgorithmUsage usage; */
3164+
3165+    xmlSecNssKeyWrapInitialize, 			/* xmlSecTransformInitializeMethod initialize; */
3166+    xmlSecNssKeyWrapFinalize,			/* xmlSecTransformFinalizeMethod finalize; */
3167+    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
3168+    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
3169+    xmlSecNssKeyWrapSetKeyReq,			/* xmlSecTransformSetKeyMethod setKeyReq; */
3170+    xmlSecNssKeyWrapSetKey,			/* xmlSecTransformSetKeyMethod setKey; */
3171+    NULL,					/* xmlSecTransformValidateMethod validate; */
3172+    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
3173+    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
3174+    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
3175+    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
3176+    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
3177+    xmlSecNssKeyWrapExecute,			/* xmlSecTransformExecuteMethod execute; */
3178+
3179+    NULL,					/* void* reserved0; */
3180+    NULL,					/* void* reserved1; */
3181+};
3182+
3183+#ifdef __MINGW32__ // for runtime-pseudo-reloc
3184+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
3185+#else
3186+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
3187+#endif
3188+    /* klass/object sizes */
3189+    sizeof(xmlSecTransformKlass),		/* xmlSecSize klassSize */
3190+    xmlSecNssKeyWrapSize,				/* xmlSecSize objSize */
3191+
3192+    xmlSecNameKWAes192,				/* const xmlChar* name; */
3193+    xmlSecHrefKWAes192,				/* const xmlChar* href; */
3194+    xmlSecTransformUsageEncryptionMethod,	/* xmlSecAlgorithmUsage usage; */
3195+
3196+    xmlSecNssKeyWrapInitialize, 			/* xmlSecTransformInitializeMethod initialize; */
3197+    xmlSecNssKeyWrapFinalize,			/* xmlSecTransformFinalizeMethod finalize; */
3198+    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
3199+    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
3200+    xmlSecNssKeyWrapSetKeyReq,			/* xmlSecTransformSetKeyMethod setKeyReq; */
3201+    xmlSecNssKeyWrapSetKey,			/* xmlSecTransformSetKeyMethod setKey; */
3202+    NULL,					/* xmlSecTransformValidateMethod validate; */
3203+    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
3204+    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
3205+    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
3206+    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
3207+    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
3208+    xmlSecNssKeyWrapExecute,			/* xmlSecTransformExecuteMethod execute; */
3209+
3210+    NULL,					/* void* reserved0; */
3211+    NULL,					/* void* reserved1; */
3212+};
3213+
3214+#ifdef __MINGW32__ // for runtime-pseudo-reloc
3215+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
3216+#else
3217+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
3218+#endif
3219+    /* klass/object sizes */
3220+    sizeof(xmlSecTransformKlass),		/* xmlSecSize klassSize */
3221+    xmlSecNssKeyWrapSize,				/* xmlSecSize objSize */
3222+
3223+    xmlSecNameKWAes256,				/* const xmlChar* name; */
3224+    xmlSecHrefKWAes256,				/* const xmlChar* href; */
3225+    xmlSecTransformUsageEncryptionMethod,	/* xmlSecAlgorithmUsage usage; */
3226+
3227+    xmlSecNssKeyWrapInitialize, 			/* xmlSecTransformInitializeMethod initialize; */
3228+    xmlSecNssKeyWrapFinalize,			/* xmlSecTransformFinalizeMethod finalize; */
3229+    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
3230+    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
3231+    xmlSecNssKeyWrapSetKeyReq,			/* xmlSecTransformSetKeyMethod setKeyReq; */
3232+    xmlSecNssKeyWrapSetKey,			/* xmlSecTransformSetKeyMethod setKey; */
3233+    NULL,					/* xmlSecTransformValidateMethod validate; */
3234+    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
3235+    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
3236+    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
3237+    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
3238+    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
3239+    xmlSecNssKeyWrapExecute,			/* xmlSecTransformExecuteMethod execute; */
3240+
3241+    NULL,					/* void* reserved0; */
3242+    NULL,					/* void* reserved1; */
3243+};
3244+
3245+/**
3246+ * xmlSecNssTransformKWAes128GetKlass:
3247+ *
3248+ * The AES-128 key wrapper transform klass.
3249+ *
3250+ * Returns AES-128 key wrapper transform klass.
3251+ */
3252+xmlSecTransformId
3253+xmlSecNssTransformKWAes128GetKlass(void) {
3254+    return(&xmlSecNssKWAes128Klass);
3255+}
3256+
3257+/**
3258+ * xmlSecNssTransformKWAes192GetKlass:
3259+ *
3260+ * The AES-192 key wrapper transform klass.
3261+ *
3262+ * Returns AES-192 key wrapper transform klass.
3263+ */
3264+xmlSecTransformId
3265+xmlSecNssTransformKWAes192GetKlass(void) {
3266+    return(&xmlSecNssKWAes192Klass);
3267+}
3268+
3269+/**
3270+ *
3271+ * The AES-256 key wrapper transform klass.
3272+ *
3273+ * Returns AES-256 key wrapper transform klass.
3274+ */
3275+xmlSecTransformId
3276+xmlSecNssTransformKWAes256GetKlass(void) {
3277+    return(&xmlSecNssKWAes256Klass);
3278+}
3279+
3280+#endif /* XMLSEC_NO_AES */
3281+
3282+
3283+#ifndef XMLSEC_NO_DES
3284+
3285+#ifdef __MINGW32__ // for runtime-pseudo-reloc
3286+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
3287+#else
3288+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
3289+#endif
3290+    /* klass/object sizes */
3291+    sizeof(xmlSecTransformKlass),		/* xmlSecSize klassSize */
3292+    xmlSecNssKeyWrapSize,			/* xmlSecSize objSize */
3293+
3294+    xmlSecNameKWDes3,				/* const xmlChar* name; */
3295+    xmlSecHrefKWDes3, 				/* const xmlChar* href; */
3296+    xmlSecTransformUsageEncryptionMethod,	/* xmlSecAlgorithmUsage usage; */
3297+
3298+    xmlSecNssKeyWrapInitialize, 			/* xmlSecTransformInitializeMethod initialize; */
3299+    xmlSecNssKeyWrapFinalize,			/* xmlSecTransformFinalizeMethod finalize; */
3300+    NULL,					/* xmlSecTransformNodeReadMethod readNode; */
3301+    NULL,					/* xmlSecTransformNodeWriteMethod writeNode; */
3302+    xmlSecNssKeyWrapSetKeyReq,			/* xmlSecTransformSetKeyMethod setKeyReq; */
3303+    xmlSecNssKeyWrapSetKey,			/* xmlSecTransformSetKeyMethod setKey; */
3304+    NULL,					/* xmlSecTransformValidateMethod validate; */
3305+    xmlSecTransformDefaultGetDataType,		/* xmlSecTransformGetDataTypeMethod getDataType; */
3306+    xmlSecTransformDefaultPushBin,		/* xmlSecTransformPushBinMethod pushBin; */
3307+    xmlSecTransformDefaultPopBin,		/* xmlSecTransformPopBinMethod popBin; */
3308+    NULL,					/* xmlSecTransformPushXmlMethod pushXml; */
3309+    NULL,					/* xmlSecTransformPopXmlMethod popXml; */
3310+    xmlSecNssKeyWrapExecute,			/* xmlSecTransformExecuteMethod execute; */
3311+
3312+    NULL,					/* void* reserved0; */
3313+    NULL,					/* void* reserved1; */
3314+};
3315+
3316+/**
3317+ * xmlSecNssTransformKWDes3GetKlass:
3318+ *
3319+ * The Triple DES key wrapper transform klass.
3320+ *
3321+ * Returns Triple DES key wrapper transform klass.
3322+ */
3323+xmlSecTransformId
3324+xmlSecNssTransformKWDes3GetKlass(void) {
3325+    return(&xmlSecNssKWDes3Klass);
3326+}
3327+
3328+#endif /* XMLSEC_NO_DES */
3329+
3330--- misc/xmlsec1-1.2.14/src/nss/pkikeys.c	2009-06-25 22:53:18.000000000 +0200
3331+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c	2009-09-21 14:02:48.657352624 +0200
3332@@ -24,6 +24,7 @@
3333 #include <xmlsec/nss/crypto.h>
3334 #include <xmlsec/nss/bignum.h>
3335 #include <xmlsec/nss/pkikeys.h>
3336+#include <xmlsec/nss/tokens.h>
3337
3338 /**************************************************************************
3339  *
3340@@ -115,6 +116,8 @@
3341                           xmlSecNssPKIKeyDataCtxPtr ctxSrc)
3342 {
3343     xmlSecNSSPKIKeyDataCtxFree(ctxDst);
3344+    ctxDst->privkey = NULL ;
3345+    ctxDst->pubkey = NULL ;
3346     if (ctxSrc->privkey != NULL) {
3347 	ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
3348 	if(ctxDst->privkey == NULL) {
3349@@ -588,13 +591,13 @@
3350 	goto done;
3351     }
3352
3353-    slot = PK11_GetBestSlot(CKM_DSA, NULL);
3354+    slot = xmlSecNssSlotGet(CKM_DSA);
3355     if(slot == NULL) {
3356 	xmlSecError(XMLSEC_ERRORS_HERE,
3357 		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3358-		    "PK11_GetBestSlot",
3359+		    "xmlSecNssSlotGet",
3360 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
3361-		    XMLSEC_ERRORS_NO_MESSAGE);
3362+		    "error code=%d", PORT_GetError());
3363 	ret = -1;
3364 	goto done;
3365     }
3366@@ -792,14 +795,14 @@
3367     if (slot != NULL) {
3368 	PK11_FreeSlot(slot);
3369     }
3370-    if (ret != 0) {
3371+
3372 	if (pubkey != NULL) {
3373 	    SECKEY_DestroyPublicKey(pubkey);
3374 	}
3375 	if (data != NULL) {
3376 	    xmlSecKeyDataDestroy(data);
3377 	}
3378-    }
3379+
3380     return(ret);
3381 }
3382
3383@@ -818,7 +821,7 @@
3384
3385     ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
3386     xmlSecAssert2(ctx != NULL, -1);
3387-    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
3388+/*    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
3389
3390     if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
3391 	/* we can have only private key or public key */
3392@@ -940,7 +943,8 @@
3393 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3394 		    "PK11_PQG_ParamGen",
3395 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
3396-		    "size=%d", sizeBits);
3397+		    "size=%d, error code=%d", sizeBits, PORT_GetError());
3398+	ret = -1;
3399 	goto done;
3400     }
3401
3402@@ -950,11 +954,12 @@
3403 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3404 		    "PK11_PQG_VerifyParams",
3405 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
3406-		    "size=%d", sizeBits);
3407+		    "size=%d, error code=%d", sizeBits, PORT_GetError());
3408+	ret = -1;
3409 	goto done;
3410     }
3411
3412-    slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
3413+    slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
3414     PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
3415     privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
3416 				   &pubkey, PR_FALSE, PR_TRUE, NULL);
3417@@ -964,8 +969,9 @@
3418 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3419 		    "PK11_GenerateKeyPair",
3420 		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
3421-		    XMLSEC_ERRORS_NO_MESSAGE);
3422+		    "error code=%d", PORT_GetError());
3423
3424+	ret = -1;
3425 	goto done;
3426     }
3427
3428@@ -979,6 +985,8 @@
3429 	goto done;
3430     }
3431
3432+    privkey = NULL ;
3433+    pubkey = NULL ;
3434     ret = 0;
3435
3436 done:
3437@@ -991,16 +999,13 @@
3438     if (pqgVerify != NULL) {
3439 	PK11_PQG_DestroyVerify(pqgVerify);
3440     }
3441-    if (ret == 0) {
3442-	return (0);
3443-    }
3444     if (pubkey != NULL) {
3445 	SECKEY_DestroyPublicKey(pubkey);
3446     }
3447     if (privkey != NULL) {
3448 	SECKEY_DestroyPrivateKey(privkey);
3449     }
3450-    return(-1);
3451+    return(ret);
3452 }
3453
3454 static xmlSecKeyDataType
3455@@ -1010,10 +1015,10 @@
3456     xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
3457     ctx = xmlSecNssPKIKeyDataGetCtx(data);
3458     xmlSecAssert2(ctx != NULL, -1);
3459-    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
3460+/*    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
3461     if (ctx->privkey != NULL) {
3462 	return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
3463-    } else {
3464+    } else if( ctx->pubkey != NULL ) {
3465 	return(xmlSecKeyDataTypePublic);
3466     }
3467
3468@@ -1027,7 +1032,7 @@
3469     xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
3470     ctx = xmlSecNssPKIKeyDataGetCtx(data);
3471     xmlSecAssert2(ctx != NULL, -1);
3472-    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
3473+/*    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
3474
3475     return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
3476 }
3477@@ -1216,13 +1221,13 @@
3478 	goto done;
3479     }
3480
3481-    slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
3482+    slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
3483     if(slot == NULL) {
3484         xmlSecError(XMLSEC_ERRORS_HERE,
3485                     xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3486-                    "PK11_GetBestSlot",
3487+                    "xmlSecNssSlotGet",
3488                     XMLSEC_ERRORS_R_CRYPTO_FAILED,
3489-                    XMLSEC_ERRORS_NO_MESSAGE);
3490+                    "error code=%d", PORT_GetError());
3491         ret = -1;
3492         goto done;
3493     }
3494@@ -1384,7 +1389,7 @@
3495
3496     ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
3497     xmlSecAssert2(ctx != NULL, -1);
3498-    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
3499+/*    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
3500
3501
3502     if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
3503@@ -1455,7 +1460,7 @@
3504     params.keySizeInBits = sizeBits;
3505     params.pe = 65537;
3506
3507-    slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
3508+    slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
3509     PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
3510     privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
3511 				   &pubkey, PR_FALSE, PR_TRUE, NULL);
3512@@ -1525,7 +1530,7 @@
3513
3514     ctx = xmlSecNssPKIKeyDataGetCtx(data);
3515     xmlSecAssert2(ctx != NULL, -1);
3516-    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
3517+/*    xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
3518
3519     return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
3520 }
3521--- misc/xmlsec1-1.2.14/src/nss/symkeys.c	2009-06-25 22:53:18.000000000 +0200
3522+++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c	2009-09-21 14:02:48.620574832 +0200
3523@@ -15,20 +15,41 @@
3524 #include <stdio.h>
3525 #include <string.h>
3526
3527+#include <pk11func.h>
3528+#include <nss.h>
3529+
3530 #include <xmlsec/xmlsec.h>
3531 #include <xmlsec/xmltree.h>
3532+#include <xmlsec/base64.h>
3533 #include <xmlsec/keys.h>
3534 #include <xmlsec/keyinfo.h>
3535 #include <xmlsec/transforms.h>
3536 #include <xmlsec/errors.h>
3537
3538 #include <xmlsec/nss/crypto.h>
3539+#include <xmlsec/nss/ciphers.h>
3540+#include <xmlsec/nss/tokens.h>
3541
3542 /*****************************************************************************
3543  *
3544- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
3545+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
3546  *
3547  ****************************************************************************/
3548+typedef struct _xmlSecNssSymKeyDataCtx      xmlSecNssSymKeyDataCtx ;
3549+typedef struct _xmlSecNssSymKeyDataCtx*     xmlSecNssSymKeyDataCtxPtr ;
3550+
3551+struct _xmlSecNssSymKeyDataCtx {
3552+    CK_MECHANISM_TYPE       cipher ;    /* the symmetic key mechanism */
3553+    PK11SlotInfo*           slot ;      /* the key resident slot */
3554+    PK11SymKey*             symkey ;    /* the symmetic key */
3555+} ;
3556+
3557+#define xmlSecNssSymKeyDataSize \
3558+    ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
3559+
3560+#define xmlSecNssSymKeyDataGetCtx( data ) \
3561+    ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
3562+
3563 static int	xmlSecNssSymKeyDataInitialize		(xmlSecKeyDataPtr data);
3564 static int	xmlSecNssSymKeyDataDuplicate		(xmlSecKeyDataPtr dst,
3565 							 xmlSecKeyDataPtr src);
3566@@ -67,107 +88,743 @@
3567     (xmlSecKeyDataIsValid((data)) && \
3568      xmlSecNssSymKeyDataKlassCheck((data)->id))
3569
3570+/**
3571+ * xmlSecNssSymKeyDataAdoptKey:
3572+ * @data:                              the pointer to symmetric key data.
