Chandler, I think it over about the
xmlSecMSCryptoAppliedKeysMngrCreate(). You can replace the functions
with another wrapper or block with:
{
/* create the key mngr */
xmlSecKeysMngrPtr keyMngr = xmlSecKeysMngrCreate() ;
/* add key store to the mngr **/
xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore*( keystore ) ;
/* add cert store to the mngr **/**
xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore*( certstore ) ;
}
This is not quite correct. As it is implemented in the OpenOffice
patch you have sent to me, the xmlSecMSCryptoAppliedKeysMngrCreate
function *did not* add keys or certs store passed into it as
input parameters. But this might have just a bug :)
Note that all of the XXXKeyLoad functions you listed have no body at
all in the patch that was sent to me thus I did not implement them
in xmlsec. I can do it but I am not sure it makes much sense to me :)
The interfaces really give more flexible for end user specify their own
keys for signature and decryption. I think is is much more useful for
template driven signature/encryption, for non-template driven
signature/encryption, one can directly call some interfaces to set the
keys used to a certain sign/enc; but for template-auto driven, no one
knows what even the template stuff, so put the raw keys into the mgr is
a good automated way. I think encryption cases will show the value of
those interfaces. Because openoffice signature is based on pki cert,
they really have not been used. I didn't implement those interfaces in
mscrypto engine( I forgot why, because of time or anything else ), but
they have been implemented in nss engine.
Aleksey, I hope you add the interfaces for both mscrypto and nss engine
if you feel valuable. :-)
OK, I added mscrypto functions (changed names slightly to follow xmlsec
conventions):
xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad
xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad
xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad
But you promise to implement them one day :)
BTW, just to repeat this to Chandler: to get full compatibility with
current OpenOffice patch, one needs to compile xmlsec-mscrypto in "nt4"
compatibility mode. Otherwise, you'll have same functionality but it
will run only on 95/98 (with necessary SP level), Server 2003 and XP.
You can find detailed instructions, reasons and more explanations here:
http://www.aleksey.com/pipermail/xmlsec/2005/002560.html
Also note that "nt4" compatibility mode *migth not* be thread safe.
Aleksey
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
