gregvish/setEnabledKeyData2.diff

## setEnabledKeyData2.diff
diff --git a/dm.xmlsec.binding.egg-info/PKG-INFO b/dm.xmlsec.binding.egg-info/PKG-INFO
index ef2b2b6..edfdd9a 100644
--- a/dm.xmlsec.binding.egg-info/PKG-INFO
+++ b/dm.xmlsec.binding.egg-info/PKG-INFO
@@ -524,6 +524,8 @@ Description: This package contains a Cython (http://cython.org/) based bindung
         ...         dsigCtx.enableReferenceTransform(tid)
         ...     dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
         ...     dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
+        ...     # limit the allowed KeyData elements
+        ...     dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
         ...     dsigCtx.verify(node)
         ...
         >>> # this works
diff --git a/dm.xmlsec.binding.egg-info/SOURCES.txt b/dm.xmlsec.binding.egg-info/SOURCES.txt
index 5490887..93db6b4 100644
--- a/dm.xmlsec.binding.egg-info/SOURCES.txt
+++ b/dm.xmlsec.binding.egg-info/SOURCES.txt
@@ -1,3 +1,4 @@
+setup.cfg
 setup.py
 dm/__init__.py
 dm.xmlsec.binding.egg-info/PKG-INFO
diff --git a/dm/xmlsec/binding/README.txt b/dm/xmlsec/binding/README.txt
index 9247c9c..846cedc 100644
--- a/dm/xmlsec/binding/README.txt
+++ b/dm/xmlsec/binding/README.txt
@@ -516,6 +516,8 @@ Verifying a signature with additional restrictions
 ...         dsigCtx.enableReferenceTransform(tid)
 ...     dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
 ...     dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
+...     # limit the allowed KeyData elements
+...     dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
 ...     dsigCtx.verify(node)
 ...
 >>> # this works
diff --git a/src/_xmlsec.c b/src/_xmlsec.c
deleted file mode 100644
index a1b8974..0000000
diff --git a/src/_xmlsec.pyx b/src/_xmlsec.pyx
index 45e9427..ffbd1a0 100644
--- a/src/_xmlsec.pyx
+++ b/src/_xmlsec.pyx
@@ -388,8 +388,16 @@ cdef class DSigCtx:
     if rv < 0:
       raise Error("enableSignatureTransform failed", rv)

-
-
+  def setEnabledKeyData(self, keydata_list):
+    cdef KeyData keydata
+    cdef xmlSecPtrListPtr enabled_list
+    enabled_list = &(self.ctx.keyInfoReadCtx.enabledKeyData)
+    xmlSecPtrListEmpty(enabled_list)
+    for keydata in keydata_list:
+        rv = xmlSecPtrListAdd(enabled_list, <xmlSecPtr> keydata.id)
+        if rv < 0:
+            raise Error("setEnabledKeyData failed")
+

 cdef class EncCtx:
   """Encryption context."""
diff --git a/src/cxmlsec.pxd b/src/cxmlsec.pxd
index 80afa7f..a8058df 100644
--- a/src/cxmlsec.pxd
+++ b/src/cxmlsec.pxd
@@ -56,6 +56,10 @@ cdef extern from 'cxmlsec.h':
                 xmlSecKeyDataTypeTrusted = 0x0100
                 xmlSecKeyDataTypeAny = 0xFFFF

+        ctypedef void * xmlSecPtrList
+        ctypedef xmlSecPtrList * xmlSecPtrListPtr
+        ctypedef void * xmlSecPtr
+
         void xmlSecKeyDestroy(xmlSecKeyPtr) nogil
         xmlSecKeyPtr xmlSecKeyDuplicate(xmlSecKeyPtr) nogil
         xmlSecKeyPtr xmlSecCryptoAppKeyLoad(const_char *, xmlSecKeyDataFormat, const_char *, void *, void *) nogil
@@ -66,6 +70,8 @@ cdef extern from 'cxmlsec.h':
         xmlSecKeyPtr xmlSecKeyGenerate(xmlSecKeyDataId, size_t, xmlSecKeyDataType) nogil
         int xmlSecKeySetName(xmlSecKeyPtr, const_xmlChar *) nogil
         const_xmlChar * xmlSecKeyGetName(xmlSecKeyPtr) nogil
+        int xmlSecPtrListAdd(xmlSecPtrListPtr, xmlSecPtr) nogil
+        int xmlSecPtrListEmpty(xmlSecPtrListPtr) nogil

         cdef struct _xmlSecTransformKlass:
                 const_xmlChar * name
@@ -126,6 +132,9 @@ cdef extern from 'cxmlsec.h':
         int xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr, char * filename, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil
         int xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr, const_unsigned_char *, size_t, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil

+        cdef struct xmlSecKeyInfoCtx:
+                xmlSecPtrList enabledKeyData
+
         ctypedef enum xmlSecDSigStatus:
                 xmlSecDSigStatusUnknown = 0
                 xmlSecDSigStatusSucceeded = 1
@@ -134,8 +143,8 @@ cdef extern from 'cxmlsec.h':
 ##                void * userData
 ##                unsigned int flags
 ##                unsigned int flags2
-##                xmlSecKeyInfoCtx keyInfoReadCtx
-##                xmlSecKeyInfoCtx keyInfoWriteCtx
+                xmlSecKeyInfoCtx keyInfoReadCtx
+                xmlSecKeyInfoCtx keyInfoWriteCtx
 ##                xmlSecTransformCtx transformCtx
 ##                xmlSecTransformUriType enabledReferenceUris
 ##                xmlSecPtrListPtr enabledReferenceTransforms
	diff --git a/dm.xmlsec.binding.egg-info/PKG-INFO b/dm.xmlsec.binding.egg-info/PKG-INFO
	index ef2b2b6..edfdd9a 100644
	--- a/dm.xmlsec.binding.egg-info/PKG-INFO
	+++ b/dm.xmlsec.binding.egg-info/PKG-INFO
	@@ -524,6 +524,8 @@ Description: This package contains a Cython (http://cython.org/) based bindung
	... dsigCtx.enableReferenceTransform(tid)
	... dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
	... dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
	+ ... # limit the allowed KeyData elements
	+ ... dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
	... dsigCtx.verify(node)
	...
	>>> # this works
	diff --git a/dm.xmlsec.binding.egg-info/SOURCES.txt b/dm.xmlsec.binding.egg-info/SOURCES.txt
	index 5490887..93db6b4 100644
	--- a/dm.xmlsec.binding.egg-info/SOURCES.txt
	+++ b/dm.xmlsec.binding.egg-info/SOURCES.txt
	@@ -1,3 +1,4 @@
	+setup.cfg
	setup.py
	dm/__init__.py
	dm.xmlsec.binding.egg-info/PKG-INFO
	diff --git a/dm/xmlsec/binding/README.txt b/dm/xmlsec/binding/README.txt
	index 9247c9c..846cedc 100644
	--- a/dm/xmlsec/binding/README.txt
	+++ b/dm/xmlsec/binding/README.txt
	@@ -516,6 +516,8 @@ Verifying a signature with additional restrictions
	... dsigCtx.enableReferenceTransform(tid)
	... dsigCtx.enableSignatureTransform(xmlsec.TransformRsaSha1)
	... dsigCtx.enableReferenceTransform(xmlsec.TransformEnveloped)
	+... # limit the allowed KeyData elements
	+... dsigCtx.setEnabledKeyData([xmlsec.KeyDataX509])
	... dsigCtx.verify(node)
	...
	>>> # this works
	diff --git a/src/_xmlsec.c b/src/_xmlsec.c
	deleted file mode 100644
	index a1b8974..0000000
	diff --git a/src/_xmlsec.pyx b/src/_xmlsec.pyx
	index 45e9427..ffbd1a0 100644
	--- a/src/_xmlsec.pyx
	+++ b/src/_xmlsec.pyx
	@@ -388,8 +388,16 @@ cdef class DSigCtx:
	if rv < 0:
	raise Error("enableSignatureTransform failed", rv)

	-
	-
	+ def setEnabledKeyData(self, keydata_list):
	+ cdef KeyData keydata
	+ cdef xmlSecPtrListPtr enabled_list
	+ enabled_list = &(self.ctx.keyInfoReadCtx.enabledKeyData)
	+ xmlSecPtrListEmpty(enabled_list)
	+ for keydata in keydata_list:
	+ rv = xmlSecPtrListAdd(enabled_list, <xmlSecPtr> keydata.id)
	+ if rv < 0:
	+ raise Error("setEnabledKeyData failed")
	+

	cdef class EncCtx:
	"""Encryption context."""
	diff --git a/src/cxmlsec.pxd b/src/cxmlsec.pxd
	index 80afa7f..a8058df 100644
	--- a/src/cxmlsec.pxd
	+++ b/src/cxmlsec.pxd
	@@ -56,6 +56,10 @@ cdef extern from 'cxmlsec.h':
	xmlSecKeyDataTypeTrusted = 0x0100
	xmlSecKeyDataTypeAny = 0xFFFF

	+ ctypedef void * xmlSecPtrList
	+ ctypedef xmlSecPtrList * xmlSecPtrListPtr
	+ ctypedef void * xmlSecPtr
	+
	void xmlSecKeyDestroy(xmlSecKeyPtr) nogil
	xmlSecKeyPtr xmlSecKeyDuplicate(xmlSecKeyPtr) nogil
	xmlSecKeyPtr xmlSecCryptoAppKeyLoad(const_char , xmlSecKeyDataFormat, const_char , void , void ) nogil
	@@ -66,6 +70,8 @@ cdef extern from 'cxmlsec.h':
	xmlSecKeyPtr xmlSecKeyGenerate(xmlSecKeyDataId, size_t, xmlSecKeyDataType) nogil
	int xmlSecKeySetName(xmlSecKeyPtr, const_xmlChar *) nogil
	const_xmlChar * xmlSecKeyGetName(xmlSecKeyPtr) nogil
	+ int xmlSecPtrListAdd(xmlSecPtrListPtr, xmlSecPtr) nogil
	+ int xmlSecPtrListEmpty(xmlSecPtrListPtr) nogil

	cdef struct _xmlSecTransformKlass:
	const_xmlChar * name
	@@ -126,6 +132,9 @@ cdef extern from 'cxmlsec.h':
	int xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr, char * filename, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil
	int xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr, const_unsigned_char *, size_t, xmlSecKeyDataFormat, xmlSecKeyDataType) nogil

	+ cdef struct xmlSecKeyInfoCtx:
	+ xmlSecPtrList enabledKeyData
	+
	ctypedef enum xmlSecDSigStatus:
	xmlSecDSigStatusUnknown = 0
	xmlSecDSigStatusSucceeded = 1
	@@ -134,8 +143,8 @@ cdef extern from 'cxmlsec.h':
	## void * userData
	## unsigned int flags
	## unsigned int flags2
	-## xmlSecKeyInfoCtx keyInfoReadCtx
	-## xmlSecKeyInfoCtx keyInfoWriteCtx
	+ xmlSecKeyInfoCtx keyInfoReadCtx
	+ xmlSecKeyInfoCtx keyInfoWriteCtx
	## xmlSecTransformCtx transformCtx
	## xmlSecTransformUriType enabledReferenceUris
	## xmlSecPtrListPtr enabledReferenceTransforms