RubyGems - xmlsec-shim - Versions diffs - 1.2.18.1 - Mend

xmlsec-shim 1.2.18.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (969) hide show

data/vendor/xmlsec1-1.2.18/src/xmlsec.c ADDED

@@ -0,0 +1,185 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * General functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <libxml/tree.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/app.h>
+#include <xmlsec/io.h>
+#include <xmlsec/xkms.h>
+#include <xmlsec/errors.h>
+/**
+ * xmlSecInit:
+ *
+ * Initializes XML Security Library. The depended libraries
+ * (LibXML and LibXSLT) must be initialized before.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecInit(void) {
+    xmlSecErrorsInit();
+    xmlSecIOInit();
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+    if(xmlSecCryptoDLInit() < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecCryptoDLInit",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+    if(xmlSecKeyDataIdsInit() < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecKeyDataIdsInit",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    if(xmlSecTransformIdsInit() < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecTransformIdsInit",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+#ifndef XMLSEC_NO_XKMS
+    if(xmlSecXkmsRespondWithIdsInit() < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecXkmsRespondWithIdsInit",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    if(xmlSecXkmsServerRequestIdsInit() < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecXkmsServerRequestIdsInit",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+#endif /* XMLSEC_NO_XKMS */
+    /* we use rand() function to generate id attributes */
+    srand(time(NULL));
+    return(0);
+}
+/**
+ * xmlSecShutdown:
+ *
+ * Clean ups the XML Security Library.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecShutdown(void) {
+    int res = 0;
+#ifndef XMLSEC_NO_XKMS
+    xmlSecXkmsServerRequestIdsShutdown();
+    xmlSecXkmsRespondWithIdsShutdown();
+#endif /* XMLSEC_NO_XKMS */
+    xmlSecTransformIdsShutdown();
+    xmlSecKeyDataIdsShutdown();
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+    if(xmlSecCryptoDLShutdown() < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecCryptoDLShutdown",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        res = -1;
+    }
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+    xmlSecIOShutdown();
+    xmlSecErrorsShutdown();
+    return(res);
+}
+/**
+ * xmlSecCheckVersionExt:
+ * @major:              the major version number.
+ * @minor:              the minor version number.
+ * @subminor:           the subminor version number.
+ * @mode:               the version check mode.
+ *
+ * Checks if the loaded version of xmlsec library could be used.
+ *
+ * Returns: 1 if the loaded xmlsec library version is OK to use
+ * 0 if it is not or a negative value if an error occurs.
+ */
+int
+xmlSecCheckVersionExt(int major, int minor, int subminor, xmlSecCheckVersionMode mode) {
+    /* we always want to have a match for major version number */
+    if(major != XMLSEC_VERSION_MAJOR) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    NULL,
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "expected major version=%d;real major version=%d",
+                    XMLSEC_VERSION_MAJOR, major);
+        return(0);
+    }
+    switch(mode) {
+    case xmlSecCheckVersionExactMatch:
+        if((minor != XMLSEC_VERSION_MINOR) || (subminor != XMLSEC_VERSION_SUBMINOR)) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        NULL,
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
+                        XMLSEC_VERSION_MINOR, minor,
+                        XMLSEC_VERSION_SUBMINOR, subminor);
+            return(0);
+        }
+        break;
+    case xmlSecCheckVersionABICompatible:
+        if((minor < XMLSEC_VERSION_MINOR) ||
+           ((minor == XMLSEC_VERSION_MINOR) &&
+            (subminor < XMLSEC_VERSION_SUBMINOR))) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        NULL,
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
+                        XMLSEC_VERSION_MINOR, minor,
+                        XMLSEC_VERSION_SUBMINOR, subminor);
+            return(0);
+        }
+        break;
+    }
+    return(1);
+}

data/vendor/xmlsec1-1.2.18/src/xmltree.c ADDED

@@ -0,0 +1,1908 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Common XML Doc utility functions
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <libxml/tree.h>
+#include <libxml/valid.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/parser.h>
+#include <xmlsec/private.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+/**
+ * xmlSecFindChild:
+ * @parent:             the pointer to XML node.
+ * @name:               the name.
+ * @ns:                 the namespace href (may be NULL).
+ *
+ * Searches a direct child of the @parent node having given name and
+ * namespace href.
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
+ * node is not found.
+ */
+xmlNodePtr
+xmlSecFindChild(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
+    xmlNodePtr cur;
+    xmlSecAssert2(parent != NULL, NULL);
+    xmlSecAssert2(name != NULL, NULL);
+    cur = parent->children;
+    while(cur != NULL) {
+        if(cur->type == XML_ELEMENT_NODE) {
+            if(xmlSecCheckNodeName(cur, name, ns)) {
+                return(cur);
+            }
+        }
+        cur = cur->next;
+    }
+    return(NULL);
+}
+/**
+ * xmlSecFindParent:
+ * @cur:                the pointer to an XML node.