3573+ * @symkey:                            the symmetric key
3574+ *
3575+ * Set the value of symmetric key data.
3576+ *
3577+ * Returns 0 on success or a negative value if an error occurs.
3578+ */
3579+int
3580+xmlSecNssSymKeyDataAdoptKey(
3581+       xmlSecKeyDataPtr data ,
3582+       PK11SymKey* symkey
3583+) {
3584+       xmlSecNssSymKeyDataCtxPtr context = NULL ;
3585+
3586+       xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
3587+       xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
3588+       xmlSecAssert2( symkey != NULL, -1 ) ;
3589+
3590+       context = xmlSecNssSymKeyDataGetCtx( data ) ;
3591+       xmlSecAssert2(context != NULL, -1);
3592+
3593+       context->cipher = PK11_GetMechanism( symkey ) ;
3594+
3595+       if( context->slot != NULL ) {
3596+               PK11_FreeSlot( context->slot ) ;
3597+               context->slot = NULL ;
3598+       }
3599+       context->slot = PK11_GetSlotFromKey( symkey ) ;
3600+
3601+       if( context->symkey != NULL ) {
3602+               PK11_FreeSymKey( context->symkey ) ;
3603+               context->symkey = NULL ;
3604+       }
3605+       context->symkey = PK11_ReferenceSymKey( symkey ) ;
3606+
3607+       return 0 ;
3608+}
3609+
3610+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
3611+    PK11SymKey*     symKey
3612+) {
3613+       xmlSecKeyDataPtr        data = NULL ;
3614+       CK_MECHANISM_TYPE       mechanism = CKM_INVALID_MECHANISM ;
3615+
3616+       xmlSecAssert2( symKey != NULL , NULL ) ;
3617+
3618+       mechanism = PK11_GetMechanism( symKey ) ;
3619+       switch( mechanism ) {
3620+               case CKM_DES3_KEY_GEN :
3621+               case CKM_DES3_CBC :
3622+               case CKM_DES3_MAC :
3623+                       data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
3624+                       if( data == NULL ) {
3625+                               xmlSecError( XMLSEC_ERRORS_HERE ,
3626+                                       NULL ,
3627+                                       "xmlSecKeyDataCreate" ,
3628+                                       XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3629+                                       "xmlSecNssKeyDataDesId" ) ;
3630+                               return NULL ;
3631+                       }
3632+                       break ;
3633+               case CKM_AES_KEY_GEN :
3634+               case CKM_AES_CBC :
3635+               case CKM_AES_MAC :
3636+                       data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
3637+                       if( data == NULL ) {
3638+                               xmlSecError( XMLSEC_ERRORS_HERE ,
3639+                                       NULL ,
3640+                                       "xmlSecKeyDataCreate" ,
3641+                                       XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3642+                                       "xmlSecNssKeyDataDesId" ) ;
3643+                               return NULL ;
3644+                       }
3645+                       break ;
3646+               default :
3647+                       xmlSecError( XMLSEC_ERRORS_HERE ,
3648+                               NULL ,
3649+                               NULL ,
3650+                               XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3651+                               "Unsupported mechanism" ) ;
3652+                       return NULL ;
3653+       }
3654+
3655+       if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
3656+               xmlSecError( XMLSEC_ERRORS_HERE ,
3657+                       NULL ,
3658+                       "xmlSecNssSymKeyDataAdoptKey" ,
3659+                       XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3660+                       XMLSEC_ERRORS_NO_MESSAGE ) ;
3661+
3662+               xmlSecKeyDataDestroy( data ) ;
3663+               return NULL ;
3664+       }
3665+
3666+       return data ;
3667+}
3668+
3669+
3670+PK11SymKey*
3671+xmlSecNssSymKeyDataGetKey(
3672+    xmlSecKeyDataPtr data
3673+) {
3674+    xmlSecNssSymKeyDataCtxPtr ctx;
3675+    PK11SymKey* symkey ;
3676+
3677+    xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
3678+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
3679+
3680+    ctx = xmlSecNssSymKeyDataGetCtx(data);
3681+    xmlSecAssert2(ctx != NULL, NULL);
3682+
3683+    if( ctx->symkey != NULL ) {
3684+        symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
3685+    } else {
3686+        symkey = NULL ;
3687+    }
3688+
3689+    return(symkey);
3690+}
3691+
3692 static int
3693 xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
3694+    xmlSecNssSymKeyDataCtxPtr ctx;
3695+
3696     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
3697-
3698-    return(xmlSecKeyDataBinaryValueInitialize(data));
3699+    xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
3700+
3701+    ctx = xmlSecNssSymKeyDataGetCtx(data);
3702+    xmlSecAssert2(ctx != NULL, -1);
3703+
3704+    memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
3705+
3706+    /* Set the block cipher mechanism */
3707+#ifndef XMLSEC_NO_DES
3708+    if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
3709+        ctx->cipher = CKM_DES3_KEY_GEN;
3710+    } else
3711+#endif  /* XMLSEC_NO_DES */
3712+
3713+#ifndef XMLSEC_NO_AES
3714+    if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
3715+        ctx->cipher = CKM_AES_KEY_GEN;
3716+    } else
3717+#endif  /* XMLSEC_NO_AES */
3718+
3719+    if(1) {
3720+        xmlSecError( XMLSEC_ERRORS_HERE ,
3721+            xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3722+            NULL ,
3723+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3724+            "Unsupported block cipher" ) ;
3725+        return(-1) ;
3726+    }
3727+
3728+    return(0);
3729 }
3730
3731 static int
3732 xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
3733+    xmlSecNssSymKeyDataCtxPtr ctxDst;
3734+    xmlSecNssSymKeyDataCtxPtr ctxSrc;
3735+
3736     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
3737+    xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
3738     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
3739+    xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
3740     xmlSecAssert2(dst->id == src->id, -1);
3741-
3742-    return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
3743+
3744+    ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
3745+    xmlSecAssert2(ctxDst != NULL, -1);
3746+
3747+    ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
3748+    xmlSecAssert2(ctxSrc != NULL, -1);
3749+
3750+    ctxDst->cipher = ctxSrc->cipher ;
3751+
3752+    if( ctxSrc->slot != NULL ) {
3753+        if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
3754+            PK11_FreeSlot( ctxDst->slot ) ;
3755+            ctxDst->slot = NULL ;
3756+        }
3757+
3758+        if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
3759+            ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
3760+    } else {
3761+        if( ctxDst->slot != NULL ) {
3762+            PK11_FreeSlot( ctxDst->slot ) ;
3763+            ctxDst->slot = NULL ;
3764+        }
3765+    }
3766+
3767+    if( ctxSrc->symkey != NULL ) {
3768+        if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
3769+            PK11_FreeSymKey( ctxDst->symkey ) ;
3770+            ctxDst->symkey = NULL ;
3771+        }
3772+
3773+        if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
3774+            ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
3775+    } else {
3776+        if( ctxDst->symkey != NULL ) {
3777+            PK11_FreeSymKey( ctxDst->symkey ) ;
3778+            ctxDst->symkey = NULL ;
3779+        }
3780+    }
3781+
3782+    return(0);
3783 }
3784
3785 static void
3786 xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
3787+    xmlSecNssSymKeyDataCtxPtr ctx;
3788+
3789     xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
3790-
3791-    xmlSecKeyDataBinaryValueFinalize(data);
3792+    xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
3793+
3794+    ctx = xmlSecNssSymKeyDataGetCtx(data);
3795+    xmlSecAssert(ctx != NULL);
3796+
3797+    if( ctx->slot != NULL ) {
3798+        PK11_FreeSlot( ctx->slot ) ;
3799+        ctx->slot = NULL ;
3800+    }
3801+
3802+    if( ctx->symkey != NULL ) {
3803+        PK11_FreeSymKey( ctx->symkey ) ;
3804+        ctx->symkey = NULL ;
3805+    }
3806+
3807+    ctx->cipher = CKM_INVALID_MECHANISM ;
3808 }
3809
3810 static int
3811 xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
3812 			       xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
3813-    xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
3814+    PK11SymKey* symKey ;
3815+    PK11SlotInfo* slot ;
3816+    xmlSecBufferPtr keyBuf;
3817+    xmlSecSize len;
3818+    xmlSecKeyDataPtr data;
3819+    xmlSecNssSymKeyDataCtxPtr ctx;
3820+    SECItem keyItem ;
3821+    int ret;
3822+
3823+    xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
3824+    xmlSecAssert2(key != NULL, -1);
3825+    xmlSecAssert2(node != NULL, -1);
3826+    xmlSecAssert2(keyInfoCtx != NULL, -1);
3827+
3828+    /* Create a new KeyData from a id */
3829+    data = xmlSecKeyDataCreate(id);
3830+    if(data == NULL ) {
3831+        xmlSecError(XMLSEC_ERRORS_HERE,
3832+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3833+            "xmlSecKeyDataCreate",
3834+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
3835+            XMLSEC_ERRORS_NO_MESSAGE);
3836+        return(-1);
3837+    }
3838+
3839+    ctx = xmlSecNssSymKeyDataGetCtx(data);
3840+    xmlSecAssert2(ctx != NULL, -1);
3841+
3842+    /* Create a buffer for raw symmetric key value */
3843+    if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
3844+        xmlSecError( XMLSEC_ERRORS_HERE ,
3845+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3846+            "xmlSecBufferCreate" ,
3847+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3848+            XMLSEC_ERRORS_NO_MESSAGE ) ;
3849+               xmlSecKeyDataDestroy( data ) ;
3850+        return(-1) ;
3851+    }
3852+
3853+    /* Read the raw key value */
3854+    if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
3855+        xmlSecError( XMLSEC_ERRORS_HERE ,
3856+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3857+            xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
3858+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3859+            XMLSEC_ERRORS_NO_MESSAGE ) ;
3860+
3861+        xmlSecBufferDestroy( keyBuf ) ;
3862+               xmlSecKeyDataDestroy( data ) ;
3863+        return(-1) ;
3864+    }
3865+
3866+    /* Get slot */
3867+    slot = xmlSecNssSlotGet(ctx->cipher);
3868+    if( slot == NULL ) {
3869+        xmlSecError( XMLSEC_ERRORS_HERE ,
3870+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3871+            "xmlSecNssSlotGet" ,
3872+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3873+            XMLSEC_ERRORS_NO_MESSAGE ) ;
3874+
3875+        xmlSecBufferDestroy( keyBuf ) ;
3876+               xmlSecKeyDataDestroy( data ) ;
3877+        return(-1) ;
3878+    }
3879+
3880+    /* Wrap the raw key value SECItem */
3881+    keyItem.type = siBuffer ;
3882+    keyItem.data = xmlSecBufferGetData( keyBuf ) ;
3883+    keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
3884+
3885+    /* Import the raw key into slot temporalily and get the key handler*/
3886+    symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
3887+    if( symKey == NULL ) {
3888+        xmlSecError( XMLSEC_ERRORS_HERE ,
3889+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3890+            "PK11_ImportSymKey" ,
3891+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3892+            XMLSEC_ERRORS_NO_MESSAGE ) ;
3893+
3894+               PK11_FreeSlot( slot ) ;
3895+        xmlSecBufferDestroy( keyBuf ) ;
3896+               xmlSecKeyDataDestroy( data ) ;
3897+        return(-1) ;
3898+    }
3899+       PK11_FreeSlot( slot ) ;
3900+
3901+    /* raw key material has been copied into symKey, it isn't used any more */
