XML Security Library

LibXML2
LibXSLT
OpenSSL

keyinfo

Name

keyinfo -- 

Synopsis


int         xmlSecKeyInfoNodeRead           (xmlNodePtr keyInfoNode,
                                             xmlSecKeyPtr key,
                                             xmlSecKeyInfoCtxPtr keyInfoCtx);
int         xmlSecKeyInfoNodeWrite          (xmlNodePtr keyInfoNode,
                                             xmlSecKeyPtr key,
                                             xmlSecKeyInfoCtxPtr keyInfoCtx);
enum        xmlSecKeyInfoMode;
#define     XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND
#define     XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD
#define     XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN
#define     XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD
#define     XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF
#define     XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF
#define     XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD
#define     XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS
#define     XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT
#define     XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT
#define     XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION
struct      xmlSecKeyInfoCtx;
xmlSecKeyInfoCtxPtr xmlSecKeyInfoCtxCreate  (xmlSecKeysMngrPtr keysMngr);
void        xmlSecKeyInfoCtxDestroy         (xmlSecKeyInfoCtxPtr keyInfoCtx);
int         xmlSecKeyInfoCtxInitialize      (xmlSecKeyInfoCtxPtr keyInfoCtx,
                                             xmlSecKeysMngrPtr keysMngr);
void        xmlSecKeyInfoCtxFinalize        (xmlSecKeyInfoCtxPtr keyInfoCtx);
void        xmlSecKeyInfoCtxReset           (xmlSecKeyInfoCtxPtr keyInfoCtx);
int         xmlSecKeyInfoCtxCopyUserPref    (xmlSecKeyInfoCtxPtr dst,
                                             xmlSecKeyInfoCtxPtr src);
int         xmlSecKeyInfoCtxCreateEncCtx    (xmlSecKeyInfoCtxPtr keyInfoCtx);
void        xmlSecKeyInfoCtxDebugDump       (xmlSecKeyInfoCtxPtr keyInfoCtx,
                                             FILE *output);
void        xmlSecKeyInfoCtxDebugXmlDump    (xmlSecKeyInfoCtxPtr keyInfoCtx,
                                             FILE *output);
#define     xmlSecKeyDataNameId
xmlSecKeyDataId xmlSecKeyDataNameGetKlass   (void);
#define     xmlSecKeyDataValueId
xmlSecKeyDataId xmlSecKeyDataValueGetKlass  (void);
#define     xmlSecKeyDataRetrievalMethodId
xmlSecKeyDataId xmlSecKeyDataRetrievalMethodGetKlass
                                            (void);
#define     xmlSecKeyDataEncryptedKeyId
xmlSecKeyDataId xmlSecKeyDataEncryptedKeyGetKlass
                                            (void);

Description

Details

xmlSecKeyInfoNodeRead ()

int         xmlSecKeyInfoNodeRead           (xmlNodePtr keyInfoNode,
                                             xmlSecKeyPtr key,
                                             xmlSecKeyInfoCtxPtr keyInfoCtx);

Parses the <dsig:KeyInfo> element and extracts the key (with required id, type and usage).

keyInfoNode : the pointer to <dsig:KeyInfo> node.
key :  
keyInfoCtx : the pointer to xmlSecKeyInfoCtx structure.
Returns : 0 on success or -1 if an error occurs.


xmlSecKeyInfoNodeWrite ()

int         xmlSecKeyInfoNodeWrite          (xmlNodePtr keyInfoNode,
                                             xmlSecKeyPtr key,
                                             xmlSecKeyInfoCtxPtr keyInfoCtx);

Writes the key into the <dsig:KeyInfo> template keyInfoNode.

keyInfoNode : the pointer to <dsig:KeyInfo> node.
key : the key.
keyInfoCtx : the pointer to xmlSecKeyInfoCtx structure.
Returns : 0 on success or -1 if an error occurs.


enum xmlSecKeyInfoMode

typedef enum {
    xmlSecKeyInfoModeRead = 0,
    xmlSecKeyInfoModeWrite
} xmlSecKeyInfoMode;

The xmlSecKeyInfoCtx operation mode (read or write).

xmlSecKeyInfoModeRead read <dsig:KeyInfo /> element.
xmlSecKeyInfoModeWrite write <dsig:KeyInfo /> element.


XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND

#define XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND		0x00000001

If flag is set then we will continue reading <dsig:KeyInfo /> element even when key is already found.


XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD

#define XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD		0x00000002

If flags is set then we abort if an unknown <dsig:X509Data /> child is found.


XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN

#define XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN		0x00000004

If flags is set then we abort if an unknown key name (content of <dsig:KeyName /> element) is found.


XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD

#define XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD	0x00000008


XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF

#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF	0x00000010

If flag is set then we abort if an unknown href attribute of <dsig:RetrievalMethod /> element is found.


XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF

#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF	0x00000020

If flag is set then we abort if an href attribute <dsig:RetrievalMethod /> element does not match the real key data type.


XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD

#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD	0x00000100


XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS

#define XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS		0x00000200

If flag is set then we'll load certificates from <dsig:X509Data /> element without verification.


XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT

#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT	0x00000400

If flag is set then we'll stop when we could not resolve reference to certificate from <dsig:X509IssuerSerial />, <dsig:X509SKI /> or <dsig:X509SubjectName /> elements.


XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT

#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT	0x00000800

If the flag is set then we'll stop when <dsig:X509Data /> element processing does not return a verified certificate.


XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION

#define XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION 0x00001000

If the flag is set then we'll stop when <enc:EncryptedKey /> element processing fails.


struct xmlSecKeyInfoCtx

struct xmlSecKeyInfoCtx {
    void*				userData;
    unsigned int			flags;
    unsigned int			flags2;
    xmlSecKeysMngrPtr			keysMngr;
    xmlSecKeyInfoMode			mode;
    xmlSecPtrList			enabledKeyData;
    int					base64LineSize;
        
    /* RetrievalMethod */
    xmlSecTransformCtx			retrievalMethodCtx;
    int 				maxRetrievalMethodLevel;


    /* EncryptedKey */
    xmlSecEncCtxPtr			encCtx;
    int					maxEncryptedKeyLevel; 

	    

    /* x509 certificates */
    time_t				certsVerificationTime;
    int					certsVerificationDepth;


    /* PGP */
    void*				pgpReserved;	/* TODO */
        
    /* internal data */
    int 				curRetrievalMethodLevel;
    int					curEncryptedKeyLevel;                
    xmlSecKeyReq			keyReq;

    /* for the future */
    void*				reserved0;
    void*				reserved1;
};

The <dsig:KeyInfo /> reading or writing context.

void *userData the pointer to user data (xmlsec and xmlsec-crypto never touch this).
unsigned int flags the bit mask for flags that control processin.
unsigned int flags2 reserved for future.
xmlSecKeysMngrPtr keysMngr the pointer to current keys manager.
xmlSecKeyInfoMode mode do we read or write <dsig:KeyInfo /> element.
xmlSecPtrList enabledKeyData the list of enabled xmlSecKeyDataId (if list is empty then all data ids are enabled).
int base64LineSize the max columns size for base64 encoding.
xmlSecTransformCtx retrievalMethodCtx the transforms context for <dsig:RetrievalMethod /> element processing.
int maxRetrievalMethodLevel the max recursion level when processing <dsig:RetrievalMethod /> element; default level is 1 (see also curRetrievalMethodLevel).
xmlSecEncCtxPtr encCtx the encryption context for <dsig:EncryptedKey /> element processing.
int maxEncryptedKeyLevel the max recursion level when processing <enc:EncryptedKey /> element; default level is 1 (see curEncryptedKeyLevel).
time_t certsVerificationTime the time to use for X509 certificates verification ("not valid before" and "not valid after" checks); if certsVerificationTime is equal to 0 (default) then we verify certificates against the system's clock "now".
int certsVerificationDepth the max certifications chain length (default is 9).
void *pgpReserved reserved for PGP.
int curRetrievalMethodLevel the current <dsig:RetrievalMethod /> element processing level (see maxRetrievalMethodLevel).
int curEncryptedKeyLevel the current <enc:EncryptedKey /> element processing level (see maxEncryptedKeyLevel).
xmlSecKeyReq keyReq  
void *reserved0  
void *reserved1 reserved for the future.