+ * @name:               the name.
+ * @ns:                 the namespace href (may be NULL).
+ *
+ * Searches the ancestors axis of the @cur node for a node having given name
+ * and namespace href.
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
+ * node is not found.
+ */
+xmlNodePtr
+xmlSecFindParent(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) {
+    xmlSecAssert2(cur != NULL, NULL);
+    xmlSecAssert2(name != NULL, NULL);
+    if(xmlSecCheckNodeName(cur, name, ns)) {
+        return(cur);
+    } else if(cur->parent != NULL) {
+        return(xmlSecFindParent(cur->parent, name, ns));
+    }
+    return(NULL);
+}
+/**
+ * xmlSecFindNode:
+ * @parent:             the pointer to XML node.
+ * @name:               the name.
+ * @ns:                 the namespace href (may be NULL).
+ *
+ * Searches all children of the @parent node having given name and
+ * namespace href.
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
+ * node is not found.
+ */
+xmlNodePtr
+xmlSecFindNode(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
+    xmlNodePtr cur;
+    xmlNodePtr ret;
+    xmlSecAssert2(name != NULL, NULL);
+    cur = parent;
+    while(cur != NULL) {
+        if((cur->type == XML_ELEMENT_NODE) && xmlSecCheckNodeName(cur, name, ns)) {
+            return(cur);
+        }
+        if(cur->children != NULL) {
+            ret = xmlSecFindNode(cur->children, name, ns);
+            if(ret != NULL) {
+                return(ret);
+            }
+        }
+        cur = cur->next;
+    }
+    return(NULL);
+}
+/**
+ * xmlSecGetNodeNsHref:
+ * @cur:                the pointer to node.
+ *
+ * Get's node's namespace href.
+ *
+ * Returns: node's namespace href.
+ */
+const xmlChar*
+xmlSecGetNodeNsHref(const xmlNodePtr cur) {
+    xmlNsPtr ns;
+    xmlSecAssert2(cur != NULL, NULL);
+    /* do we have a namespace in the node? */
+    if(cur->ns != NULL) {
+        return(cur->ns->href);
+    }
+    /* search for default namespace */
+    ns = xmlSearchNs(cur->doc, cur, NULL);
+    if(ns != NULL) {
+        return(ns->href);
+    }
+    return(NULL);
+}
+/**
+ * xmlSecCheckNodeName:
+ * @cur:                the pointer to an XML node.
+ * @name:               the name,
+ * @ns:                 the namespace href.
+ *
+ * Checks that the node has a given name and a given namespace href.
+ *
+ * Returns: 1 if the node matches or 0 otherwise.
+ */
+int
+xmlSecCheckNodeName(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) {
+    xmlSecAssert2(cur != NULL, 0);
+    return(xmlStrEqual(cur->name, name) &&
+           xmlStrEqual(xmlSecGetNodeNsHref(cur), ns));
+}
+/**
+ * xmlSecAddChild:
+ * @parent:             the pointer to an XML node.
+ * @name:               the new node name.
+ * @ns:                 the new node namespace.
+ *
+ * Adds a child to the node @parent with given @name and namespace @ns.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
+    xmlNodePtr cur;
+    xmlNodePtr text;
+    xmlSecAssert2(parent != NULL, NULL);
+    xmlSecAssert2(name != NULL, NULL);
+    if(parent->children == NULL) {
+        /* TODO: add indents */
+        text = xmlNewText(xmlSecStringCR);
+        if(text == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlNewText",
+                        XMLSEC_ERRORS_R_XML_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(NULL);
+        }
+        xmlAddChild(parent, text);
+    }
+    cur = xmlNewChild(parent, NULL, name, NULL);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewChild",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    /* namespaces support */
+    if(ns != NULL) {
+        xmlNsPtr nsPtr;
+        /* find namespace by href and check that its prefix is not overwritten */
+        nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+        if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+            nsPtr = xmlNewNs(cur, ns, NULL);
+        }
+        xmlSetNs(cur, nsPtr);
+    }
+    /* TODO: add indents */
+    text = xmlNewText(xmlSecStringCR);
+    if(text == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewText",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlAddChild(parent, text);
+    return(cur);
+}
+/**
+ * xmlSecAddChildNode:
+ * @parent:             the pointer to an XML node.
+ * @child:              the new node.