3902+    xmlSecBufferDestroy( keyBuf ) ;
3903+
3904+    /* Adopt the symmetric key into key data */
3905+    ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
3906+    if(ret < 0) {
3907+        xmlSecError(XMLSEC_ERRORS_HERE,
3908+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3909+            "xmlSecKeyDataBinaryValueSetBuffer",
3910+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
3911+            XMLSEC_ERRORS_NO_MESSAGE);
3912+        PK11_FreeSymKey( symKey ) ;
3913+               xmlSecKeyDataDestroy( data ) ;
3914+        return(-1);
3915+    }
3916+    /* symKey has been duplicated into data, it isn't used any more */
3917+    PK11_FreeSymKey( symKey ) ;
3918+
3919+    /* Check value */
3920+    if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
3921+        xmlSecError(XMLSEC_ERRORS_HERE,
3922+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3923+            "xmlSecKeyReqMatchKeyValue",
3924+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
3925+            XMLSEC_ERRORS_NO_MESSAGE);
3926+               xmlSecKeyDataDestroy( data ) ;
3927+        return(0);
3928+    }
3929
3930-    return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
3931+    ret = xmlSecKeySetValue(key, data);
3932+    if(ret < 0) {
3933+        xmlSecError(XMLSEC_ERRORS_HERE,
3934+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3935+            "xmlSecKeySetValue",
3936+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
3937+            XMLSEC_ERRORS_NO_MESSAGE);
3938+               xmlSecKeyDataDestroy( data ) ;
3939+        return(-1);
3940+    }
3941+
3942+    return(0);
3943 }
3944
3945 static int
3946 xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
3947 				    xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
3948+    PK11SymKey* symKey ;
3949+
3950     xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
3951-
3952-    return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
3953+    xmlSecAssert2(key != NULL, -1);
3954+    xmlSecAssert2(node != NULL, -1);
3955+    xmlSecAssert2(keyInfoCtx != NULL, -1);
3956+
3957+       /* Get symmetric key from "key" */
3958+    symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
3959+    if( symKey != NULL ) {
3960+        SECItem* keyItem ;
3961+               xmlSecBufferPtr keyBuf ;
3962+
3963+               /* Extract raw key data from symmetric key */
3964+               if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
3965+               xmlSecError(XMLSEC_ERRORS_HERE,
3966+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3967+               "PK11_ExtractKeyValue",
3968+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
3969+               XMLSEC_ERRORS_NO_MESSAGE);
3970+                       PK11_FreeSymKey( symKey ) ;
3971+               return(-1);
3972+               }
3973+
3974+               /* Get raw key data from "symKey" */
3975+        keyItem = PK11_GetKeyData( symKey ) ;
3976+           if(keyItem == NULL) {
3977+               xmlSecError(XMLSEC_ERRORS_HERE,
3978+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3979+               "PK11_GetKeyData",
3980+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
3981+               XMLSEC_ERRORS_NO_MESSAGE);
3982+                       PK11_FreeSymKey( symKey ) ;
3983+               return(-1);
3984+       }
3985+
3986+               /* Create key data buffer with raw kwy material */
3987+               keyBuf = xmlSecBufferCreate(keyItem->len) ;
3988+           if(keyBuf == NULL) {
3989+               xmlSecError(XMLSEC_ERRORS_HERE,
3990+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3991+               "xmlSecBufferCreate",
3992+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
3993+               XMLSEC_ERRORS_NO_MESSAGE);
3994+                       PK11_FreeSymKey( symKey ) ;
3995+               return(-1);
3996+       }
3997+
3998+               xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
3999+
4000+               /* Write raw key material into current xml node */
4001+               if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
4002+               xmlSecError(XMLSEC_ERRORS_HERE,
4003+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4004+               "xmlSecBufferBase64NodeContentWrite",
4005+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
4006+               XMLSEC_ERRORS_NO_MESSAGE);
4007+                       xmlSecBufferDestroy(keyBuf);
4008+                       PK11_FreeSymKey( symKey ) ;
4009+               return(-1);
4010+               }
4011+               xmlSecBufferDestroy(keyBuf);
4012+               PK11_FreeSymKey( symKey ) ;
4013+    }
4014+
4015+    return 0 ;
4016 }
4017
4018 static int
4019 xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
4020 				    const xmlSecByte* buf, xmlSecSize bufSize,
4021 				    xmlSecKeyInfoCtxPtr keyInfoCtx) {
4022-    xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
4023+    PK11SymKey* symKey ;
4024+    PK11SlotInfo* slot ;
4025+    xmlSecKeyDataPtr data;
4026+    xmlSecNssSymKeyDataCtxPtr ctx;
4027+    SECItem keyItem ;
4028+    int ret;
4029+
4030+    xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
4031+    xmlSecAssert2(key != NULL, -1);
4032+    xmlSecAssert2(buf != NULL, -1);
4033+    xmlSecAssert2(bufSize != 0, -1);
4034+    xmlSecAssert2(keyInfoCtx != NULL, -1);
4035+
4036+    /* Create a new KeyData from a id */
4037+    data = xmlSecKeyDataCreate(id);
4038+    if(data == NULL ) {
4039+        xmlSecError(XMLSEC_ERRORS_HERE,
4040+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4041+            "xmlSecKeyDataCreate",
4042+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
4043+            XMLSEC_ERRORS_NO_MESSAGE);
4044+        return(-1);
4045+    }
4046+
4047+    ctx = xmlSecNssSymKeyDataGetCtx(data);
4048+    xmlSecAssert2(ctx != NULL, -1);
4049+
4050+    /* Get slot */
4051+    slot = xmlSecNssSlotGet(ctx->cipher);
4052+    if( slot == NULL ) {
4053+        xmlSecError( XMLSEC_ERRORS_HERE ,
4054+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4055+            "xmlSecNssSlotGet" ,
4056+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4057+            XMLSEC_ERRORS_NO_MESSAGE ) ;
4058+               xmlSecKeyDataDestroy( data ) ;
4059+        return(-1) ;
4060+    }
4061+
4062+    /* Wrap the raw key value SECItem */
4063+    keyItem.type = siBuffer ;
4064+    keyItem.data = buf ;
4065+    keyItem.len = bufSize ;
4066+
4067+    /* Import the raw key into slot temporalily and get the key handler*/
4068+    symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
4069+    if( symKey == NULL ) {
4070+        xmlSecError( XMLSEC_ERRORS_HERE ,
4071+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4072+            "PK11_ImportSymKey" ,
4073+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4074+            XMLSEC_ERRORS_NO_MESSAGE ) ;
4075+               PK11_FreeSlot( slot ) ;
4076+               xmlSecKeyDataDestroy( data ) ;
4077+        return(-1) ;
4078+    }
4079+
4080+    /* Adopt the symmetric key into key data */
4081+    ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
4082+    if(ret < 0) {
4083+        xmlSecError(XMLSEC_ERRORS_HERE,
4084+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4085+            "xmlSecKeyDataBinaryValueSetBuffer",
4086+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
4087+            XMLSEC_ERRORS_NO_MESSAGE ) ;
4088+        PK11_FreeSymKey( symKey ) ;
4089+               PK11_FreeSlot( slot ) ;
4090+               xmlSecKeyDataDestroy( data ) ;
4091+        return(-1);
4092+    }
4093+    /* symKey has been duplicated into data, it isn't used any more */
4094+    PK11_FreeSymKey( symKey ) ;
4095+       PK11_FreeSlot( slot ) ;
4096+
4097+    /* Check value */
4098+    if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
4099+        xmlSecError(XMLSEC_ERRORS_HERE,
4100+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4101+            "xmlSecKeyReqMatchKeyValue",
4102+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
4103+            XMLSEC_ERRORS_NO_MESSAGE);
4104+               xmlSecKeyDataDestroy( data ) ;
4105+        return(0);
4106+    }
4107
4108-    return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
4109+    ret = xmlSecKeySetValue(key, data);
4110+    if(ret < 0) {
4111+        xmlSecError(XMLSEC_ERRORS_HERE,
4112+            xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4113+            "xmlSecKeySetValue",
4114+            XMLSEC_ERRORS_R_XMLSEC_FAILED,
4115+            XMLSEC_ERRORS_NO_MESSAGE);
4116+               xmlSecKeyDataDestroy( data ) ;
4117+        return(-1);
4118+    }
4119+
4120+    return(0);
4121 }
4122
4123 static int
4124 xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
4125 				    xmlSecByte** buf, xmlSecSize* bufSize,
4126 				    xmlSecKeyInfoCtxPtr keyInfoCtx) {
4127+    PK11SymKey* symKey ;
4128+
4129     xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
4130+    xmlSecAssert2(key != NULL, -1);
4131+    xmlSecAssert2(buf != NULL, -1);
4132+    xmlSecAssert2(bufSize != 0, -1);
4133+    xmlSecAssert2(keyInfoCtx != NULL, -1);
4134+
4135+       /* Get symmetric key from "key" */
4136+    symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
4137+    if( symKey != NULL ) {
4138+        SECItem* keyItem ;
4139+
4140+               /* Extract raw key data from symmetric key */
4141+               if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
4142+               xmlSecError(XMLSEC_ERRORS_HERE,
4143+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4144+               "PK11_ExtractKeyValue",
4145+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
4146+               XMLSEC_ERRORS_NO_MESSAGE);
4147+                       PK11_FreeSymKey( symKey ) ;
4148+               return(-1);
4149+               }
4150+
4151+               /* Get raw key data from "symKey" */
4152+        keyItem = PK11_GetKeyData( symKey ) ;
4153+           if(keyItem == NULL) {
4154+               xmlSecError(XMLSEC_ERRORS_HERE,
4155+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4156+               "PK11_GetKeyData",
4157+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
4158+                       XMLSEC_ERRORS_NO_MESSAGE);
4159+                       PK11_FreeSymKey( symKey ) ;
4160+               return(-1);
4161+       }
4162+
4163+               *bufSize = keyItem->len;
4164+               *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
4165+               if( *buf == NULL ) {
4166+               xmlSecError(XMLSEC_ERRORS_HERE,
4167+               xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4168+               NULL,
4169+               XMLSEC_ERRORS_R_XMLSEC_FAILED,
4170+               XMLSEC_ERRORS_NO_MESSAGE);
4171+                       PK11_FreeSymKey( symKey ) ;
4172+               return(-1);
4173+       }
4174+
4175+       memcpy((*buf), keyItem->data, (*bufSize));
4176+       PK11_FreeSymKey( symKey ) ;
4177+    }
4178
4179-    return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
4180+    return 0 ;
4181 }
4182
4183 static int
4184 xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
4185-    xmlSecBufferPtr buffer;
4186+    PK11SymKey* symkey ;
4187+    PK11SlotInfo* slot ;
4188+    xmlSecNssSymKeyDataCtxPtr ctx;
4189+    int ret;
4190
4191     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
4192     xmlSecAssert2(sizeBits > 0, -1);
4193
4194-    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
4195-    xmlSecAssert2(buffer != NULL, -1);
4196-
4197-    return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
4198+    ctx = xmlSecNssSymKeyDataGetCtx(data);
4199+    xmlSecAssert2(ctx != NULL, -1);
4200+
4201+    if( sizeBits % 8 != 0 ) {
4202+            xmlSecError(XMLSEC_ERRORS_HERE,
4203+         xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4204+         NULL,
4205+         XMLSEC_ERRORS_R_XMLSEC_FAILED,
4206+         "Symmetric key size must be octuple");
4207+     return(-1);
4208+    }
4209+
4210+    /* Get slot */
