Top | ![]() |
![]() |
![]() |
![]() |
keyinfokeyinfo — <dsig:KeyInfo/> node parser functions. |
int | xmlSecKeyInfoNodeRead () |
int | xmlSecKeyInfoNodeWrite () |
xmlSecKeyInfoCtxPtr | xmlSecKeyInfoCtxCreate () |
void | xmlSecKeyInfoCtxDestroy () |
int | xmlSecKeyInfoCtxInitialize () |
void | xmlSecKeyInfoCtxFinalize () |
void | xmlSecKeyInfoCtxReset () |
int | xmlSecKeyInfoCtxCopyUserPref () |
int | xmlSecKeyInfoCtxCreateEncCtx () |
void | xmlSecKeyInfoCtxDebugDump () |
void | xmlSecKeyInfoCtxDebugXmlDump () |
xmlSecKeyDataId | xmlSecKeyDataNameGetKlass () |
xmlSecKeyDataId | xmlSecKeyDataValueGetKlass () |
xmlSecKeyDataId | xmlSecKeyDataRetrievalMethodGetKlass () |
xmlSecKeyDataId | xmlSecKeyDataKeyInfoReferenceGetKlass () |
xmlSecKeyDataId | xmlSecKeyDataEncryptedKeyGetKlass () |
xmlSecKeyDataId | xmlSecKeyDataAgreementMethodGetKlass () |
xmlSecKeyDataId | xmlSecKeyDataDerivedKeyGetKlass () |
KeyInfo is an optional element that enables the recipient(s) to obtain the key needed to validate the signature. KeyInfo may contain keys, names, certificates and other public key management information, such as in-band key distribution or key agreement data.
Schema Definition:
<element name="KeyInfo" type="ds:KeyInfoType"/> <complexType name="KeyInfoType" mixed="true"> <choice maxOccurs="unbounded"> <element ref="ds:KeyName"/> <element ref="ds:KeyValue"/> <element ref="ds:RetrievalMethod"/> <element ref="ds:X509Data"/> <element ref="ds:PGPData"/> <element ref="ds:SPKIData"/> <element ref="ds:MgmtData"/> <any processContents="lax" namespace="##other"/> <!-- (1,1) elements from (0,unbounded) namespaces --> </choice> <attribute name="Id" type="ID" use="optional"/> </complexType>
<!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod| X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* > <!ATTLIST KeyInfo Id ID #IMPLIED >
int xmlSecKeyInfoNodeRead (xmlNodePtr keyInfoNode
,xmlSecKeyPtr key
,xmlSecKeyInfoCtxPtr keyInfoCtx
Parses the <dsig:KeyInfo/> element keyInfoNode
, extracts the key data
and stores into key
keyInfoNode |
the pointer to <dsig:KeyInfo/> node. |
key |
the pointer to result key object. |
keyInfoCtx |
the pointer to <dsig:KeyInfo/> element processing context. |
int xmlSecKeyInfoNodeWrite (xmlNodePtr keyInfoNode
,xmlSecKeyPtr key
,xmlSecKeyInfoCtxPtr keyInfoCtx
Writes the key
into the <dsig:KeyInfo/> element template keyInfoNode
keyInfoNode |
the pointer to <dsig:KeyInfo/> node. |
key |
the pointer to key object. |
keyInfoCtx |
the pointer to <dsig:KeyInfo/> element processing context. |
xmlSecKeyInfoCtxCreate (xmlSecKeysMngrPtr keysMngr
Allocates and initializes <dsig:KeyInfo/> element processing context. Caller is responsible for freeing it by calling xmlSecKeyInfoCtxDestroy function.
xmlSecKeyInfoCtxDestroy (xmlSecKeyInfoCtxPtr keyInfoCtx
Destroys keyInfoCtx
object created with xmlSecKeyInfoCtxCreate function.
int xmlSecKeyInfoCtxInitialize (xmlSecKeyInfoCtxPtr keyInfoCtx
,xmlSecKeysMngrPtr keysMngr
Initializes <dsig:KeyInfo/> element processing context. Caller is responsible for cleaning it up by xmlSecKeyInfoCtxFinalize function.
keyInfoCtx |
the pointer to <dsig:KeyInfo/> element processing context. |
keysMngr |
the pointer to keys manager (may be NULL). |
xmlSecKeyInfoCtxFinalize (xmlSecKeyInfoCtxPtr keyInfoCtx
Cleans up the keyInfoCtx
initialized with xmlSecKeyInfoCtxInitialize
xmlSecKeyInfoCtxReset (xmlSecKeyInfoCtxPtr keyInfoCtx
Resets the keyInfoCtx
state. User settings are not changed.