+ *
+ * Adds @child node to the @parent node.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) {
+    xmlNodePtr text;
+    xmlSecAssert2(parent != NULL, NULL);
+    xmlSecAssert2(child != NULL, NULL);
+    if(parent->children == NULL) {
+        /* TODO: add indents */
+        text = xmlNewText(xmlSecStringCR);
+        if(text == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlNewText",
+                        XMLSEC_ERRORS_R_XML_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(NULL);
+        }
+        xmlAddChild(parent, text);
+    }
+    xmlAddChild(parent, child);
+    /* TODO: add indents */
+    text = xmlNewText(xmlSecStringCR);
+    if(text == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewText",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlAddChild(parent, text);
+    return(child);
+}
+/**
+ * xmlSecAddNextSibling
+ * @node:               the pointer to an XML node.
+ * @name:               the new node name.
+ * @ns:                 the new node namespace.
+ *
+ * Adds next sibling to the node @node with given @name and namespace @ns.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddNextSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
+    xmlNodePtr cur;
+    xmlNodePtr text;
+    xmlSecAssert2(node != NULL, NULL);
+    xmlSecAssert2(name != NULL, NULL);
+    cur = xmlNewNode(NULL, name);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewNode",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlAddNextSibling(node, cur);
+    /* namespaces support */
+    if(ns != NULL) {
+        xmlNsPtr nsPtr;
+        /* find namespace by href and check that its prefix is not overwritten */
+        nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+        if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+            nsPtr = xmlNewNs(cur, ns, NULL);
+        }
+        xmlSetNs(cur, nsPtr);
+    }
+    /* TODO: add indents */
+    text = xmlNewText(xmlSecStringCR);
+    if(text == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewText",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlAddNextSibling(node, text);
+    return(cur);
+}
+/**
+ * xmlSecAddPrevSibling
+ * @node:               the pointer to an XML node.
+ * @name:               the new node name.
+ * @ns:                 the new node namespace.
+ *
+ * Adds prev sibling to the node @node with given @name and namespace @ns.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
+    xmlNodePtr cur;
+    xmlNodePtr text;
+    xmlSecAssert2(node != NULL, NULL);
+    xmlSecAssert2(name != NULL, NULL);
+    cur = xmlNewNode(NULL, name);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewNode",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlAddPrevSibling(node, cur);
+    /* namespaces support */
+    if(ns != NULL) {
+        xmlNsPtr nsPtr;
+        /* find namespace by href and check that its prefix is not overwritten */
+        nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+        if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+            nsPtr = xmlNewNs(cur, ns, NULL);
+        }
+        xmlSetNs(cur, nsPtr);
+    }
+    /* TODO: add indents */
+    text = xmlNewText(xmlSecStringCR);
+    if(text == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewText",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlAddPrevSibling(node, text);
+    return(cur);
+}
+/**
+ * xmlSecGetNextElementNode:
+ * @cur:                the pointer to an XML node.
+ *
+ * Seraches for the next element node.
+ *
+ * Returns: the pointer to next element node or NULL if it is not found.
+ */
+xmlNodePtr
+xmlSecGetNextElementNode(xmlNodePtr cur) {
+    while((cur != NULL) && (cur->type != XML_ELEMENT_NODE)) {
+        cur = cur->next;
+    }
+    return(cur);
+}
+/**
+ * xmlSecReplaceNode:
+ * @node:               the current node.
+ * @newNode:            the new node.
+ *
+ * Swaps the @node and @newNode in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNode(xmlNodePtr node, xmlNodePtr newNode) {
+    return xmlSecReplaceNodeAndReturn(node, newNode, NULL);
+}
+/**
+ * xmlSecReplaceNodeAndReturn:
+ * @node:               the current node.
+ * @newNode:            the new node.
+ * @replaced:           the replaced node, or release it if NULL is given
+ *
+ * Swaps the @node and @newNode in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNodeAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr* replaced) {
+    xmlNodePtr oldNode;
+    int restoreRoot = 0;
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(newNode != NULL, -1);
+    /* fix documents children if necessary first */
+    if((node->doc != NULL) && (node->doc->children == node)) {
+        node->doc->children = node->next;
+        restoreRoot = 1;
+    }
+    if((newNode->doc != NULL) && (newNode->doc->children == newNode)) {
+        newNode->doc->children = newNode->next;
+    }
+    oldNode = xmlReplaceNode(node, newNode);
+    if(oldNode == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlReplaceNode",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(-1);
+    }
+    if(restoreRoot != 0) {
+        xmlDocSetRootElement(oldNode->doc, newNode);
+    }
+    /* return the old node if requested */
+    if(replaced != NULL) {
+        (*replaced) = oldNode;
+    } else {
+        xmlFreeNode(oldNode);
+    }
+    return(0);
+}
+/**
+ * xmlSecReplaceContent
+ * @node:               the current node.
+ * @newNode:            the new node.
