XML Signature support without Mozilla

This page contains random notes to provide XML DSig support without Mozilla.

We need to use:

System XmlSec instead of external/libxmlsec. This is now a patched version of XmlSec 1.2.6
System NSS and NSPR instead of the bundled Mozilla libraries. We need to be careful about shared libraries conflict.

Mozilla (MOZ:moz) is also needed in the dba/connectivity module for addressbook integration.

Do we have with problem sharing databases with Mozilla (Mozilla bug 217538: softoken databases cannot be shared between multiple processes)?

Steps to do:

Update XmlSec to
- provide xmlSecNssAppliedKeysMngrCreate, xmlSecNssAppliedKeysMngrSymKeyLoad, xmlSecNssAppliedKeysMngrPubKeyLoad xmlSecNssAppliedKeysMngrPriKeyLoad
- Check X.509 certificate verification semantics in (possible API breakage here)
- Verify rest of the patch
- Make sure internal XmlSec tests pass
Verify that XmlSec is built with NSS support.
Provide SYSTEM_NSPR, SYSTEM_NSS, SYSTEM_XMLSEC environment variables.
Modify xml/xmlsecurity module to use system NSS, NSPR and XmlSec library. Preliminary patch:

--- xmlsecurity/util/makefile.mk.orig	2008-04-10 01:46:36.053917594 +0200
+++ xmlsecurity/util/makefile.mk	2008-04-10 01:46:44.443729469 +0200
@@ -47,11 +47,6 @@
 .INCLUDE :  settings.mk
 .INCLUDE :	$(PRJ)$/util$/target.pmk
 
-.IF "$(WITH_MOZILLA)" == "NO"
-@all:
-	@echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity..."
-.ENDIF
-
 # --- Files --------------------------------------------------------
 
 BMP_IN=$(PRJ)$/res
--- xmlsecurity/source/xmlsec/nss/makefile.mk.orig	2008-04-10 01:46:58.976404741 +0200
+++ xmlsecurity/source/xmlsec/nss/makefile.mk	2008-04-10 02:20:30.562702818 +0200
@@ -55,11 +55,6 @@
 
 .IF "$(CRYPTO_ENGINE)" == "nss"
 
-.IF "$(WITH_MOZILLA)" == "NO"
-@all:
-	@echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity/nss"
-.ENDIF
-
 .IF "$(SYSTEM_MOZILLA)" != "YES"
 MOZ_INC = $(SOLARVERSION)$/$(INPATH)$/inc$(UPDMINOREXT)$/mozilla
 NSS_INC = $(MOZ_INC)$/nss
@@ -70,6 +65,20 @@
 NSPR_INC = $(MOZ_INC)$/nspr
 .ENDIF
 
+.IF "$(SYSTEM_NSS)" == "YES"
+XMLSEC_INC = /usr/local/include/xmlsec1
+.ELSE
+XMLSEC_INC = $(PRJ)$/source$/xmlsec
+.ENDIF
+
+.IF "$(SYSTEM_NSS)" == "YES"
+NSS_INC = /usr/local/include/nss/nss
+.ENDIF
+
+.IF "$(SYSTEM_NSPR)" == "YES"
+NSPR_INC = /usr/local/include/nspr
+.ENDIF
+
 .IF "$(GUI)"=="UNX"
 .IF "$(COMNAME)"=="sunpro5"
 CFLAGS += -features=tmplife
@@ -121,12 +130,11 @@
 SOLARINC += \
  -I$(MOZ_INC) \
 -I$(NSPR_INC) \
--I$(PRJ)$/source$/xmlsec
+-I$(NSS_INC) \
+-I$(XMLSEC_INC)
 
 .IF "$(SYSTEM_MOZILLA)" == "YES"
-SOLARINC += -DSYSTEM_MOZILLA $(NSS_INC)
-.ELSE
-SOLARINC += -I$(NSS_INC)
+SOLARINC += -DSYSTEM_MOZILLA 
 .ENDIF
 
 SLOFILES = \
--- xmlsecurity/source/xmlsec/makefile.mk.orig	2008-04-10 01:45:40.800153175 +0200
+++ xmlsecurity/source/xmlsec/makefile.mk	2008-04-10 01:46:02.219673838 +0200
@@ -53,10 +53,6 @@
 CDEFS += -DXMLSEC_CRYPTO_MSCRYPTO -DXMLSEC_NO_XSLT
 .ELSE
 CDEFS += -DXMLSEC_CRYPTO_NSS -DXMLSEC_NO_XSLT
-.IF "$(WITH_MOZILLA)" == "NO"
-@all:
-	@echo "No mozilla -> no nss -> no libxmlsec -> no xmlsecurity.."
-.ENDIF
 .ENDIF
 
 # --- Files --------------------------------------------------------
--- xmlsecurity/prj/build.lst.orig	2008-04-10 01:40:35.017991731 +0200
+++ xmlsecurity/prj/build.lst	2008-04-10 01:40:57.763482421 +0200
@@ -1,4 +1,4 @@
-xs	xmlsecurity	:	xmloff unotools offapi unoil svx MOZ:moz SO:moz_prebuilt LIBXMLSEC:libxmlsec NULL
+xs	xmlsecurity	:	xmloff unotools offapi unoil svx LIBXMLSEC:libxmlsec NULL
 xs	xmlsecurity                                                        usr1	 -	all	xs_mkout	NULL
 xs	xmlsecurity\inc				                                       nmake -	all	xs_inc NULL
 xs	xmlsecurity\source\framework                                       nmake -	all	xs_fw xs_inc NULL

XML Signature support without Mozilla

Views

Personal tools

Navigation

Tools

Print/export

Search