4211+    slot = xmlSecNssSlotGet(ctx->cipher);
4212+    if( slot == NULL ) {
4213+        xmlSecError( XMLSEC_ERRORS_HERE ,
4214+            xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4215+            "xmlSecNssSlotGet" ,
4216+            XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4217+            XMLSEC_ERRORS_NO_MESSAGE ) ;
4218+        return(-1) ;
4219+    }
4220+
4221+    if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
4222+            xmlSecError( XMLSEC_ERRORS_HERE ,
4223+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4224+                "PK11_Authenticate" ,
4225+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4226+                XMLSEC_ERRORS_NO_MESSAGE ) ;
4227+            PK11_FreeSlot( slot ) ;
4228+            return -1 ;
4229+    }
4230+
4231+    symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
4232+    if( symkey == NULL ) {
4233+            xmlSecError( XMLSEC_ERRORS_HERE ,
4234+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4235+                "PK11_KeyGen" ,
4236+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4237+                XMLSEC_ERRORS_NO_MESSAGE ) ;
4238+            PK11_FreeSlot( slot ) ;
4239+            return -1 ;
4240+    }
4241+
4242+    if( ctx->slot != NULL ) {
4243+            PK11_FreeSlot( ctx->slot ) ;
4244+            ctx->slot = NULL ;
4245+    }
4246+    ctx->slot = slot ;
4247+
4248+    if( ctx->symkey != NULL ) {
4249+            PK11_FreeSymKey( ctx->symkey ) ;
4250+            ctx->symkey = NULL ;
4251+    }
4252+    ctx->symkey = symkey ;
4253+
4254+    return 0;
4255 }
4256
4257 static xmlSecKeyDataType
4258 xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
4259-    xmlSecBufferPtr buffer;
4260+    xmlSecNssSymKeyDataCtxPtr context = NULL ;
4261+    xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
4262
4263     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
4264+    xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
4265
4266-    buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
4267-    xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
4268+    context = xmlSecNssSymKeyDataGetCtx( data ) ;
4269+    if( context == NULL ) {
4270+            xmlSecError( XMLSEC_ERRORS_HERE ,
4271+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4272+                "xmlSecNssSymKeyDataGetCtx" ,
4273+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4274+                XMLSEC_ERRORS_NO_MESSAGE ) ;
4275+            return xmlSecKeyDataTypeUnknown ;
4276+    }
4277
4278-    return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
4279+    if( context->symkey != NULL ) {
4280+            type |= xmlSecKeyDataTypeSymmetric ;
4281+    } else {
4282+            type |= xmlSecKeyDataTypeUnknown ;
4283+    }
4284+
4285+    return type ;
4286 }
4287
4288 static xmlSecSize
4289 xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
4290+    xmlSecNssSymKeyDataCtxPtr context ;
4291+    unsigned int    length = 0 ;
4292+
4293     xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
4294+    xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
4295+    context = xmlSecNssSymKeyDataGetCtx( data ) ;
4296+    if( context == NULL ) {
4297+            xmlSecError( XMLSEC_ERRORS_HERE ,
4298+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4299+                "xmlSecNssSymKeyDataGetCtx" ,
4300+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4301+                XMLSEC_ERRORS_NO_MESSAGE ) ;
4302+            return 0 ;
4303+    }
4304+
4305+    if( context->symkey != NULL ) {
4306+            length = PK11_GetKeyLength( context->symkey ) ;
4307+            length *= 8 ;
4308+    }
4309
4310-    return(xmlSecKeyDataBinaryValueGetSize(data));
4311+    return length ;
4312 }
4313
4314 static void
4315 xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
4316     xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
4317
4318-    xmlSecKeyDataBinaryValueDebugDump(data, output);
4319+    /* print only size, everything else is sensitive */
4320+    fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
4321+        xmlSecKeyDataGetSize(data)) ;
4322 }
4323
4324 static void
4325 xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
4326     xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
4327-
4328-    xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
4329+
4330+    /* print only size, everything else is sensitive */
4331+    fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
4332+        xmlSecKeyDataGetSize(data)) ;
4333 }
4334
4335 static int
4336@@ -201,7 +858,7 @@
4337  *************************************************************************/
4338 static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
4339     sizeof(xmlSecKeyDataKlass),
4340-    xmlSecKeyDataBinarySize,
4341+    xmlSecNssSymKeyDataSize,
4342
4343     /* data */
4344     xmlSecNameAESKeyValue,
4345@@ -282,7 +939,7 @@
4346  *************************************************************************/
4347 static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
4348     sizeof(xmlSecKeyDataKlass),
4349-    xmlSecKeyDataBinarySize,
4350+    xmlSecNssSymKeyDataSize,
4351
4352     /* data */
4353     xmlSecNameDESKeyValue,
4354@@ -364,7 +1021,7 @@
4355  *************************************************************************/
4356 static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
4357     sizeof(xmlSecKeyDataKlass),
4358-    xmlSecKeyDataBinarySize,
4359+    xmlSecNssSymKeyDataSize,
4360
4361     /* data */
4362     xmlSecNameHMACKeyValue,
4363--- misc/xmlsec1-1.2.14/src/nss/tokens.c	2009-09-21 14:07:19.249145861 +0200
4364+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c	2009-09-21 14:02:48.556772442 +0200
4365@@ -1 +1,548 @@
4366-dummy
4367+/**
4368+ * XMLSec library
4369+ *
4370+ * This is free software; see Copyright file in the source
4371+ * distribution for preciese wording.
4372+ *
4373+ * Copyright..................................
4374+ *
4375+ * Contributor(s): _____________________________
4376+ *
4377+ */
4378+
4379+/**
4380+ * In order to ensure that particular crypto operation is performed on
4381+ * particular crypto device, a subclass of xmlSecList is used to store slot and
4382+ * mechanism information.
4383+ *
4384+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
4385+ * this mechanism only can perform on the slot; otherwise, it can perform on
4386+ * every eligibl slot in the list.
4387+ *
4388+ * When try to find a slot for a particular mechanism, the slot bound with
4389+ * available mechanism will be looked up firstly.
4390+ */
4391+#include "globals.h"
4392+#include <string.h>
4393+
4394+#include <xmlsec/xmlsec.h>
4395+#include <xmlsec/errors.h>
4396+#include <xmlsec/list.h>
4397+
4398+#include <xmlsec/nss/tokens.h>
4399+
4400+int
4401+xmlSecNssKeySlotSetMechList(
4402+	xmlSecNssKeySlotPtr keySlot ,
4403+	CK_MECHANISM_TYPE_PTR mechanismList
4404+) {
4405+	int counter ;
4406+
4407+	xmlSecAssert2( keySlot != NULL , -1 ) ;
4408+
4409+	if( keySlot->mechanismList != CK_NULL_PTR ) {
4410+		xmlFree( keySlot->mechanismList ) ;
4411+
4412+		for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
4413+		keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
4414+		if( keySlot->mechanismList == NULL ) {
4415+			xmlSecError( XMLSEC_ERRORS_HERE ,
4416+				NULL ,
4417+				NULL ,
4418+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4419+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4420+			return( -1 );
4421+		}
4422+		for( ; counter >= 0 ; counter -- )
4423+			*( keySlot->mechanismList + counter ) = *(  mechanismList + counter ) ;
4424+	}
4425+
4426+	return( 0 );
4427+}
4428+
4429+int
4430+xmlSecNssKeySlotEnableMech(
4431+	xmlSecNssKeySlotPtr keySlot ,
4432+	CK_MECHANISM_TYPE mechanism
4433+) {
4434+	int counter ;
4435+	CK_MECHANISM_TYPE_PTR newList ;
4436+
4437+	xmlSecAssert2( keySlot != NULL , -1 ) ;
4438+
4439+	if( mechanism != CKM_INVALID_MECHANISM ) {
4440+		for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
4441+		newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
4442+		if( newList == NULL ) {
4443+			xmlSecError( XMLSEC_ERRORS_HERE ,
4444+				NULL ,
4445+				NULL ,
4446+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4447+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4448+			return( -1 );
4449+		}
4450+		*( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
4451+		*( newList + counter ) = mechanism ;
4452+		for( counter -= 1 ; counter >= 0 ; counter -- )
4453+			*( newList + counter ) = *(  keySlot->mechanismList + counter ) ;
4454+
4455+		xmlFree( keySlot->mechanismList ) ;
4456+		keySlot->mechanismList = newList ;
4457+	}
4458+
4459+	return(0);
4460+}
4461+
4462+int
4463+xmlSecNssKeySlotDisableMech(
4464+	xmlSecNssKeySlotPtr keySlot ,
4465+	CK_MECHANISM_TYPE mechanism
4466+) {
4467+	int counter ;
4468+
4469+	xmlSecAssert2( keySlot != NULL , -1 ) ;
4470+
4471+	for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
4472+		if( *( keySlot->mechanismList + counter ) == mechanism ) {
4473+			for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
4474+				*( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
4475+			}
4476+
4477+			break ;
4478+		}
4479+	}
4480+
4481+	return(0);
4482+}
4483+
4484+CK_MECHANISM_TYPE_PTR
4485+xmlSecNssKeySlotGetMechList(
4486+    xmlSecNssKeySlotPtr keySlot
4487+) {
4488+	if( keySlot != NULL )
4489+		return keySlot->mechanismList ;
4490+	else
4491+		return NULL ;
4492+}
4493+
4494+int
4495+xmlSecNssKeySlotSetSlot(
4496+    xmlSecNssKeySlotPtr keySlot ,
4497+	PK11SlotInfo* slot
4498+) {
4499+	xmlSecAssert2( keySlot != NULL , -1 ) ;
4500+
4501+	if( slot != NULL && keySlot->slot != slot ) {
4502+		if( keySlot->slot != NULL )
4503+			PK11_FreeSlot( keySlot->slot ) ;
4504+
4505+		if( keySlot->mechanismList != NULL ) {
4506+			xmlFree( keySlot->mechanismList ) ;
4507+			keySlot->mechanismList = NULL ;
4508+		}
4509+
4510+		keySlot->slot = PK11_ReferenceSlot( slot ) ;
4511+	}
4512+
4513+	return(0);
4514+}
4515+
4516+int
4517+xmlSecNssKeySlotInitialize(
4518+    xmlSecNssKeySlotPtr keySlot ,
4519+	PK11SlotInfo* slot
4520+) {
4521+	xmlSecAssert2( keySlot != NULL , -1 ) ;
4522+	xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
4523+	xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
4524+
4525+	if( slot != NULL ) {
4526+		keySlot->slot = PK11_ReferenceSlot( slot ) ;
4527+	}
4528+
4529+	return(0);
4530+}
4531+
4532+void
4533+xmlSecNssKeySlotFinalize(
4534+    xmlSecNssKeySlotPtr keySlot
4535+) {
4536+	xmlSecAssert( keySlot != NULL ) ;
4537+
4538+	if( keySlot->mechanismList != NULL ) {
4539+		xmlFree( keySlot->mechanismList ) ;
4540+		keySlot->mechanismList = NULL ;
4541+	}
4542+
4543+	if( keySlot->slot != NULL ) {
4544+		PK11_FreeSlot( keySlot->slot ) ;
4545+		keySlot->slot = NULL ;
4546+	}
4547+
4548+}
4549+
4550+PK11SlotInfo*
4551+xmlSecNssKeySlotGetSlot(
4552+	xmlSecNssKeySlotPtr keySlot
4553+) {
4554+	if( keySlot != NULL )
4555+		return keySlot->slot ;
4556+	else
4557+		return NULL ;
4558+}
4559+
4560+xmlSecNssKeySlotPtr
4561+xmlSecNssKeySlotCreate() {
4562+	xmlSecNssKeySlotPtr keySlot ;
4563+
4564+	/* Allocates a new xmlSecNssKeySlot and fill the fields */
4565+	keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
4566+	if( keySlot == NULL ) {
4567+		xmlSecError( XMLSEC_ERRORS_HERE ,
4568+			NULL ,
4569+			NULL ,
4570+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4571+			XMLSEC_ERRORS_NO_MESSAGE ) ;
4572+		return( NULL );
4573+	}
4574+	memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
4575+
4576+	return( keySlot ) ;
4577+}
4578+
4579+int
4580+xmlSecNssKeySlotCopy(
4581+	xmlSecNssKeySlotPtr newKeySlot ,
4582+	xmlSecNssKeySlotPtr keySlot
4583+) {
4584+	CK_MECHANISM_TYPE_PTR mech ;
4585+	int counter ;
4586+
4587+	xmlSecAssert2( newKeySlot != NULL , -1 ) ;
4588+	xmlSecAssert2( keySlot != NULL , -1 ) ;
4589+
4590+	if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
4591+		if( newKeySlot->slot != NULL )
4592+			PK11_FreeSlot( newKeySlot->slot ) ;
4593+
4594+		newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
4595+	}