+ *
+ * Swaps the content of @node and @newNode.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceContent(xmlNodePtr node, xmlNodePtr newNode) {
+     return xmlSecReplaceContentAndReturn(node, newNode, NULL);
+}
+/**
+ * xmlSecReplaceContentAndReturn
+ * @node:               the current node.
+ * @newNode:            the new node.
+ * @replaced:           the replaced nodes, or release them if NULL is given
+ *
+ * Swaps the content of @node and @newNode.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceContentAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr *replaced) {
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(newNode != NULL, -1);
+    xmlUnlinkNode(newNode);
+    xmlSetTreeDoc(newNode, node->doc);
+    /* return the old nodes if requested */
+    if(replaced != NULL) {
+        xmlNodePtr cur, next, tail;
+        (*replaced) = tail = NULL;
+        for(cur = node->children; (cur != NULL); cur = next) {
+            next = cur->next;
+            if((*replaced) != NULL) {
+                /* n is unlinked in this function */
+                xmlAddNextSibling(tail, cur);
+                tail = cur;
+            } else {
+                /* this is the first node, (*replaced) is the head */
+                xmlUnlinkNode(cur);
+                (*replaced) = tail = cur;
+          }
+        }
+    } else {
+        /* just delete the content */
+        xmlNodeSetContent(node, NULL);
+    }
+    xmlAddChild(node, newNode);
+    xmlSetTreeDoc(newNode, node->doc);
+    return(0);
+}
+/**
+ * xmlSecReplaceNodeBuffer:
+ * @node:               the current node.
+ * @buffer:             the XML data.
+ * @size:               the XML data size.
+ *
+ * Swaps the @node and the parsed XML data from the @buffer in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNodeBuffer(xmlNodePtr node, const xmlSecByte *buffer, xmlSecSize size) {
+    return xmlSecReplaceNodeBufferAndReturn(node, buffer, size, NULL);
+}
+/**
+ * xmlSecReplaceNodeBufferAndReturn:
+ * @node:               the current node.
+ * @buffer:             the XML data.
+ * @size:               the XML data size.
+ * @replaced:           the replaced nodes, or release them if NULL is given
+ *
+ * Swaps the @node and the parsed XML data from the @buffer in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNodeBufferAndReturn(xmlNodePtr node, const xmlSecByte *buffer, xmlSecSize size, xmlNodePtr *replaced) {
+    xmlNodePtr results = NULL;
+    xmlNodePtr next = NULL;
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(node->parent != NULL, -1);
+    /* parse buffer in the context of node's parent */
+    if(xmlParseInNodeContext(node->parent, (const char*)buffer, size, XML_PARSE_NODICT, &results) != XML_ERR_OK) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlParseInNodeContext",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "Failed to parse content");
+        return(-1);
+    }
+    /* add new nodes */
+    while (results != NULL) {
+        next = results->next;
+        xmlAddPrevSibling(node, results);
+        results = next;
+    }
+    /* remove old node */
+    xmlUnlinkNode(node);
+    /* return the old node if requested */
+    if(replaced != NULL) {
+        (*replaced) = node;
+    } else {
+        xmlFreeNode(node);
+    }
+    return(0);
+}
+/**
+ * xmlSecNodeEncodeAndSetContent:
+ * @node:                   the pointer to an XML node.
+ * @buffer:             the pointer to the node content.
+ *
+ * Encodes "special" characters in the @buffer and sets the result
+ * as the node content.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNodeEncodeAndSetContent(xmlNodePtr node, const xmlChar * buffer) {
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(node->doc != NULL, -1);
+    if(buffer != NULL) {
+            xmlChar * tmp;
+        tmp = xmlEncodeSpecialChars(node->doc, buffer);
+        if (tmp == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlEncodeSpecialChars",
+                        XMLSEC_ERRORS_R_XML_FAILED,
+                        "Failed to encode special characters");
+            return(-1);
+        }
+        xmlNodeSetContent(node, tmp);
+        xmlFree(tmp);
+    } else {
+        xmlNodeSetContent(node, NULL);
+    }
+    return(0);
+}
+/**
+ * xmlSecAddIDs:
+ * @doc:                the pointer to an XML document.
+ * @cur:                the pointer to an XML node.
+ * @ids:                the pointer to a NULL terminated list of ID attributes.
+ *
+ * Walks thru all children of the @cur node and adds all attributes
+ * from the @ids list to the @doc document IDs attributes hash.