int xmlSecKeyInfoCtxCopyUserPref (xmlSecKeyInfoCtxPtr dst
,xmlSecKeyInfoCtxPtr src
Copies user preferences from src
context to dst
xmlSecKeyInfoCtxCreateEncCtx (xmlSecKeyInfoCtxPtr keyInfoCtx
Creates encryption context form processing <enc:EncryptedKey/> child of <dsig:KeyInfo/> element.
void xmlSecKeyInfoCtxDebugDump (xmlSecKeyInfoCtxPtr keyInfoCtx
,FILE *output
Prints user settings and current context state to output
keyInfoCtx |
the pointer to <dsig:KeyInfo/> element processing context. |
output |
the output file pointer. |
void xmlSecKeyInfoCtxDebugXmlDump (xmlSecKeyInfoCtxPtr keyInfoCtx
,FILE *output
Prints user settings and current context state in XML format to output
keyInfoCtx |
the pointer to <dsig:KeyInfo/> element processing context. |
output |
the output file pointer. |
xmlSecKeyDataNameGetKlass (void
The <dsig:KeyName/> element key data klass (
The KeyName element contains a string value (in which white space is significant) which may be used by the signer to communicate a key identifier to the recipient. Typically, KeyName contains an identifier related to the key pair used to sign the message, but it may contain other protocol-related information that indirectly identifies a key pair. (Common uses of KeyName include simple string names for keys, a key index, a distinguished name (DN), an email address, etc.)
xmlSecKeyDataValueGetKlass (void
The <dsig:KeyValue/> element key data klass (
The KeyValue element contains a single public key that may be useful in validating the signature.
xmlSecKeyDataRetrievalMethodGetKlass (void
The <dsig:RetrievalMethod/> element key data klass ( A RetrievalMethod element within KeyInfo is used to convey a reference to KeyInfo information that is stored at another location. For example, several signatures in a document might use a key verified by an X.509v3 certificate chain appearing once in the document or remotely outside the document; each signature's KeyInfo can reference this chain using a single RetrievalMethod element instead of including the entire chain with a sequence of X509Certificate elements.
RetrievalMethod uses the same syntax and dereferencing behavior as Reference's URI and The Reference Processing Model.
xmlSecKeyDataKeyInfoReferenceGetKlass (void
A KeyInfoReference element within KeyInfo is used to convey a reference to a KeyInfo element at another location in the same or different document.
KeyInfoReference uses the same syntax and dereferencing behavior as Reference's URI and the Reference Processing Model except that there are no child elements and the presence of the URI attribute is mandatory.
The result of dereferencing a KeyInfoReference MUST be a KeyInfo element, or an XML document with a KeyInfo element as the root.
<element></element><complexType> <attribute></attribute> <attribute></attribute> </complexType>
xmlSecKeyDataEncryptedKeyGetKlass (void
The <enc:EncryptedKey/> element key data klass (
The EncryptedKey element is used to transport encryption keys from the originator to a known recipient(s). It may be used as a stand-alone XML document, be placed within an application document, or appear inside an EncryptedData element as a child of a ds:KeyInfo element. The key value is always encrypted to the recipient(s). When EncryptedKey is decrypted the resulting octets are made available to the EncryptionMethod algorithm without any additional processing.
xmlSecKeyDataAgreementMethodGetKlass (void
The <enc:AgreementMethod/> element key data klass (h
A Key Agreement algorithm provides for the derivation of a shared secret key based on a shared secret computed from certain types of compatible public keys from both the sender and the recipient. Information from the originator to determine the secret is indicated by an optional OriginatorKeyInfo parameter child of an AgreementMethod element while that associated with the recipient is indicated by an optional RecipientKeyInfo. A shared key is derived from this shared secret by a method determined by the Key Agreement algorithm.
xmlSecKeyDataDerivedKeyGetKlass (void
The<enc11:DerivedKey/> element key data klass (
The DerivedKey element is used to transport information about a derived key from the originator to recipient(s). It may be used as a stand-alone XML document, be placed within an application document, or appear inside an EncryptedData or Signature element as a child of a ds:KeyInfo element. The key value itself is never sent by the originator. Rather, the originator provides information to the recipient(s) by which the recipient(s) can derive the same key value. When the key has been derived the resulting octets are made available to the EncryptionMethod or SignatureMethod algorithm without any additional processing.
The xmlSecKeyInfoCtx
operation mode (read or write).
If flag is set then we will continue reading <dsig:KeyInfo /> element even when key is already found.
If flag is set then we abort if an unknown <dsig:KeyInfo /> child is found.
If flags is set then we abort if an unknown key name (content of <dsig:KeyName /> element) is found.