4596+
4597+	if( keySlot->mechanismList != CK_NULL_PTR ) {
4598+		xmlFree( newKeySlot->mechanismList ) ;
4599+
4600+		for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
4601+		newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
4602+		if( newKeySlot->mechanismList == NULL ) {
4603+			xmlSecError( XMLSEC_ERRORS_HERE ,
4604+				NULL ,
4605+				NULL ,
4606+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4607+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4608+			return( -1 );
4609+		}
4610+		for( ; counter >= 0 ; counter -- )
4611+			*( newKeySlot->mechanismList + counter ) = *(  keySlot->mechanismList + counter ) ;
4612+	}
4613+
4614+	return( 0 );
4615+}
4616+
4617+xmlSecNssKeySlotPtr
4618+xmlSecNssKeySlotDuplicate(
4619+	xmlSecNssKeySlotPtr keySlot
4620+) {
4621+	xmlSecNssKeySlotPtr newKeySlot ;
4622+	int ret ;
4623+
4624+	xmlSecAssert2( keySlot != NULL , NULL ) ;
4625+
4626+	newKeySlot = xmlSecNssKeySlotCreate() ;
4627+	if( newKeySlot == NULL ) {
4628+		xmlSecError( XMLSEC_ERRORS_HERE ,
4629+			NULL ,
4630+			NULL ,
4631+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4632+			XMLSEC_ERRORS_NO_MESSAGE ) ;
4633+		return( NULL );
4634+	}
4635+
4636+	if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
4637+		xmlSecError( XMLSEC_ERRORS_HERE ,
4638+			NULL ,
4639+			NULL ,
4640+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4641+			XMLSEC_ERRORS_NO_MESSAGE ) ;
4642+		return( NULL );
4643+	}
4644+
4645+	return( newKeySlot );
4646+}
4647+
4648+void
4649+xmlSecNssKeySlotDestroy(
4650+	    xmlSecNssKeySlotPtr keySlot
4651+) {
4652+	xmlSecAssert( keySlot != NULL ) ;
4653+
4654+	if( keySlot->mechanismList != NULL )
4655+		xmlFree( keySlot->mechanismList ) ;
4656+
4657+	if( keySlot->slot != NULL )
4658+		PK11_FreeSlot( keySlot->slot ) ;
4659+
4660+	xmlFree( keySlot ) ;
4661+}
4662+
4663+int
4664+xmlSecNssKeySlotBindMech(
4665+	xmlSecNssKeySlotPtr keySlot ,
4666+	CK_MECHANISM_TYPE type
4667+) {
4668+	int counter ;
4669+
4670+	xmlSecAssert2( keySlot != NULL , 0 ) ;
4671+	xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
4672+	xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
4673+
4674+	for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
4675+		if( *( keySlot->mechanismList + counter ) == type )
4676+			return(1) ;
4677+	}
4678+
4679+	return( 0 ) ;
4680+}
4681+
4682+int
4683+xmlSecNssKeySlotSupportMech(
4684+	xmlSecNssKeySlotPtr keySlot ,
4685+	CK_MECHANISM_TYPE type
4686+) {
4687+	xmlSecAssert2( keySlot != NULL , 0 ) ;
4688+	xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
4689+	xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
4690+
4691+	if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
4692+		return(1);
4693+	} else
4694+		return(0);
4695+}
4696+
4697+void
4698+xmlSecNssKeySlotDebugDump(
4699+	xmlSecNssKeySlotPtr keySlot ,
4700+	FILE* output
4701+) {
4702+	xmlSecAssert( keySlot != NULL ) ;
4703+	xmlSecAssert( output != NULL ) ;
4704+
4705+	fprintf( output, "== KEY SLOT\n" );
4706+}
4707+
4708+void
4709+xmlSecNssKeySlotDebugXmlDump(
4710+	xmlSecNssKeySlotPtr keySlot ,
4711+	FILE* output
4712+) {
4713+}
4714+
4715+/**
4716+ * Key Slot List
4717+ */
4718+#ifdef __MINGW32__ // for runtime-pseudo-reloc
4719+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
4720+#else
4721+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
4722+#endif
4723+    BAD_CAST "mechanism-list",
4724+    (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
4725+    (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
4726+    (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
4727+    (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
4728+};
4729+
4730+xmlSecPtrListId
4731+xmlSecNssKeySlotListGetKlass(void) {
4732+    return(&xmlSecNssKeySlotPtrListKlass);
4733+}
4734+
4735+
4736+/*-
4737+ * Global PKCS#11 crypto token repository -- Key slot list
4738+ */
4739+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
4740+
4741+PK11SlotInfo*
4742+xmlSecNssSlotGet(
4743+	CK_MECHANISM_TYPE type
4744+) {
4745+	PK11SlotInfo*			slot = NULL ;
4746+	xmlSecNssKeySlotPtr		keySlot ;
4747+	xmlSecSize				ksSize ;
4748+	xmlSecSize				ksPos ;
4749+	char					flag ;
4750+
4751+	if( _xmlSecNssKeySlotList == NULL ) {
4752+		slot = PK11_GetBestSlot( type , NULL ) ;
4753+	} else {
4754+		ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
4755+
4756+		/*-
4757+		 * Firstly, checking whether the mechanism is bound with a special slot.
4758+		 * If no bound slot, we try to find the first eligible slot in the list.
4759+		 */
4760+		for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
4761+			keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
4762+			if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
4763+				slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
4764+				flag = 2 ;
4765+			} else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
4766+				slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
4767+				flag = 1 ;
4768+			}
4769+
4770+			if( flag == 2 )
4771+				break ;
4772+		}
4773+		if( slot != NULL )
4774+			slot = PK11_ReferenceSlot( slot ) ;
4775+	}
4776+
4777+	if( slot != NULL && PK11_NeedLogin( slot ) ) {
4778+		if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
4779+			xmlSecError( XMLSEC_ERRORS_HERE ,
4780+				NULL ,
4781+				NULL ,
4782+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4783+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4784+			PK11_FreeSlot( slot ) ;
4785+			return( NULL );
4786+		}
4787+	}
4788+
4789+	return slot ;
4790+}
4791+
4792+int
4793+xmlSecNssSlotInitialize(
4794+	void
4795+) {
4796+	if( _xmlSecNssKeySlotList != NULL ) {
4797+		xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
4798+		_xmlSecNssKeySlotList = NULL ;
4799+	}
4800+
4801+	_xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
4802+	if( _xmlSecNssKeySlotList == NULL ) {
4803+		xmlSecError( XMLSEC_ERRORS_HERE ,
4804+			NULL ,
4805+			NULL ,
4806+			XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4807+			XMLSEC_ERRORS_NO_MESSAGE ) ;
4808+		return( -1 );
4809+	}
4810+
4811+	return(0);
4812+}
4813+
4814+void
4815+xmlSecNssSlotShutdown(
4816+	void
4817+) {
4818+	if( _xmlSecNssKeySlotList != NULL ) {
4819+		xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
4820+		_xmlSecNssKeySlotList = NULL ;
4821+	}
4822+}
4823+
4824+int
4825+xmlSecNssSlotAdopt(
4826+	PK11SlotInfo* slot,
4827+	CK_MECHANISM_TYPE type
4828+) {
4829+	xmlSecNssKeySlotPtr		keySlot ;
4830+	xmlSecSize				ksSize ;
4831+	xmlSecSize				ksPos ;
4832+	char					flag ;
4833+
4834+	xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
4835+	xmlSecAssert2( slot != NULL, -1 ) ;
4836+
4837+	ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
4838+
4839+	/*-
4840+	 * Firstly, checking whether the slot is in the repository already.
4841+	 */
4842+	flag = 0 ;
4843+	for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
4844+		keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
4845+		/* If find the slot in the list */
4846+		if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
4847+			/* If mechnism type is valid, bind the slot with the mechanism */
4848+			if( type != CKM_INVALID_MECHANISM ) {
4849+				if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
4850+					xmlSecError( XMLSEC_ERRORS_HERE ,
4851+						NULL ,
4852+						NULL ,
4853+						XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4854+						XMLSEC_ERRORS_NO_MESSAGE ) ;
4855+					return(-1);
4856+				}
4857+			}
4858+
4859+			flag = 1 ;
4860+		}
4861+	}
4862+
4863+	/* If the slot do not in the list, add a new item to the list */
4864+	if( flag == 0 ) {
4865+		/* Create a new KeySlot */
4866+		keySlot = xmlSecNssKeySlotCreate() ;
4867+		if( keySlot == NULL ) {
4868+			xmlSecError( XMLSEC_ERRORS_HERE ,
4869+				NULL ,
4870+				NULL ,
4871+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4872+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4873+			return(-1);
4874+		}
4875+
4876+		/* Initialize the keySlot with a slot */
4877+		if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
4878+			xmlSecError( XMLSEC_ERRORS_HERE ,
4879+				NULL ,
4880+				NULL ,
4881+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4882+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4883+			xmlSecNssKeySlotDestroy( keySlot ) ;
4884+			return(-1);
4885+		}
4886+
4887+		/* If mechnism type is valid, bind the slot with the mechanism */
4888+		if( type != CKM_INVALID_MECHANISM ) {
4889+			if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
4890+				xmlSecError( XMLSEC_ERRORS_HERE ,
4891+					NULL ,
4892+					NULL ,
4893+					XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4894+					XMLSEC_ERRORS_NO_MESSAGE ) ;
4895+				xmlSecNssKeySlotDestroy( keySlot ) ;
4896+				return(-1);
4897+			}
4898+		}
4899+
4900+		/* Add keySlot into the list */
4901+		if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
4902+			xmlSecError( XMLSEC_ERRORS_HERE ,
4903+				NULL ,
4904+				NULL ,
4905+				XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4906+				XMLSEC_ERRORS_NO_MESSAGE ) ;
4907+			xmlSecNssKeySlotDestroy( keySlot ) ;
4908+			return(-1);
4909+		}
4910+	}
4911+
4912+	return(0);
4913+}
4914+
4915--- misc/xmlsec1-1.2.14/src/nss/x509.c	2009-06-25 22:53:18.000000000 +0200
4916+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c	2009-09-21 14:02:48.642312431 +0200
4917@@ -34,7 +34,6 @@
4918 #include <xmlsec/keys.h>
4919 #include <xmlsec/keyinfo.h>
4920 #include <xmlsec/keysmngr.h>
4921-#include <xmlsec/x509.h>
4922 #include <xmlsec/base64.h>
4923 #include <xmlsec/errors.h>
4924
4925@@ -61,33 +60,18 @@
4926 static int		xmlSecNssX509CertificateNodeRead	(xmlSecKeyDataPtr data,
4927 								 xmlNodePtr node,
4928 								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4929-static int		xmlSecNssX509CertificateNodeWrite	(CERTCertificate* cert,
4930-								 xmlNodePtr node,
4931-								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4932 static int		xmlSecNssX509SubjectNameNodeRead	(xmlSecKeyDataPtr data,
4933 								 xmlNodePtr node,
4934 								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4935-static int		xmlSecNssX509SubjectNameNodeWrite	(CERTCertificate* cert,
4936-								 xmlNodePtr node,
4937-								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4938 static int		xmlSecNssX509IssuerSerialNodeRead	(xmlSecKeyDataPtr data,
4939 								 xmlNodePtr node,
4940 								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4941-static int		xmlSecNssX509IssuerSerialNodeWrite	(CERTCertificate* cert,
4942-								 xmlNodePtr node,
4943-								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4944 static int		xmlSecNssX509SKINodeRead		(xmlSecKeyDataPtr data,
4945 								 xmlNodePtr node,
4946 								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4947-static int		xmlSecNssX509SKINodeWrite		(CERTCertificate* cert,
4948-								 xmlNodePtr node,
4949-								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4950 static int		xmlSecNssX509CRLNodeRead		(xmlSecKeyDataPtr data,
4951 								 xmlNodePtr node,
4952 								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4953-static int		xmlSecNssX509CRLNodeWrite		(CERTSignedCrl* crl,
4954-								 xmlNodePtr node,
4955-								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4956 static int		xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
4957 								xmlSecKeyPtr key,
4958 								xmlSecKeyInfoCtxPtr keyInfoCtx);
4959@@ -104,9 +88,6 @@
4960 								 xmlSecKeyInfoCtxPtr keyInfoCtx);
4961 static xmlChar*		xmlSecNssX509CrlBase64DerWrite		(CERTSignedCrl* crl,
4962 								 int base64LineWrap);
4963-static xmlChar*		xmlSecNssX509NameWrite			(CERTName* nm);
4964-static xmlChar*		xmlSecNssASN1IntegerWrite		(SECItem *num);
4965-static xmlChar*		xmlSecNssX509SKIWrite			(CERTCertificate* cert);
4966 static void		xmlSecNssX509CertDebugDump		(CERTCertificate* cert,
4967 								 FILE* output);
4968 static void		xmlSecNssX509CertDebugXmlDump		(CERTCertificate* cert,
4969@@ -752,31 +733,22 @@
4970 xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