xmlSecKeyInfoCtxCreate ()

xmlSecKeyInfoCtxPtr xmlSecKeyInfoCtxCreate  (xmlSecKeysMngrPtr keysMngr);

keysMngr :  
Returns :  


xmlSecKeyInfoCtxDestroy ()

void        xmlSecKeyInfoCtxDestroy         (xmlSecKeyInfoCtxPtr keyInfoCtx);

keyInfoCtx :  


xmlSecKeyInfoCtxInitialize ()

int         xmlSecKeyInfoCtxInitialize      (xmlSecKeyInfoCtxPtr keyInfoCtx,
                                             xmlSecKeysMngrPtr keysMngr);

keyInfoCtx :  
keysMngr :  
Returns :  


xmlSecKeyInfoCtxFinalize ()

void        xmlSecKeyInfoCtxFinalize        (xmlSecKeyInfoCtxPtr keyInfoCtx);

keyInfoCtx :  


xmlSecKeyInfoCtxReset ()

void        xmlSecKeyInfoCtxReset           (xmlSecKeyInfoCtxPtr keyInfoCtx);

keyInfoCtx :  


xmlSecKeyInfoCtxCopyUserPref ()

int         xmlSecKeyInfoCtxCopyUserPref    (xmlSecKeyInfoCtxPtr dst,
                                             xmlSecKeyInfoCtxPtr src);

dst :  
src :  
Returns :  


xmlSecKeyInfoCtxCreateEncCtx ()

int         xmlSecKeyInfoCtxCreateEncCtx    (xmlSecKeyInfoCtxPtr keyInfoCtx);

keyInfoCtx :  
Returns :  


xmlSecKeyInfoCtxDebugDump ()

void        xmlSecKeyInfoCtxDebugDump       (xmlSecKeyInfoCtxPtr keyInfoCtx,
                                             FILE *output);

keyInfoCtx :  
output :  


xmlSecKeyInfoCtxDebugXmlDump ()

void        xmlSecKeyInfoCtxDebugXmlDump    (xmlSecKeyInfoCtxPtr keyInfoCtx,
                                             FILE *output);

keyInfoCtx :  
output :  


xmlSecKeyDataNameId

#define xmlSecKeyDataNameId 		xmlSecKeyDataNameGetKlass()

The <dsig:KeyName> processing class.


xmlSecKeyDataNameGetKlass ()

xmlSecKeyDataId xmlSecKeyDataNameGetKlass   (void);

Returns :  


xmlSecKeyDataValueId

#define xmlSecKeyDataValueId		xmlSecKeyDataValueGetKlass()

The <dsig:KeyValue> processing class.


xmlSecKeyDataValueGetKlass ()

xmlSecKeyDataId xmlSecKeyDataValueGetKlass  (void);

Returns :  


xmlSecKeyDataRetrievalMethodId

#define xmlSecKeyDataRetrievalMethodId	xmlSecKeyDataRetrievalMethodGetKlass()

The <dsig:RetrievalMethod> processing class.


xmlSecKeyDataRetrievalMethodGetKlass ()

xmlSecKeyDataId xmlSecKeyDataRetrievalMethodGetKlass
                                            (void);

Returns :  


xmlSecKeyDataEncryptedKeyId

#define xmlSecKeyDataEncryptedKeyId	xmlSecKeyDataEncryptedKeyGetKlass()

The <enc:EncryptedKey> processing class.


xmlSecKeyDataEncryptedKeyGetKlass ()

xmlSecKeyDataId xmlSecKeyDataEncryptedKeyGetKlass
                                            (void);

Returns :  



Aleksey Sanin