+ */
+void
+xmlSecAddIDs(xmlDocPtr doc, xmlNodePtr cur, const xmlChar** ids) {
+    xmlNodePtr children = NULL;
+    xmlSecAssert(doc != NULL);
+    xmlSecAssert(ids != NULL);
+    if((cur != NULL) && (cur->type == XML_ELEMENT_NODE)) {
+        xmlAttrPtr attr;
+        xmlAttrPtr tmp;
+        int i;
+        xmlChar* name;
+        for(attr = cur->properties; attr != NULL; attr = attr->next) {
+            for(i = 0; ids[i] != NULL; ++i) {
+                if(xmlStrEqual(attr->name, ids[i])) {
+                    name = xmlNodeListGetString(doc, attr->children, 1);
+                    if(name != NULL) {
+                        tmp = xmlGetID(doc, name);
+                        if(tmp == NULL) {
+                            xmlAddID(NULL, doc, name, attr);
+                        } else if(tmp != attr) {
+                            xmlSecError(XMLSEC_ERRORS_HERE,
+                                        NULL,
+                                        NULL,
+                                        XMLSEC_ERRORS_R_INVALID_DATA,
+                                        "id=%s already defined",
+                                        xmlSecErrorsSafeString(name));
+                        }
+                        xmlFree(name);
+                    }
+                }
+            }
+        }
+        children = cur->children;
+    } else if(cur == NULL) {
+        children = doc->children;
+    }
+    while(children != NULL) {
+        if(children->type == XML_ELEMENT_NODE) {
+            xmlSecAddIDs(doc, children, ids);
+        }
+        children = children->next;
+    }
+}
+/**
+ * xmlSecGenerateAndAddID:
+ * @node:                       the node to ID attr to.
+ * @attrName:                   the ID attr name.
+ * @prefix:                     the prefix to add to the generated ID (can be NULL).
+ * @len:                        the length of ID.
+ *
+ * Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes)
+ * and puts it in the attribute @attrName.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGenerateAndAddID(xmlNodePtr node, const xmlChar* attrName, const xmlChar* prefix, xmlSecSize len) {
+    xmlChar* id;
+    int count;
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(attrName != NULL, -1);
+    /* we will try 5 times before giving up */
+    for(count = 0; count < 5; count++) {
+        id = xmlSecGenerateID(prefix, len);
+        if(id == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlSecGenerateID",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            return(-1);
+        }
+        if((node->doc == NULL) || (xmlGetID(node->doc, id) == NULL)) {
+            /* this is a unique ID in the document and we can use it */
+            if(xmlSetProp(node, attrName, id) == NULL) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            NULL,
+                            "xmlSetProp",
+                            XMLSEC_ERRORS_R_XML_FAILED,
+                            XMLSEC_ERRORS_NO_MESSAGE);
+                xmlFree(id);
+                return(-1);
+            }
+            xmlFree(id);
+            return(0);
+        }
+        xmlFree(id);
+    }
+    return(-1);
+}
+/**
+ * xmlSecGenerateID:
+ * @prefix:                     the prefix to add to the generated ID (can be NULL).
+ * @len:                        the length of ID.
+ *
+ * Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes).
+ * The caller is responsible for freeing returned string using @xmlFree function.
+ *
+ * Returns: pointer to generated ID string or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecGenerateID(const xmlChar* prefix, xmlSecSize len) {
+    xmlSecBuffer buffer;
+    xmlSecSize i, binLen;
+    xmlChar* res;
+    xmlChar* p;
+    int ret;
+    xmlSecAssert2(len > 0, NULL);
+    /* we will do base64 decoding later */
+    binLen = (3 * len + 1) / 4;
+    ret = xmlSecBufferInitialize(&buffer, binLen + 1);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferInitialize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    xmlSecAssert2(xmlSecBufferGetData(&buffer) != NULL, NULL);
+    xmlSecAssert2(xmlSecBufferGetMaxSize(&buffer) >= binLen, NULL);
+    ret = xmlSecBufferSetSize(&buffer, binLen);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBufferSetSize",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        xmlSecBufferFinalize(&buffer);
+        return(NULL);
+    }
+    xmlSecAssert2(xmlSecBufferGetSize(&buffer) == binLen, NULL);
+    /* create random bytes */
+    for(i = 0; i < binLen; i++) {
+        (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand() / (RAND_MAX + 1.0));
+    }
+    /* base64 encode random bytes */
+    res = xmlSecBase64Encode(xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), 0);
+    if((res == NULL) || (xmlStrlen(res) == 0)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecBase64Encode",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        xmlSecBufferFinalize(&buffer);
+        return(NULL);
+    }
+    xmlSecBufferFinalize(&buffer);
+    /* truncate the generated id attribute if needed */
+    if(xmlStrlen(res) > (int)len) {
+        res[len] = '\0';
+    }
+    /* we need to cleanup base64 encoded id because ID attr can't have '+' or '/' characters */
+    for(p = res; (*p) != '\0'; p++) {
+        if(((*p) == '+') || ((*p) == '/')) {
+            (*p) = '_';
+        }
+    }
+    /* add prefix if exist */
+    if(prefix) {
+        xmlChar* tmp;
+        xmlSecSize tmpLen;
+        tmpLen = xmlStrlen(prefix) + xmlStrlen(res) + 1;
+        tmp = xmlMalloc(tmpLen + 1);
+        if(tmp == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlMalloc",
+                        XMLSEC_ERRORS_R_MALLOC_FAILED,
+                        XMLSEC_ERRORS_NO_MESSAGE);
+            xmlFree(res);
+            return(NULL);
+        }
+        xmlSecStrPrintf(tmp, tmpLen, BAD_CAST "%s%s", prefix, res);
+        xmlFree(res);
+        res = tmp;
+    } else {
+        /* no prefix: check that ID attribute starts from a letter */
+        if(!(((res[0] >= 'A') && (res[0] <= 'Z')) ||
+             ((res[0] >= 'a') && (res[0] <= 'z')))) {
+             res[0] = 'A';
+        }
+    }
+    return(res);
+}
+/**
+ * xmlSecCreateTree:
+ * @rootNodeName:       the root node name.