4971 				xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
4972     xmlSecKeyDataPtr data;
4973+    xmlNodePtr cur;
4974+    xmlChar* buf;
4975     CERTCertificate* cert;
4976     CERTSignedCrl* crl;
4977     xmlSecSize size, pos;
4978-    int content = 0;
4979-    int ret;
4980
4981     xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
4982     xmlSecAssert2(key != NULL, -1);
4983     xmlSecAssert2(node != NULL, -1);
4984     xmlSecAssert2(keyInfoCtx != NULL, -1);
4985
4986-    content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
4987-    if (content < 0) {
4988-	xmlSecError(XMLSEC_ERRORS_HERE,
4989-		    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4990-		    "xmlSecX509DataGetNodeContent",
4991-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
4992-		    "content=%d", content);
4993-	return(-1);
4994-    } else if(content == 0) {
4995-	/* by default we are writing certificates and crls */
4996-	content = XMLSEC_X509DATA_DEFAULT;
4997+    /* todo: flag in ctx remove all existing content */
4998+    if(0) {
4999+        xmlNodeSetContent(node, NULL);
5000     }
5001
5002-    /* get x509 data */
5003     data = xmlSecKeyGetData(key, id);
5004     if(data == NULL) {
5005 	/* no x509 data in the key */
5006@@ -796,79 +768,74 @@
5007 	    return(-1);
5008 	}
5009
5010-	if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
5011-	    ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
5012-	    if(ret < 0) {
5013+	/* set base64 lines size from context */
5014+	buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
5015+	if(buf == NULL) {
5016 		xmlSecError(XMLSEC_ERRORS_HERE,
5017 			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5018-			    "xmlSecNssX509CertificateNodeWrite",
5019+			    "xmlSecNssX509CertBase64DerWrite",
5020 			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5021-			    "pos=%d", pos);
5022+			    XMLSEC_ERRORS_NO_MESSAGE);
5023 		return(-1);
5024-	    }
5025 	}
5026
5027-	if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
5028-	    ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
5029-	    if(ret < 0) {
5030+	cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
5031+	if(cur == NULL) {
5032 		xmlSecError(XMLSEC_ERRORS_HERE,
5033 			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5034-			    "xmlSecNssX509SubjectNameNodeWrite",
5035+			    "xmlSecAddChild",
5036 			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5037-			    "pos=%d", pos);
5038+			    "node=%s",
5039+			    xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
5040+		xmlFree(buf);
5041 		return(-1);
5042-	    }
5043 	}
5044+	/* todo: add \n around base64 data - from context */
5045+	/* todo: add errors check */
5046+	xmlNodeSetContent(cur, xmlSecStringCR);
5047+	xmlNodeSetContent(cur, buf);
5048+	xmlFree(buf);
5049+    }
5050
5051-	if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
5052-	    ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
5053-	    if(ret < 0) {
5054-		xmlSecError(XMLSEC_ERRORS_HERE,
5055-			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5056-			    "xmlSecNssX509IssuerSerialNodeWrite",
5057-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5058-			    "pos=%d", pos);
5059-		return(-1);
5060-	    }
5061+    /* write crls */
5062+    size = xmlSecNssKeyDataX509GetCrlsSize(data);
5063+    for(pos = 0; pos < size; ++pos) {
5064+	crl = xmlSecNssKeyDataX509GetCrl(data, pos);
5065+	if(crl == NULL) {
5066+	    xmlSecError(XMLSEC_ERRORS_HERE,
5067+		xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5068+		"xmlSecNssKeyDataX509GetCrl",
5069+		XMLSEC_ERRORS_R_XMLSEC_FAILED,
5070+		"pos=%d", pos);
5071+	    return(-1);
5072 	}
5073
5074-	if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
5075-	    ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
5076-	    if(ret < 0) {
5077-		xmlSecError(XMLSEC_ERRORS_HERE,
5078-			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5079-			    "xmlSecNssX509SKINodeWrite",
5080-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5081-			    "pos=%d", pos);
5082-		return(-1);
5083-	    }
5084+        /* set base64 lines size from context */
5085+        buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
5086+        if(buf == NULL) {
5087+	    xmlSecError(XMLSEC_ERRORS_HERE,
5088+		xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5089+		"xmlSecNssX509CrlBase64DerWrite",
5090+		XMLSEC_ERRORS_R_XMLSEC_FAILED,
5091+		XMLSEC_ERRORS_NO_MESSAGE);
5092+	    return(-1);
5093 	}
5094-    }
5095
5096-    /* write crls if needed */
5097-    if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
5098-	size = xmlSecNssKeyDataX509GetCrlsSize(data);
5099-	for(pos = 0; pos < size; ++pos) {
5100-	    crl = xmlSecNssKeyDataX509GetCrl(data, pos);
5101-	    if(crl == NULL) {
5102-		xmlSecError(XMLSEC_ERRORS_HERE,
5103-			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5104-			    "xmlSecNssKeyDataX509GetCrl",
5105-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5106-			    "pos=%d", pos);
5107-		return(-1);
5108-	    }
5109-
5110-	    ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
5111-	    if(ret < 0) {
5112-		xmlSecError(XMLSEC_ERRORS_HERE,
5113-			    xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5114-			    "xmlSecNssX509CRLNodeWrite",
5115-			    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5116-			    "pos=%d", pos);
5117-		return(-1);
5118-	    }
5119-	}
5120+        cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
5121+        if(cur == NULL) {
5122+            xmlSecError(XMLSEC_ERRORS_HERE,
5123+                        xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5124+                        "xmlSecAddChild",
5125+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
5126+                        "new_node=%s",
5127+                        xmlSecErrorsSafeString(xmlSecNodeX509CRL));
5128+            xmlFree(buf);
5129+            return(-1);
5130+        }
5131+        /* todo: add \n around base64 data - from context */
5132+        /* todo: add errors check */
5133+        xmlNodeSetContent(cur, xmlSecStringCR);
5134+        xmlNodeSetContent(cur, buf);
5135     }
5136
5137     return(0);
5138@@ -1057,46 +1024,6 @@
5139     return(0);
5140 }
5141
5142-static int
5143-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5144-    xmlChar* buf;
5145-    xmlNodePtr cur;
5146-
5147-    xmlSecAssert2(cert != NULL, -1);
5148-    xmlSecAssert2(node != NULL, -1);
5149-    xmlSecAssert2(keyInfoCtx != NULL, -1);
5150-
5151-    /* set base64 lines size from context */
5152-    buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
5153-    if(buf == NULL) {
5154-	xmlSecError(XMLSEC_ERRORS_HERE,
5155-		    NULL,
5156-		    "xmlSecNssX509CertBase64DerWrite",
5157-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5158-		    XMLSEC_ERRORS_NO_MESSAGE);
5159-	return(-1);
5160-    }
5161-
5162-    cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
5163-    if(cur == NULL) {
5164-	xmlSecError(XMLSEC_ERRORS_HERE,
5165-		    NULL,
5166-		    "xmlSecAddChild",
5167-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5168-		    "node=%s",
5169-		    xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
5170-	xmlFree(buf);
5171-	return(-1);
5172-    }
5173-
5174-    /* todo: add \n around base64 data - from context */
5175-    /* todo: add errors check */
5176-    xmlNodeSetContent(cur, xmlSecStringCR);
5177-    xmlNodeSetContent(cur, buf);
5178-    xmlFree(buf);
5179-    return(0);
5180-}
5181-
5182 static int
5183 xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5184     xmlSecKeyDataStorePtr x509Store;
5185@@ -1120,19 +1047,13 @@
5186     }
5187
5188     subject = xmlNodeGetContent(node);
5189-    if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
5190-	if(subject != NULL) {
5191-	    xmlFree(subject);
5192-	}
5193-	if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5194+    if(subject == NULL) {
5195 	    xmlSecError(XMLSEC_ERRORS_HERE,
5196 		        xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5197 			xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
5198 			XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
5199 			XMLSEC_ERRORS_NO_MESSAGE);
5200 	    return(-1);
5201-	}
5202-	return(0);
5203     }
5204
5205     cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
5206@@ -1169,40 +1090,6 @@
5207     return(0);
5208 }
5209
5210-static int
5211-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
5212-    xmlChar* buf = NULL;
5213-    xmlNodePtr cur = NULL;
5214-
5215-    xmlSecAssert2(cert != NULL, -1);
5216-    xmlSecAssert2(node != NULL, -1);
5217-
5218-    buf = xmlSecNssX509NameWrite(&(cert->subject));
5219-    if(buf == NULL) {
5220-	xmlSecError(XMLSEC_ERRORS_HERE,
5221-	    NULL,
5222-	    "xmlSecNssX509NameWrite(&(cert->subject))",
5223-	    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5224-	    XMLSEC_ERRORS_NO_MESSAGE);
5225-	return(-1);
5226-    }
5227-
5228-    cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
5229-    if(cur == NULL) {
5230-	xmlSecError(XMLSEC_ERRORS_HERE,
5231-	    NULL,
5232-	    "xmlSecAddChild",
5233-	    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5234-	    "node=%s",
5235-	    xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
5236-	xmlFree(buf);
5237-	return(-1);
5238-    }
5239-    xmlSecNodeEncodeAndSetContent(cur, buf);
5240-    xmlFree(buf);
5241-    return(0);
5242-}
5243-
5244 static int
5245 xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5246     xmlSecKeyDataStorePtr x509Store;
5247@@ -1228,21 +1115,9 @@
5248     }
5249
5250     cur = xmlSecGetNextElementNode(node->children);
5251-    if(cur == NULL) {
5252-	if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5253-	    xmlSecError(XMLSEC_ERRORS_HERE,
5254-			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5255-			xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
5256-			XMLSEC_ERRORS_R_NODE_NOT_FOUND,
5257-			"node=%s",
5258-			xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
5259-	    return(-1);
5260-	}
5261-	return(0);
5262-    }
5263
5264     /* the first is required node X509IssuerName */
5265-    if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
5266+    if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
5267 	xmlSecError(XMLSEC_ERRORS_HERE,
5268 		    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5269 		    xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
5270@@ -1336,78 +1211,6 @@
5271     return(0);
5272 }
5273
5274-static int
5275-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
5276-    xmlNodePtr cur;
5277-    xmlNodePtr issuerNameNode;
5278-    xmlNodePtr issuerNumberNode;
5279-    xmlChar* buf;
5280-
5281-    xmlSecAssert2(cert != NULL, -1);
5282-    xmlSecAssert2(node != NULL, -1);
5283-
5284-    /* create xml nodes */
5285-    cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
5286-    if(cur == NULL) {
5287-	xmlSecError(XMLSEC_ERRORS_HERE,
5288-		    NULL,
5289-		    "xmlSecAddChild",
5290-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5291-		    "node=%s",
5292-		    xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
5293-	return(-1);
5294-    }
5295-
5296-    issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
5297-    if(issuerNameNode == NULL) {
5298-	xmlSecError(XMLSEC_ERRORS_HERE,
5299-		    NULL,
5300-		    "xmlSecAddChild",
5301-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5302-		    "node=%s",
5303-		    xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
5304-	return(-1);
5305-    }
5306-
5307-    issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
5308-    if(issuerNumberNode == NULL) {
5309-	xmlSecError(XMLSEC_ERRORS_HERE,
5310-		    NULL,
5311-		    "xmlSecAddChild",
5312-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5313-		    "node=%s",
5314-		    xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
5315-	return(-1);
5316-    }
5317-
5318-    /* write data */
5319-    buf = xmlSecNssX509NameWrite(&(cert->issuer));
5320-    if(buf == NULL) {
5321-	xmlSecError(XMLSEC_ERRORS_HERE,
5322-		    NULL,
