- Home
- Download
- News
- Documentation
- XML Digital Signature
- XML Encryption
- XML Canonicalization
- Reporting Bugs
- Mailing list
- Related
- Authors
 |
|
 |
|
 |
keyinfoSynopsis
DetailsxmlSecKeyInfoNodeRead ()
Parses the <dsig:KeyInfo/> element
xmlSecKeyInfoNodeWrite ()
Writes the
enum xmlSecKeyInfoModetypedef enum {
xmlSecKeyInfoModeRead = 0,
xmlSecKeyInfoModeWrite
} xmlSecKeyInfoMode;
The
XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND#define XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND 0x00000001 If flag is set then we will continue reading <dsig:KeyInfo /> element even when key is already found. XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD#define XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD 0x00000002 If flag is set then we abort if an unknown <dsig:KeyInfo /> child is found. XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN#define XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN 0x00000004 If flags is set then we abort if an unknown key name (content of <dsig:KeyName /> element) is found. XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD#define XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD 0x00000008 If flags is set then we abort if an unknown <dsig:KeyValue /> child is found. XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF 0x00000010 If flag is set then we abort if an unknown href attribute of <dsig:RetrievalMethod /> element is found. XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF 0x00000020 If flag is set then we abort if an href attribute <dsig:RetrievalMethod /> element does not match the real key data type. XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD 0x00000100 If flags is set then we abort if an unknown <dsig:X509Data /> child is found. XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS#define XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS 0x00000200 If flag is set then we'll load certificates from <dsig:X509Data /> element without verification. XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT 0x00000400 If flag is set then we'll stop when we could not resolve reference to certificate from <dsig:X509IssuerSerial />, <dsig:X509SKI /> or <dsig:X509SubjectName /> elements. XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT 0x00000800 If the flag is set then we'll stop when <dsig:X509Data /> element processing does not return a verified certificate. XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION#define XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION 0x00001000 If the flag is set then we'll stop when <enc:EncryptedKey /> element processing fails. XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE#define XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE 0x00002000 If the flag is set then we'll stop when we found an empty node. Otherwise we just ignore it. XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS#define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS 0x00004000 If the flag is set then we'll skip strict checking of certs and CRLs struct xmlSecKeyInfoCtxstruct xmlSecKeyInfoCtx {
void* userData;
unsigned int flags;
unsigned int flags2;
xmlSecKeysMngrPtr keysMngr;
xmlSecKeyInfoMode mode;
xmlSecPtrList enabledKeyData;
int base64LineSize;
/* RetrievalMethod */
xmlSecTransformCtx retrievalMethodCtx;
int maxRetrievalMethodLevel;
/* EncryptedKey */
xmlSecEncCtxPtr encCtx;
int maxEncryptedKeyLevel;
/* x509 certificates */
time_t certsVerificationTime;
int certsVerificationDepth;
/* PGP */
void* pgpReserved; /* TODO */
/* internal data */
int curRetrievalMethodLevel;
int curEncryptedKeyLevel;
xmlSecKeyReq keyReq;
/* for the future */
void* reserved0;
void* reserved1;
};
The <dsig:KeyInfo /> reading or writing context.
xmlSecKeyInfoCtxCreate ()
Allocates and initializes <dsig:KeyInfo/> element processing context. Caller is responsible for freeing it by calling xmlSecKeyInfoCtxDestroy function.
xmlSecKeyInfoCtxDestroy ()
Destroys
xmlSecKeyInfoCtxInitialize ()
Initializes <dsig:KeyInfo/> element processing context. Caller is responsible for cleaning it up by xmlSecKeyInfoCtxFinalize function.
xmlSecKeyInfoCtxFinalize ()
Cleans up the
xmlSecKeyInfoCtxReset ()
Resets the
xmlSecKeyInfoCtxCopyUserPref ()
Copies user preferences from
xmlSecKeyInfoCtxCreateEncCtx ()
Creates encryption context form processing <enc:EncryptedKey/> child of <dsig:KeyInfo/> element.
xmlSecKeyInfoCtxDebugDump ()
Prints user settings and current context state to
xmlSecKeyInfoCtxDebugXmlDump ()
Prints user settings and current context state in XML format to
xmlSecKeyDataNameId#define xmlSecKeyDataNameId xmlSecKeyDataNameGetKlass() The <dsig:KeyName> processing class. xmlSecKeyDataNameGetKlass ()
The <dsig:KeyName/> element key data klass
(http://www.w3.org/TR/xmldsig-core/ The KeyName element contains a string value (in which white space is significant) which may be used by the signer to communicate a key identifier to the recipient. Typically, KeyName contains an identifier related to the key pair used to sign the message, but it may contain other protocol-related information that indirectly identifies a key pair. (Common uses of KeyName include simple string names for keys, a key index, a distinguished name (DN), an email address, etc.)
xmlSecKeyDataValueId#define xmlSecKeyDataValueId xmlSecKeyDataValueGetKlass() The <dsig:KeyValue> processing class. xmlSecKeyDataValueGetKlass ()
The <dsig:KeyValue/> element key data klass
(http://www.w3.org/TR/xmldsig-core/ The KeyValue element contains a single public key that may be useful in validating the signature.
xmlSecKeyDataRetrievalMethodId#define xmlSecKeyDataRetrievalMethodId xmlSecKeyDataRetrievalMethodGetKlass() The <dsig:RetrievalMethod> processing class. xmlSecKeyDataRetrievalMethodGetKlass ()
The <dsig:RetrievalMethod/> element key data klass
(http://www.w3.org/TR/xmldsig-core/ RetrievalMethod uses the same syntax and dereferencing behavior as Reference's URI and The Reference Processing Model.
xmlSecKeyDataEncryptedKeyId#define xmlSecKeyDataEncryptedKeyId xmlSecKeyDataEncryptedKeyGetKlass() The <enc:EncryptedKey> processing class. xmlSecKeyDataEncryptedKeyGetKlass ()
The <enc:EncryptedKey/> element key data klass
(http://www.w3.org/TR/xmlenc-core/ The EncryptedKey element is used to transport encryption keys from the originator to a known recipient(s). It may be used as a stand-alone XML document, be placed within an application document, or appear inside an EncryptedData element as a child of a ds:KeyInfo element. The key value is always encrypted to the recipient(s). When EncryptedKey is decrypted the resulting octets are made available to the EncryptionMethod algorithm without any additional processing.
|