+ * @rootNodeNs:         the root node namespace (otpional).
+ *
+ * Creates a new XML tree with one root node @rootNodeName.
+ *
+ * Returns: pointer to the newly created tree or NULL if an error occurs.
+ */
+xmlDocPtr
+xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) {
+    xmlDocPtr doc;
+    xmlNodePtr root;
+    xmlNsPtr ns;
+    xmlSecAssert2(rootNodeName != NULL, NULL);
+    /* create doc */
+    doc = xmlNewDoc(BAD_CAST "1.0");
+    if(doc == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewDoc",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    XMLSEC_ERRORS_NO_MESSAGE);
+        return(NULL);
+    }
+    /* create root node */
+    root = xmlNewDocNode(doc, NULL, rootNodeName, NULL);
+    if(root == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewDocNode",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "node=Keys");
+        xmlFreeDoc(doc);
+        return(NULL);
+    }
+    xmlDocSetRootElement(doc, root);
+    /* and set root node namespace */
+    ns = xmlNewNs(root, rootNodeNs, NULL);
+    if(ns == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNewNs",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "ns=%s",
+                    xmlSecErrorsSafeString(rootNodeNs));
+        xmlFreeDoc(doc);
+        return(NULL);
+    }
+    xmlSetNs(root, ns);
+    return(doc);
+}
+/**
+ * xmlSecIsEmptyNode:
+ * @node:               the node to check
+ *
+ * Checks whethere the @node is empty (i.e. has only whitespaces children).
+ *
+ * Returns: 1 if @node is empty, 0 otherwise or a negative value if an error occurs.
+ */
+int
+xmlSecIsEmptyNode(xmlNodePtr node) {
+    xmlChar* content;
+    int res;
+    xmlSecAssert2(node != NULL, -1);
+    if(xmlSecGetNextElementNode(node->children) != NULL) {
+        return(0);
+    }
+    content = xmlNodeGetContent(node);
+    if(content == NULL) {
+        return(1);
+    }
+    res = xmlSecIsEmptyString(content);
+    xmlFree(content);
+    return(res);
+}
+/**
+ * xmlSecIsEmptyString:
+ * @str:                the string to check
+ *
+ * Checks whethere the @str is empty (i.e. has only whitespaces children).
+ *
+ * Returns: 1 if @str is empty, 0 otherwise or a negative value if an error occurs.
+ */
+int
+xmlSecIsEmptyString(const xmlChar* str) {
+    xmlSecAssert2(str != NULL, -1);
+    for( ;*str != '\0'; ++str) {
+        if(!isspace((int)(*str))) {
+            return(0);
+        }
+    }
+    return(1);
+}
+/**
+ * xmlSecPrintXmlString:
+ * @fd:                the file descriptor to write the XML string to
+ * @str:               the string
+ *
+ * Encodes the @str (e.g. replaces '&' with '&amp;') and writes it to @fd.
+ *
+ * Returns: he number of bytes transmitted or a negative value if an error occurs.
+ */
+int
+xmlSecPrintXmlString(FILE * fd, const xmlChar * str) {
+    int res;
+    if(str != NULL) {
+        xmlChar * encoded_str = NULL;
+        encoded_str = xmlEncodeSpecialChars(NULL, str);
+        if(encoded_str == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlEncodeSpecialChars",
+                        XMLSEC_ERRORS_R_XML_FAILED,
+                        "string=%s",
+                        xmlSecErrorsSafeString(str));
+            return(-1);
+        }
+        res = fprintf(fd, "%s", (const char*)encoded_str);
+        xmlFree(encoded_str);
+    } else {
+        res = fprintf(fd, "NULL");
+    }
+    if(res < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "fprintf",
+                    XMLSEC_ERRORS_R_IO_FAILED,
+                    "res=%d,errno=%d",
+                    res, errno);
+        return(-1);
+    }
+    return(res);
+}
+/**
+ * xmlSecGetQName:
+ * @node:               the context node.