5323-		    "xmlSecNssX509NameWrite(&(cert->issuer))",
5324-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5325-		    XMLSEC_ERRORS_NO_MESSAGE);
5326-	return(-1);
5327-    }
5328-    xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
5329-    xmlFree(buf);
5330-
5331-    buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
5332-    if(buf == NULL) {
5333-	xmlSecError(XMLSEC_ERRORS_HERE,
5334-		    NULL,
5335-		    "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
5336-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5337-		    XMLSEC_ERRORS_NO_MESSAGE);
5338-	return(-1);
5339-    }
5340-    xmlNodeSetContent(issuerNumberNode, buf);
5341-    xmlFree(buf);
5342-
5343-    return(0);
5344-}
5345-
5346 static int
5347 xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5348     xmlSecKeyDataStorePtr x509Store;
5349@@ -1431,11 +1234,7 @@
5350     }
5351
5352     ski = xmlNodeGetContent(node);
5353-    if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
5354-	if(ski != NULL) {
5355-	    xmlFree(ski);
5356-	}
5357-	if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5358+    if(ski == NULL) {
5359 	    xmlSecError(XMLSEC_ERRORS_HERE,
5360 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5361 			xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
5362@@ -1443,8 +1242,6 @@
5363 			"node=%s",
5364 			xmlSecErrorsSafeString(xmlSecNodeX509SKI));
5365 	    return(-1);
5366-	}
5367-	return(0);
5368     }
5369
5370     cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
5371@@ -1479,41 +1276,6 @@
5372     return(0);
5373 }
5374
5375-static int
5376-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
5377-    xmlChar *buf = NULL;
5378-    xmlNodePtr cur = NULL;
5379-
5380-    xmlSecAssert2(cert != NULL, -1);
5381-    xmlSecAssert2(node != NULL, -1);
5382-
5383-    buf = xmlSecNssX509SKIWrite(cert);
5384-    if(buf == NULL) {
5385-	xmlSecError(XMLSEC_ERRORS_HERE,
5386-		    NULL,
5387-		    "xmlSecNssX509SKIWrite",
5388-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5389-		    XMLSEC_ERRORS_NO_MESSAGE);
5390-	return(-1);
5391-    }
5392-
5393-    cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
5394-    if(cur == NULL) {
5395-	xmlSecError(XMLSEC_ERRORS_HERE,
5396-		    NULL,
5397-		    "xmlSecAddChild",
5398-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5399-		    "new_node=%s",
5400-		    xmlSecErrorsSafeString(xmlSecNodeX509SKI));
5401-	xmlFree(buf);
5402-	return(-1);
5403-    }
5404-    xmlSecNodeEncodeAndSetContent(cur, buf);
5405-    xmlFree(buf);
5406-
5407-    return(0);
5408-}
5409-
5410 static int
5411 xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5412     xmlChar *content;
5413@@ -1524,19 +1286,13 @@
5414     xmlSecAssert2(keyInfoCtx != NULL, -1);
5415
5416     content = xmlNodeGetContent(node);
5417-   if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
5418-	if(content != NULL) {
5419-	    xmlFree(content);
5420-	}
5421-	if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5422+    if(content == NULL){
5423 	    xmlSecError(XMLSEC_ERRORS_HERE,
5424 			xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5425 			xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
5426 			XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
5427 			XMLSEC_ERRORS_NO_MESSAGE);
5428 	    return(-1);
5429-	}
5430-	return(0);
5431     }
5432
5433     crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
5434@@ -1556,47 +1312,6 @@
5435 }
5436
5437 static int
5438-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5439-    xmlChar* buf = NULL;
5440-    xmlNodePtr cur = NULL;
5441-
5442-    xmlSecAssert2(crl != NULL, -1);
5443-    xmlSecAssert2(node != NULL, -1);
5444-    xmlSecAssert2(keyInfoCtx != NULL, -1);
5445-
5446-    /* set base64 lines size from context */
5447-    buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
5448-    if(buf == NULL) {
5449-	xmlSecError(XMLSEC_ERRORS_HERE,
5450-		    NULL,
5451-		    "xmlSecNssX509CrlBase64DerWrite",
5452-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5453-		    XMLSEC_ERRORS_NO_MESSAGE);
5454-	return(-1);
5455-    }
5456-
5457-    cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
5458-    if(cur == NULL) {
5459-	xmlSecError(XMLSEC_ERRORS_HERE,
5460-		    NULL,
5461-		    "xmlSecAddChild",
5462-		    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5463-		    "new_node=%s",
5464-		    xmlSecErrorsSafeString(xmlSecNodeX509CRL));
5465-	xmlFree(buf);
5466-	return(-1);
5467-    }
5468-    /* todo: add \n around base64 data - from context */
5469-    /* todo: add errors check */
5470-    xmlNodeSetContent(cur, xmlSecStringCR);
5471-    xmlNodeSetContent(cur, buf);
5472-    xmlFree(buf);
5473-
5474-    return(0);
5475-}
5476-
5477-
5478-static int
5479 xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
5480 				    xmlSecKeyInfoCtxPtr keyInfoCtx) {
5481     xmlSecNssX509DataCtxPtr ctx;
5482@@ -1604,6 +1319,10 @@
5483     int ret;
5484     SECStatus status;
5485     PRTime notBefore, notAfter;
5486+
5487+    PK11SlotInfo* slot ;
5488+    SECKEYPublicKey *pubKey = NULL;
5489+    SECKEYPrivateKey *priKey = NULL;
5490
5491     xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
5492     xmlSecAssert2(key != NULL, -1);
5493@@ -1636,10 +1355,14 @@
5494 			    xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5495 			    "CERT_DupCertificate",
5496 			    XMLSEC_ERRORS_R_CRYPTO_FAILED,
5497-			    XMLSEC_ERRORS_NO_MESSAGE);
5498+			    "error code=%d", PORT_GetError());
5499 		return(-1);
5500 	    }
5501-
5502+
5503+          /*-
5504+	   * Get Public key from cert, which does not always work for sign
5505+	   * action.
5506+           *
5507 	    keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
5508 	    if(keyValue == NULL) {
5509 		xmlSecError(XMLSEC_ERRORS_HERE,
5510@@ -1649,6 +1372,54 @@
5511 			    XMLSEC_ERRORS_NO_MESSAGE);
5512 		return(-1);
5513 	    }
5514+	   */
5515+            /*-
5516+             * I'll search key according to KeyReq.
5517+             */
5518+	    slot = cert->slot ;
5519+	    if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
5520+	        if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
5521+	                xmlSecError( XMLSEC_ERRORS_HERE ,
5522+	                    xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
5523+	                    "PK11_FindPrivateKeyFromCert" ,
5524+	                    XMLSEC_ERRORS_R_CRYPTO_FAILED ,
5525+	                    XMLSEC_ERRORS_NO_MESSAGE ) ;
5526+	                return -1 ;
5527+	            }
5528+	    }
5529+
5530+            if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
5531+                if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
5532+                    xmlSecError( XMLSEC_ERRORS_HERE ,
5533+                        xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
5534+                        "CERT_ExtractPublicKey" ,
5535+                        XMLSEC_ERRORS_R_CRYPTO_FAILED ,
5536+                        XMLSEC_ERRORS_NO_MESSAGE ) ;
5537+
5538+
5539+                    if( priKey != NULL )
5540+                        SECKEY_DestroyPrivateKey( priKey ) ;
5541+                    return -1 ;
5542+                }
5543+            }
5544+
5545+            keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
5546+            if( keyValue == NULL ) {
5547+                xmlSecError( XMLSEC_ERRORS_HERE ,
5548+                xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
5549+                "xmlSecNssPKIAdoptKey" ,
5550+                XMLSEC_ERRORS_R_CRYPTO_FAILED ,
5551+                XMLSEC_ERRORS_NO_MESSAGE ) ;
5552+
5553+                if( priKey != NULL )
5554+                    SECKEY_DestroyPrivateKey( priKey ) ;
5555+
5556+                if( pubKey != NULL )
5557+                    SECKEY_DestroyPublicKey( pubKey ) ;
5558+
5559+                return -1 ;
5560+            }
5561+            /* Modify keyValue get Done */
5562
5563 	    /* verify that the key matches our expectations */
5564 	    if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
5565@@ -1950,86 +1721,6 @@
5566     return(res);
5567 }
5568
5569-static xmlChar*
5570-xmlSecNssX509NameWrite(CERTName* nm) {
5571-    xmlChar *res = NULL;
5572-    char *str;
5573-
5574-    xmlSecAssert2(nm != NULL, NULL);
5575-
5576-    str = CERT_NameToAscii(nm);
5577-    if (str == NULL) {
5578-        xmlSecError(XMLSEC_ERRORS_HERE,
5579-        	    NULL,
5580-        	    "CERT_NameToAscii",
5581-        	    XMLSEC_ERRORS_R_CRYPTO_FAILED,
5582-        	    XMLSEC_ERRORS_NO_MESSAGE);
5583-        return(NULL);
5584-    }
5585-
5586-    res = xmlStrdup(BAD_CAST str);
5587-    if(res == NULL) {
5588-	xmlSecError(XMLSEC_ERRORS_HERE,
5589-		    NULL,
5590-		    "xmlStrdup",
5591-		    XMLSEC_ERRORS_R_MALLOC_FAILED,
5592-		    XMLSEC_ERRORS_NO_MESSAGE);
5593-	PORT_Free(str);
5594-	return(NULL);
5595-    }
5596-    PORT_Free(str);
5597-    return(res);
5598-}
5599-
5600-static xmlChar*
5601-xmlSecNssASN1IntegerWrite(SECItem *num) {
5602-    xmlChar *res = NULL;
5603-
5604-    xmlSecAssert2(num != NULL, NULL);
5605-
5606-    /* TODO : to be implemented after
5607-     * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
5608-     */
5609-    return(res);
5610-}
5611-
5612-static xmlChar*
5613-xmlSecNssX509SKIWrite(CERTCertificate* cert) {
5614-    xmlChar *res = NULL;
5615-    SECItem ski;
5616-    SECStatus rv;
5617-
5618-    xmlSecAssert2(cert != NULL, NULL);
5619-
5620-    memset(&ski, 0, sizeof(ski));
5621-
5622-    rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
5623-    if (rv != SECSuccess) {
5624-	xmlSecError(XMLSEC_ERRORS_HERE,
5625-		    NULL,
5626-		    "CERT_FindSubjectKeyIDExtension",
5627-		    XMLSEC_ERRORS_R_CRYPTO_FAILED,
5628-		    XMLSEC_ERRORS_NO_MESSAGE);
5629-	SECITEM_FreeItem(&ski, PR_FALSE);
5630-	return(NULL);
5631-    }
5632-
5633-    res = xmlSecBase64Encode(ski.data, ski.len, 0);
5634-    if(res == NULL) {
5635-	xmlSecError(XMLSEC_ERRORS_HERE,
5636-		    NULL,
5637-		    "xmlSecBase64Encode",
5638-	    	    XMLSEC_ERRORS_R_XMLSEC_FAILED,
5639-		    XMLSEC_ERRORS_NO_MESSAGE);
5640-	SECITEM_FreeItem(&ski, PR_FALSE);
5641-	return(NULL);
5642-    }
5643-    SECITEM_FreeItem(&ski, PR_FALSE);
5644-
5645-    return(res);
5646-}
5647-
5648-
5649 static void
5650 xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
5651     SECItem *sn;
5652--- misc/xmlsec1-1.2.14/src/nss/x509vfy.c	2009-06-25 22:53:18.000000000 +0200
5653+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c	2009-09-21 14:02:48.669245207 +0200
5654@@ -30,6 +30,7 @@
5655 #include <xmlsec/keyinfo.h>
5656 #include <xmlsec/keysmngr.h>
5657 #include <xmlsec/base64.h>
5658+#include <xmlsec/bn.h>
5659 #include <xmlsec/errors.h>
5660
5661 #include <xmlsec/nss/crypto.h>
5662@@ -61,17 +62,7 @@
5663
5664 static int		xmlSecNssX509StoreInitialize	(xmlSecKeyDataStorePtr store);
5665 static void		xmlSecNssX509StoreFinalize	(xmlSecKeyDataStorePtr store);
5666-static int 		xmlSecNssX509NameStringRead	(xmlSecByte **str,
5667-							 int *strLen,
5668-							 xmlSecByte *res,
5669-							 int resLen,
5670-							 xmlSecByte delim,
5671-							 int ingoreTrailingSpaces);
5672-static xmlSecByte * 	xmlSecNssX509NameRead		(xmlSecByte *str,
5673-							 int len);
5674-
5675-static void 		xmlSecNssNumToItem(SECItem *it, unsigned long num);
5676-
5677+static int		xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
5678
5679 static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
5680     sizeof(xmlSecKeyDataStoreKlass),
5681@@ -339,40 +330,28 @@
5682 xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
5683 		      xmlChar *issuerSerial, xmlChar *ski) {
5684     CERTCertificate *cert = NULL;
5685-    xmlChar         *p = NULL;
5686     CERTName *name = NULL;
5687     SECItem *nameitem = NULL;
5688     PRArenaPool *arena = NULL;
5689
5690     if (subjectName != NULL) {
5691-	p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
5692-	if (p == NULL) {
5693-            xmlSecError(XMLSEC_ERRORS_HERE,
5694-                        NULL,
