gregvish · November 11, 2013 09:43
diff --git a/setEnabledKeyData2.diff b/setEnabledKeyData2.diff
 diff --git a/dm.xmlsec.binding.egg-info/PKG-INFO b/dm.xmlsec.binding.egg-info/PKG-INFO
 index ef2b2b6..edfdd9a 100644
 --- a/dm.xmlsec.binding.egg-info/PKG-INFO
 +++ b/dm.xmlsec.binding.egg-info/PKG-INFO
 @@ -524,6 +524,8 @@ Description: This package contains a Cython (http://cython.org/) based bindung
         ...         dsigCtx.enableReferenceTransform(tid)
         ...     dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
         ...     dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
 +        ...     # limit the allowed KeyData elements
 +        ...     dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
         ...     dsigCtx.verify(node)
         ... 
         >>> # this works
 diff --git a/dm.xmlsec.binding.egg-info/SOURCES.txt b/dm.xmlsec.binding.egg-info/SOURCES.txt
 index 5490887..93db6b4 100644
 --- a/dm.xmlsec.binding.egg-info/SOURCES.txt
 +++ b/dm.xmlsec.binding.egg-info/SOURCES.txt
 @@ -1,3 +1,4 @@
 +setup.cfg
 setup.py
 dm/__init__.py
 dm.xmlsec.binding.egg-info/PKG-INFO
 diff --git a/dm/xmlsec/binding/README.txt b/dm/xmlsec/binding/README.txt
 index 9247c9c..846cedc 100644
 --- a/dm/xmlsec/binding/README.txt
 +++ b/dm/xmlsec/binding/README.txt
 @@ -516,6 +516,8 @@ Verifying a signature with additional restrictions
 ...         dsigCtx.enableReferenceTransform(tid)
 ...     dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
 ...     dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
 +...     # limit the allowed KeyData elements
 +...     dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
 ...     dsigCtx.verify(node)
 ... 
 >>> # this works
 diff --git a/src/_xmlsec.c b/src/_xmlsec.c
 deleted file mode 100644
 index a1b8974..0000000
 diff --git a/src/_xmlsec.pyx b/src/_xmlsec.pyx
 index 45e9427..ffbd1a0 100644
 --- a/src/_xmlsec.pyx
 +++ b/src/_xmlsec.pyx
 @@ -388,8 +388,16 @@ cdef class DSigCtx:
     if rv < 0:
       raise Error("enableSignatureTransform failed", rv)
     
 -
 -
 +  def setEnabledKeyData(self, keydata_list):
 +    cdef KeyData keydata
 +    cdef xmlSecPtrListPtr enabled_list
 +    enabled_list = &(self.ctx.keyInfoReadCtx.enabledKeyData)
 +    xmlSecPtrListEmpty(enabled_list)
 +    for keydata in keydata_list:
 +        rv = xmlSecPtrListAdd(enabled_list, <xmlSecPtr> keydata.id)
 +        if rv < 0:
 +            raise Error("setEnabledKeyData failed")
 +  
 
 cdef class EncCtx:
   """Encryption context."""
 diff --git a/src/cxmlsec.pxd b/src/cxmlsec.pxd
 index 80afa7f..a8058df 100644
 --- a/src/cxmlsec.pxd
 +++ b/src/cxmlsec.pxd
 @@ -56,6 +56,10 @@ cdef extern from 'cxmlsec.h':
                 xmlSecKeyDataTypeTrusted = 0x0100
                 xmlSecKeyDataTypeAny = 0xFFFF
                 
 +        ctypedef void * xmlSecPtrList
 +        ctypedef xmlSecPtrList * xmlSecPtrListPtr
 +        ctypedef void * xmlSecPtr
 +
         void xmlSecKeyDestroy(xmlSecKeyPtr) nogil
         xmlSecKeyPtr xmlSecKeyDuplicate(xmlSecKeyPtr) nogil
         xmlSecKeyPtr xmlSecCryptoAppKeyLoad(const_char *, xmlSecKeyDataFormat, const_char *, void *, void *) nogil
 @@ -66,6 +70,8 @@ cdef extern from 'cxmlsec.h':
         xmlSecKeyPtr xmlSecKeyGenerate(xmlSecKeyDataId, size_t, xmlSecKeyDataType) nogil
         int xmlSecKeySetName(xmlSecKeyPtr, const_xmlChar *) nogil
         const_xmlChar * xmlSecKeyGetName(xmlSecKeyPtr) nogil
 +        int xmlSecPtrListAdd(xmlSecPtrListPtr, xmlSecPtr) nogil
 +        int xmlSecPtrListEmpty(xmlSecPtrListPtr) nogil
 
         cdef struct _xmlSecTransformKlass:
                 const_xmlChar * name
 @@ -126,6 +132,9 @@ cdef extern from 'cxmlsec.h':
         int xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr, char * filename, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil
         int xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr, const_unsigned_char *, size_t, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil
 