+ * @href:               the QName href (can be NULL).
+ * @local:              the QName local part.
+ *
+ * Creates QName (prefix:local) from @href and @local in the context of the @node.
+ * Caller is responsible for freeing returned string with xmlFree.
+ *
+ * Returns: qname or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) {
+    xmlChar* qname;
+    xmlNsPtr ns;
+    xmlSecAssert2(node != NULL, NULL);
+    xmlSecAssert2(local != NULL, NULL);
+    /* we don't want to create namespace node ourselves because
+     * it might cause collisions */
+    ns = xmlSearchNsByHref(node->doc, node, href);
+    if((ns == NULL) && (href != NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSearchNsByHref",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "node=%s,href=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(href));
+        return(NULL);
+    }
+    if((ns != NULL) && (ns->prefix != NULL)) {
+        xmlSecSize len;
+        len = xmlStrlen(local) + xmlStrlen(ns->prefix) + 4;
+        qname = xmlMalloc(len);
+        if(qname == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlMalloc",
+                        XMLSEC_ERRORS_R_MALLOC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(node->name));
+            return(NULL);
+        }
+        xmlSecStrPrintf(qname, len, BAD_CAST "%s:%s", ns->prefix, local);
+    } else {
+        qname = xmlStrdup(local);
+        if(qname == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlStrdup",
+                        XMLSEC_ERRORS_R_MALLOC_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(node->name));
+            return(NULL);
+        }
+    }
+    return(qname);
+}
+/*************************************************************************
+ *
+ * QName <-> Integer mapping
+ *
+ ************************************************************************/
+/**
+ * xmlSecQName2IntegerGetInfo:
+ * @info:               the qname<->integer mapping information.
+ * @intValue:           the integer value.
+ *
+ * Maps integer @intValue to a QName prefix.
+ *
+ * Returns: the QName info that is mapped to @intValue or NULL if such value
+ * is not found.
+ */
+xmlSecQName2IntegerInfoConstPtr
+xmlSecQName2IntegerGetInfo(xmlSecQName2IntegerInfoConstPtr info, int intValue) {
+    unsigned int ii;
+    xmlSecAssert2(info != NULL, NULL);
+    for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+        if(info[ii].intValue == intValue) {
+            return(&info[ii]);
+        }
+    }
+    return(NULL);
+}
+/**
+ * xmlSecQName2IntegerGetInteger:
+ * @info:               the qname<->integer mapping information.
+ * @qnameHref:          the qname href value.
+ * @qnameLocalPart:     the qname local part value.
+ * @intValue:           the pointer to result integer value.
+ *
+ * Maps qname qname to an integer and returns it in @intValue.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerGetInteger(xmlSecQName2IntegerInfoConstPtr info,
+                             const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
+                             int* intValue) {
+    unsigned int ii;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(qnameLocalPart != NULL, -1);
+    xmlSecAssert2(intValue != NULL, -1);
+    for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+        if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
+           xmlStrEqual(info[ii].qnameHref, qnameHref)) {
+            (*intValue) = info[ii].intValue;
+            return(0);
+        }
+    }
+    return(-1);
+}
+/**
+ * xmlSecQName2IntegerGetIntegerFromString:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the pointer to node.
+ * @qname:              the qname string.
+ * @intValue:           the pointer to result integer value.
+ *
+ * Converts @qname into integer in context of @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info,
+                                        xmlNodePtr node, const xmlChar* qname,
+                                        int* intValue) {
+    const xmlChar* qnameLocalPart = NULL;
+    xmlChar* qnamePrefix = NULL;
+    const xmlChar* qnameHref;
+    xmlNsPtr ns;
+    int ret;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(qname != NULL, -1);
+    xmlSecAssert2(intValue != NULL, -1);
+    qnameLocalPart = xmlStrchr(qname, ':');
+    if(qnameLocalPart != NULL) {
+        qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname);
+        if(qnamePrefix == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlStrndup",
+                        XMLSEC_ERRORS_R_MALLOC_FAILED,
+                        "node=%s,value=%s",
+                        xmlSecErrorsSafeString(node->name),
+                        xmlSecErrorsSafeString(qname));
+            return(-1);
+        }
+        qnameLocalPart++;
+    } else {
+        qnamePrefix = NULL;
+        qnameLocalPart = qname;
+    }
+    /* search namespace href */
+    ns = xmlSearchNs(node->doc, node, qnamePrefix);
+    if((ns == NULL) && (qnamePrefix != NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSearchNs",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "node=%s,qnamePrefix=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(qnamePrefix));
+        if(qnamePrefix != NULL) {
+            xmlFree(qnamePrefix);
+        }
+        return(-1);
+    }
+    qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
+    /* and finally search for integer */
+    ret = xmlSecQName2IntegerGetInteger(info, qnameHref, qnameLocalPart, intValue);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2IntegerGetInteger",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,qnameLocalPart=%s,qnameHref=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(qnameLocalPart),
+                    xmlSecErrorsSafeString(qnameHref));
+        if(qnamePrefix != NULL) {
+            xmlFree(qnamePrefix);
+        }
+        return(-1);
+    }
+    if(qnamePrefix != NULL) {
+        xmlFree(qnamePrefix);
+    }
+    return(0);
+}
+/**
+ * xmlSecQName2IntegerGetStringFromInteger:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the pointer to node.