5695-                        "xmlSecNssX509NameRead",
5696-                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
5697-                        "subject=%s",
5698-                        xmlSecErrorsSafeString(subjectName));
5699-	    goto done;
5700-	}
5701-
5702 	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
5703 	if (arena == NULL) {
5704             xmlSecError(XMLSEC_ERRORS_HERE,
5705                         NULL,
5706                         "PORT_NewArena",
5707                         XMLSEC_ERRORS_R_CRYPTO_FAILED,
5708-                        XMLSEC_ERRORS_NO_MESSAGE);
5709+                        "error code=%d", PORT_GetError());
5710 	    goto done;
5711 	}
5712
5713-	name = CERT_AsciiToName((char*)p);
5714+	name = CERT_AsciiToName((char*)subjectName);
5715 	if (name == NULL) {
5716             xmlSecError(XMLSEC_ERRORS_HERE,
5717                         NULL,
5718                         "CERT_AsciiToName",
5719                         XMLSEC_ERRORS_R_XMLSEC_FAILED,
5720-                        XMLSEC_ERRORS_NO_MESSAGE);
5721+                        "error code=%d", PORT_GetError());
5722 	    goto done;
5723 	}
5724
5725@@ -394,34 +373,23 @@
5726     if((issuerName != NULL) && (issuerSerial != NULL)) {
5727 	CERTIssuerAndSN issuerAndSN;
5728
5729-	p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
5730-	if (p == NULL) {
5731-            xmlSecError(XMLSEC_ERRORS_HERE,
5732-                        NULL,
5733-                        "xmlSecNssX509NameRead",
5734-                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
5735-                        "issuer=%s",
5736-                        xmlSecErrorsSafeString(issuerName));
5737-	    goto done;
5738-	}
5739-
5740 	arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
5741 	if (arena == NULL) {
5742             xmlSecError(XMLSEC_ERRORS_HERE,
5743                         NULL,
5744                         "PORT_NewArena",
5745                         XMLSEC_ERRORS_R_CRYPTO_FAILED,
5746-                        XMLSEC_ERRORS_NO_MESSAGE);
5747+                        "error code=%d", PORT_GetError());
5748 	    goto done;
5749 	}
5750
5751-	name = CERT_AsciiToName((char*)p);
5752+	name = CERT_AsciiToName((char*)issuerName);
5753 	if (name == NULL) {
5754             xmlSecError(XMLSEC_ERRORS_HERE,
5755                         NULL,
5756                         "CERT_AsciiToName",
5757                         XMLSEC_ERRORS_R_XMLSEC_FAILED,
5758-                        XMLSEC_ERRORS_NO_MESSAGE);
5759+                        "error code=%d", PORT_GetError());
5760 	    goto done;
5761 	}
5762
5763@@ -441,8 +409,15 @@
5764 	issuerAndSN.derIssuer.data = nameitem->data;
5765 	issuerAndSN.derIssuer.len = nameitem->len;
5766
5767-	/* TBD: serial num can be arbitrarily long */
5768-	xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
5769+        if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
5770+                xmlSecError(XMLSEC_ERRORS_HERE,
5771+                        NULL,
5772+                        "xmlSecNssIntegerToItem",
5773+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
5774+                        "serial number=%s",
5775+                        xmlSecErrorsSafeString(issuerSerial));
5776+                goto done;
5777+        }
5778
5779 	cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
5780 					  &issuerAndSN);
5781@@ -473,9 +448,6 @@
5782     }
5783
5784 done:
5785-    if (p != NULL) {
5786-	PORT_Free(p);
5787-    }
5788     if (arena != NULL) {
5789 	PORT_FreeArena(arena, PR_FALSE);
5790     }
5791@@ -486,176 +458,6 @@
5792     return(cert);
5793 }
5794
5795-static xmlSecByte *
5796-xmlSecNssX509NameRead(xmlSecByte *str, int len) {
5797-    xmlSecByte name[256];
5798-    xmlSecByte value[256];
5799-    xmlSecByte *retval = NULL;
5800-    xmlSecByte *p = NULL;
5801-    int nameLen, valueLen;
5802-
5803-    xmlSecAssert2(str != NULL, NULL);
5804-
5805-    /* return string should be no longer than input string */
5806-    retval = (xmlSecByte *)PORT_Alloc(len+1);
5807-    if(retval == NULL) {
5808-	xmlSecError(XMLSEC_ERRORS_HERE,
5809-		    NULL,
5810-		    "PORT_Alloc",
5811-		    XMLSEC_ERRORS_R_MALLOC_FAILED,
5812-		    XMLSEC_ERRORS_NO_MESSAGE);
5813-	return(NULL);
5814-    }
5815-    p = retval;
5816-
5817-    while(len > 0) {
5818-	/* skip spaces after comma or semicolon */
5819-	while((len > 0) && isspace(*str)) {
5820-	    ++str; --len;
5821-	}
5822-
5823-	nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
5824-	if(nameLen < 0) {
5825-	    xmlSecError(XMLSEC_ERRORS_HERE,
5826-			NULL,
5827-			"xmlSecNssX509NameStringRead",
5828-			XMLSEC_ERRORS_R_XMLSEC_FAILED,
5829-			XMLSEC_ERRORS_NO_MESSAGE);
5830-	    goto done;
5831-	}
5832-	memcpy(p, name, nameLen);
5833-	p+=nameLen;
5834-	*p++='=';
5835-	if(len > 0) {
5836-	    ++str; --len;
5837-	    if((*str) == '\"') {
5838-		valueLen = xmlSecNssX509NameStringRead(&str, &len,
5839-					value, sizeof(value), '"', 1);
5840-		if(valueLen < 0) {
5841-		    xmlSecError(XMLSEC_ERRORS_HERE,
5842-				NULL,
5843-				"xmlSecNssX509NameStringRead",
5844-				XMLSEC_ERRORS_R_XMLSEC_FAILED,
5845-				XMLSEC_ERRORS_NO_MESSAGE);
5846-		    goto done;
5847-    		}
5848-		/* skip spaces before comma or semicolon */
5849-		while((len > 0) && isspace(*str)) {
5850-		    ++str; --len;
5851-		}
5852-		if((len > 0) && ((*str) != ',')) {
5853-		    xmlSecError(XMLSEC_ERRORS_HERE,
5854-				NULL,
5855-				NULL,
5856-				XMLSEC_ERRORS_R_INVALID_DATA,
5857-				"comma is expected");
5858-		    goto done;
5859-		}
5860-		if(len > 0) {
5861-		    ++str; --len;
5862-		}
5863-		*p++='\"';
5864-		memcpy(p, value, valueLen);
5865-		p+=valueLen;
5866-		*p++='\"';
5867-	    } else if((*str) == '#') {
5868-		/* TODO: read octect values */
5869-		xmlSecError(XMLSEC_ERRORS_HERE,
5870-			    NULL,
5871-			    NULL,
5872-			    XMLSEC_ERRORS_R_INVALID_DATA,
5873-			    "reading octect values is not implemented yet");
5874-		goto done;
5875-	    } else {
5876-		valueLen = xmlSecNssX509NameStringRead(&str, &len,
5877-					value, sizeof(value), ',', 1);
5878-		if(valueLen < 0) {
5879-		    xmlSecError(XMLSEC_ERRORS_HERE,
5880-				NULL,
5881-				"xmlSecNssX509NameStringRead",
5882-				XMLSEC_ERRORS_R_XMLSEC_FAILED,
5883-				XMLSEC_ERRORS_NO_MESSAGE);
5884-		    goto done;
5885-    		}
5886-		memcpy(p, value, valueLen);
5887-		p+=valueLen;
5888-		if (len > 0)
5889-		    *p++=',';
5890-	    }
5891-	} else {
5892-	    valueLen = 0;
5893-	}
5894-	if(len > 0) {
5895-	    ++str; --len;
5896-	}
5897-    }
5898-
5899-    *p = 0;
5900-    return(retval);
5901-
5902-done:
5903-    PORT_Free(retval);
5904-    return (NULL);
5905-}
5906-
5907-static int
5908-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
5909-			    xmlSecByte *res, int resLen,
5910-			    xmlSecByte delim, int ingoreTrailingSpaces) {
5911-    xmlSecByte *p, *q, *nonSpace;
5912-
5913-    xmlSecAssert2(str != NULL, -1);
5914-    xmlSecAssert2(strLen != NULL, -1);
5915-    xmlSecAssert2(res != NULL, -1);
5916-
5917-    p = (*str);
5918-    nonSpace = q = res;
5919-    while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
5920-	if((*p) != '\\') {
5921-	    if(ingoreTrailingSpaces && !isspace(*p)) {
5922-		nonSpace = q;
5923-	    }
5924-	    *(q++) = *(p++);
5925-	} else {
5926-	    ++p;
5927-	    nonSpace = q;
5928-	    if(xmlSecIsHex((*p))) {
5929-		if((p - (*str) + 1) >= (*strLen)) {
5930-		    xmlSecError(XMLSEC_ERRORS_HERE,
5931-				NULL,
5932-				NULL,
5933-				XMLSEC_ERRORS_R_INVALID_DATA,
5934-				"two hex digits expected");
5935-	    	    return(-1);
5936-		}
5937-		*(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
5938-		p += 2;
5939-	    } else {
5940-		if(((++p) - (*str)) >= (*strLen)) {
5941-		    xmlSecError(XMLSEC_ERRORS_HERE,
5942-				NULL,
5943-				NULL,
5944-				XMLSEC_ERRORS_R_INVALID_DATA,
5945-				"escaped symbol missed");
5946-		    return(-1);
5947-		}
5948-		*(q++) = *(p++);
5949-	    }
5950-	}
5951-    }
5952-    if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
5953-	xmlSecError(XMLSEC_ERRORS_HERE,
5954-		    NULL,
5955-		    NULL,
5956-		    XMLSEC_ERRORS_R_INVALID_SIZE,
5957-		    "buffer is too small");
5958-	return(-1);
5959-    }
5960-    (*strLen) -= (p - (*str));
5961-    (*str) = p;
5962-    return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
5963-}
5964-
5965 /* code lifted from NSS */
5966 static void
5967 xmlSecNssNumToItem(SECItem *it, unsigned long ui)
5968@@ -699,6 +501,77 @@
5969     it->len = len;
5970     PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
5971 }
5972+
5973+static int
5974+xmlSecNssIntegerToItem(
5975+       const xmlChar* integer ,
5976+       SECItem *item
5977+) {
5978+    xmlSecBn bn ;
5979+    xmlSecSize i, length ;
5980+    const xmlSecByte* bnInteger ;
5981+
5982+    xmlSecAssert2( integer != NULL, -1 ) ;
5983+    xmlSecAssert2( item != NULL, -1 ) ;
5984+
5985+    if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
5986+        xmlSecError(XMLSEC_ERRORS_HERE,
5987+                       NULL,
5988+                       "xmlSecBnInitialize",
5989+                       XMLSEC_ERRORS_R_INVALID_DATA,
5990+                       XMLSEC_ERRORS_NO_MESSAGE);
5991+           return -1 ;
5992+    }
5993+
5994+    if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
5995+                   xmlSecError(XMLSEC_ERRORS_HERE,
5996+                               NULL,
5997+                               "xmlSecBnFromDecString",
5998+                               XMLSEC_ERRORS_R_INVALID_DATA,
5999+                               XMLSEC_ERRORS_NO_MESSAGE);
6000+        xmlSecBnFinalize( &bn ) ;
6001+        return -1 ;
6002+    }
6003+
6004+    length = xmlSecBnGetSize( &bn ) ;
6005+    if( length <= 0 ) {
6006+                   xmlSecError(XMLSEC_ERRORS_HERE,
6007+                               NULL,
6008+                               "xmlSecBnGetSize",
6009+                               XMLSEC_ERRORS_R_INVALID_DATA,
6010+                               XMLSEC_ERRORS_NO_MESSAGE);
6011+    }
6012+
6013+    bnInteger = xmlSecBnGetData( &bn ) ;
6014+    if( bnInteger == NULL ) {
6015+                   xmlSecError(XMLSEC_ERRORS_HERE,
6016+                               NULL,
6017+                               "xmlSecBnGetData",
6018+                               XMLSEC_ERRORS_R_INVALID_DATA,
6019+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
6020+        xmlSecBnFinalize( &bn ) ;
6021+        return -1 ;
6022+    }
6023+
6024+    item->data = ( unsigned char * )PORT_Alloc( length );
6025+    if( item->data == NULL ) {
6026+                   xmlSecError(XMLSEC_ERRORS_HERE,
6027+                               NULL,
6028+                               "PORT_Alloc",
6029+                               XMLSEC_ERRORS_R_INVALID_DATA,
6030+                               XMLSEC_ERRORS_NO_MESSAGE ) ;
6031+        xmlSecBnFinalize( &bn ) ;
6032+        return -1 ;
6033+    }
6034+
6035+    item->len = length;
6036+    for( i = 0 ; i < length ; i ++ )
6037+        item->data[i] = *( bnInteger + i ) ;
6038+
6039+    xmlSecBnFinalize( &bn ) ;
6040+
6041+    return 0 ;
6042+}
6043 #endif /* XMLSEC_NO_X509 */
6044
6045
6046--- misc/xmlsec1-1.2.14/win32/Makefile.msvc	2009-06-25 22:53:18.000000000 +0200
6047+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc	2009-09-21 14:02:48.607277908 +0200
6048@@ -218,6 +218,9 @@
6049 	$(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
6050
6051 XMLSEC_NSS_OBJS = \
6052+	$(XMLSEC_NSS_INTDIR)\akmngr.obj\
6053+	$(XMLSEC_NSS_INTDIR)\keywrapers.obj\
6054+	$(XMLSEC_NSS_INTDIR)\tokens.obj\
6055 	$(XMLSEC_NSS_INTDIR)\app.obj\
6056 	$(XMLSEC_NSS_INTDIR)\bignum.obj\
6057 	$(XMLSEC_NSS_INTDIR)\ciphers.obj \
6058@@ -253,6 +256,7 @@
6059 	$(XMLSEC_NSS_INTDIR_A)\strings.obj
6060
6061 XMLSEC_MSCRYPTO_OBJS = \
6062+	$(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
6063 	$(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
6064 	$(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
6065 	$(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
6066