 +        cdef struct xmlSecKeyInfoCtx:
 +                xmlSecPtrList enabledKeyData
 +                
         ctypedef enum xmlSecDSigStatus:
                 xmlSecDSigStatusUnknown = 0
                 xmlSecDSigStatusSucceeded = 1
 @@ -134,8 +143,8 @@ cdef extern from 'cxmlsec.h':
 ##                void * userData
 ##                unsigned int flags
 ##                unsigned int flags2
 -##                xmlSecKeyInfoCtx keyInfoReadCtx
 -##                xmlSecKeyInfoCtx keyInfoWriteCtx
 +                xmlSecKeyInfoCtx keyInfoReadCtx
 +                xmlSecKeyInfoCtx keyInfoWriteCtx
 ##                xmlSecTransformCtx transformCtx
 ##                xmlSecTransformUriType enabledReferenceUris
 ##                xmlSecPtrListPtr enabledReferenceTransforms
	diff --git a/dm.xmlsec.binding.egg-info/PKG-INFO b/dm.xmlsec.binding.egg-info/PKG-INFO
	index ef2b2b6..edfdd9a 100644
	--- a/dm.xmlsec.binding.egg-info/PKG-INFO
	+++ b/dm.xmlsec.binding.egg-info/PKG-INFO
	@@ -524,6 +524,8 @@ Description: This package contains a Cython (http://cython.org/) based bindung
	... dsigCtx.enableReferenceTransform(tid)
	... dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
	... dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
	+ ... # limit the allowed KeyData elements
	+ ... dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
	... dsigCtx.verify(node)
	...
	>>> # this works
	diff --git a/dm.xmlsec.binding.egg-info/SOURCES.txt b/dm.xmlsec.binding.egg-info/SOURCES.txt
	index 5490887..93db6b4 100644
	--- a/dm.xmlsec.binding.egg-info/SOURCES.txt
	+++ b/dm.xmlsec.binding.egg-info/SOURCES.txt
	@@ -1,3 +1,4 @@
	+setup.cfg
	setup.py
	dm/__init__.py
	dm.xmlsec.binding.egg-info/PKG-INFO
	diff --git a/dm/xmlsec/binding/README.txt b/dm/xmlsec/binding/README.txt
	index 9247c9c..846cedc 100644
	--- a/dm/xmlsec/binding/README.txt
	+++ b/dm/xmlsec/binding/README.txt
	@@ -516,6 +516,8 @@ Verifying a signature with additional restrictions
	... dsigCtx.enableReferenceTransform(tid)
	... dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
	... dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
	+... # limit the allowed KeyData elements
	+... dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
	... dsigCtx.verify(node)
	...
	>>> # this works
	diff --git a/src/_xmlsec.c b/src/_xmlsec.c
	deleted file mode 100644
	index a1b8974..0000000
	diff --git a/src/_xmlsec.pyx b/src/_xmlsec.pyx
	index 45e9427..ffbd1a0 100644
	--- a/src/_xmlsec.pyx
	+++ b/src/_xmlsec.pyx
	@@ -388,8 +388,16 @@ cdef class DSigCtx:
	if rv < 0:
	raise Error("enableSignatureTransform failed", rv)

	-
	-
	+ def setEnabledKeyData(self, keydata_list):
	+ cdef KeyData keydata
	+ cdef xmlSecPtrListPtr enabled_list
	+ enabled_list = &(self.ctx.keyInfoReadCtx.enabledKeyData)
	+ xmlSecPtrListEmpty(enabled_list)
	+ for keydata in keydata_list:
	+ rv = xmlSecPtrListAdd(enabled_list, <xmlSecPtr> keydata.id)
	+ if rv < 0:
	+ raise Error("setEnabledKeyData failed")
	+

	cdef class EncCtx:
	"""Encryption context."""
	diff --git a/src/cxmlsec.pxd b/src/cxmlsec.pxd
	index 80afa7f..a8058df 100644
	--- a/src/cxmlsec.pxd
	+++ b/src/cxmlsec.pxd
	@@ -56,6 +56,10 @@ cdef extern from 'cxmlsec.h':
	xmlSecKeyDataTypeTrusted = 0x0100
	xmlSecKeyDataTypeAny = 0xFFFF

	+ ctypedef void * xmlSecPtrList
	+ ctypedef xmlSecPtrList * xmlSecPtrListPtr
	+ ctypedef void * xmlSecPtr
	+
	void xmlSecKeyDestroy(xmlSecKeyPtr) nogil
	xmlSecKeyPtr xmlSecKeyDuplicate(xmlSecKeyPtr) nogil
	xmlSecKeyPtr xmlSecCryptoAppKeyLoad(const_char , xmlSecKeyDataFormat, const_char , void , void ) nogil
	@@ -66,6 +70,8 @@ cdef extern from 'cxmlsec.h':
	xmlSecKeyPtr xmlSecKeyGenerate(xmlSecKeyDataId, size_t, xmlSecKeyDataType) nogil
	int xmlSecKeySetName(xmlSecKeyPtr, const_xmlChar *) nogil
	const_xmlChar * xmlSecKeyGetName(xmlSecKeyPtr) nogil
	+ int xmlSecPtrListAdd(xmlSecPtrListPtr, xmlSecPtr) nogil
	+ int xmlSecPtrListEmpty(xmlSecPtrListPtr) nogil

	cdef struct _xmlSecTransformKlass:
	const_xmlChar * name
	@@ -126,6 +132,9 @@ cdef extern from 'cxmlsec.h':
	int xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr, char * filename, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil
	int xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr, const_unsigned_char *, size_t, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil

	+ cdef struct xmlSecKeyInfoCtx:
	+ xmlSecPtrList enabledKeyData
	+
	ctypedef enum xmlSecDSigStatus:
	xmlSecDSigStatusUnknown = 0
	xmlSecDSigStatusSucceeded = 1
	@@ -134,8 +143,8 @@ cdef extern from 'cxmlsec.h':
	## void * userData
	## unsigned int flags
	## unsigned int flags2
	-## xmlSecKeyInfoCtx keyInfoReadCtx
	-## xmlSecKeyInfoCtx keyInfoWriteCtx
	+ xmlSecKeyInfoCtx keyInfoReadCtx
	+ xmlSecKeyInfoCtx keyInfoWriteCtx
	## xmlSecTransformCtx transformCtx
	## xmlSecTransformUriType enabledReferenceUris
	## xmlSecPtrListPtr enabledReferenceTransforms