If flags is set then we abort if an unknown <dsig:KeyValue /> child is found.
If flag is set then we abort if an unknown href attribute of <dsig:RetrievalMethod /> element is found.
If flag is set then we abort if an href attribute <dsig:RetrievalMethod /> element does not match the real key data type.
If flags is set then we abort if an unknown <dsig:X509Data /> child is found.
If flag is set then we'll load certificates from <dsig:X509Data /> element without verification.
If flag is set then we'll stop when we could not resolve reference to certificate from <dsig:X509IssuerSerial />, <dsig:X509SKI /> or
<dsig:X509SubjectName /> elements.#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT 0x00000800
If the flag is set then we'll stop when <dsig:X509Data /> element processing does not return a verified certificate.
If the flag is set then we'll stop when <enc:EncryptedKey /> element processing fails.
If the flag is set then we'll stop when we found an empty node. Otherwise we just ignore it.
If the flag is set then we'll skip strict checking of certs and CRLs
If the flag is set then we'll try to find any key that matches requirements (e.g. *any* RSA public key). In the default strict key search mode, only keys referenced in <dsig:KeyInfo/> (e.g. by KeyName value) are used.
struct xmlSecKeyInfoCtx { void* userData; unsigned int flags; unsigned int flags2; xmlSecKeysMngrPtr keysMngr; xmlSecKeyInfoMode mode; xmlSecPtrList enabledKeyData; int base64LineSize; /* RetrievalMethod */ xmlSecTransformCtx retrievalMethodCtx; int maxRetrievalMethodLevel; /* KeyInfoReference */ xmlSecTransformCtx keyInfoReferenceCtx; int maxKeyInfoReferenceLevel; /* EncryptedKey or DerivedKey */ xmlSecEncCtxPtr encCtx; int maxEncryptedKeyLevel; /* x509 certificates */ time_t certsVerificationTime; int certsVerificationDepth; /* PGP */ void* pgpReserved; /* TODO */ /* internal data */ int curRetrievalMethodLevel; int curKeyInfoReferenceLevel; int curEncryptedKeyLevel; xmlSecTransformOperation operation; xmlSecKeyReq keyReq; /* for the future */ void* reserved0; void* reserved1; };
The <dsig:KeyInfo /> reading or writing context.
the pointer to user data (xmlsec and xmlsec-crypto never touch this). |
the bit mask for flags that control processin. |
reserved for future. |
xmlSecKeysMngrPtr |
the pointer to current keys manager. |
xmlSecKeyInfoMode |
do we read or write <dsig:KeyInfo /> element. |
xmlSecPtrList |
the list of enabled |
the max columns size for base64 encoding. |
xmlSecTransformCtx |
the transforms context for <dsig:RetrievalMethod /> element processing. |
the max recursion level when processing
<dsig:RetrievalMethod/> element; default level is 1
(see also |
xmlSecTransformCtx |
the transforms context for<dsig11:KeyInfoReference/> element processing. |
the max recursion level when processing
<dsig11:KeyInfoReference/> element; default level is 1
(see also |
xmlSecEncCtxPtr |
the encryption context for <dsig:EncryptedKey /> element processing. |
the max recursion level when processing
<enc:EncryptedKey/> element; default level is 1
(see |
the time to use for X509 certificates verification
("not valid before" and "not valid after" checks);
if |
the max certifications chain length (default is 9). |
reserved for PGP. |
the current<dsig:RetrievalMethod/> element
processing level (see |
the current<dsig11:KeyInfoReference/> element
processing level (see |
the current<enc:EncryptedKey/> or<enc11:DerivedKey/> element
processing level (see |
xmlSecTransformOperation |
the transform operation for this key info. |
xmlSecKeyReq |
the current key requirements. |
reserved for the future. |
reserved for the future. |
#define xmlSecKeyDataNameId xmlSecKeyDataNameGetKlass()
The<dsig:KeyName/> processing class.
#define xmlSecKeyDataValueId xmlSecKeyDataValueGetKlass()
The<dsig:KeyValue/> processing class.
#define xmlSecKeyDataRetrievalMethodId xmlSecKeyDataRetrievalMethodGetKlass()
The<dsig:RetrievalMethod/> processing class.
#define xmlSecKeyDataKeyInfoReferenceId xmlSecKeyDataKeyInfoReferenceGetKlass()
The<dsig11:KeyInfoReference/> processing class.
#define xmlSecKeyDataEncryptedKeyId xmlSecKeyDataEncryptedKeyGetKlass()
The<enc:EncryptedKey/> element processing class.
#define xmlSecKeyDataAgreementMethodId xmlSecKeyDataAgreementMethodGetKlass()
The<enc:AgreementMethod/> processing class.