+ * @intValue:           the integer value.
+ *
+ * Creates qname string for @intValue in context of given @node. Caller
+ * is responsible for freeing returned string with @xmlFree.
+ *
+ * Returns: pointer to newly allocated string on success or NULL if an error occurs,
+ */
+xmlChar*
+xmlSecQName2IntegerGetStringFromInteger(xmlSecQName2IntegerInfoConstPtr info,
+                                        xmlNodePtr node, int intValue) {
+    xmlSecQName2IntegerInfoConstPtr qnameInfo;
+    xmlSecAssert2(info != NULL, NULL);
+    xmlSecAssert2(node != NULL, NULL);
+    qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
+    if(qnameInfo == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2IntegerGetInfo",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,intValue=%d",
+                    xmlSecErrorsSafeString(node->name),
+                    intValue);
+        return(NULL);
+    }
+    return (xmlSecGetQName(node, qnameInfo->qnameHref, qnameInfo->qnameLocalPart));
+}
+/**
+ * xmlSecQName2IntegerNodeRead:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the pointer to node.
+ * @intValue:           the pointer to result integer value.
+ *
+ * Reads the content of @node and converts it to an integer using mapping
+ * from @info.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerNodeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node, int* intValue) {
+    xmlChar* content = NULL;
+    int ret;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(intValue != NULL, -1);
+    content = xmlNodeGetContent(node);
+    if(content == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlNodeGetContent",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "node=%s",
+                    xmlSecErrorsSafeString(node->name));
+        return(-1);
+    }
+    /* todo: trim content? */
+    ret = xmlSecQName2IntegerGetIntegerFromString(info, node, content, intValue);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2IntegerGetIntegerFromString",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,value=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(content));
+        xmlFree(content);
+        return(-1);
+    }
+    xmlFree(content);
+    return(0);
+}
+/**
+ * xmlSecQName2IntegerNodeWrite:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the parent node.
+ * @nodeName:           the child node name.
+ * @nodeNs:             the child node namespace.
+ * @intValue:           the integer value.
+ *
+ * Creates new child node in @node and sets its value to @intValue.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerNodeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
+                            const xmlChar* nodeName, const xmlChar* nodeNs, int intValue) {
+    xmlNodePtr cur;
+    xmlChar* qname = NULL;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(nodeName != NULL, -1);
+    /* find and build qname */
+    qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue);
+    if(qname == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2IntegerGetStringFromInteger",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,intValue=%d",
+                    xmlSecErrorsSafeString(node->name),
+                    intValue);
+        return(-1);
+    }
+    cur = xmlSecAddChild(node, nodeName, nodeNs);
+    if(cur == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecAddChild",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,intValue=%d",
+                    xmlSecErrorsSafeString(nodeName),
+                    intValue);
+        xmlFree(qname);
+        return(-1);
+    }
+    xmlNodeSetContent(cur, qname);
+    xmlFree(qname);
+    return(0);
+}
+/**
+ * xmlSecQName2IntegerAttributeRead:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the element node.
+ * @attrName:           the attribute name.
+ * @intValue:           the pointer to result integer value.
+ *
+ * Gets the value of @attrName atrtibute from @node and converts it to integer
+ * according to @info.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerAttributeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
+                            const xmlChar* attrName, int* intValue) {
+    xmlChar* attrValue;
+    int ret;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(attrName != NULL, -1);
+    xmlSecAssert2(intValue != NULL, -1);
+    attrValue = xmlGetProp(node, attrName);
+    if(attrValue == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlGetProp",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "node=%s,attrValue=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(attrName));
+        return(-1);
+    }
+    /* todo: trim value? */
+    ret = xmlSecQName2IntegerGetIntegerFromString(info, node, attrValue, intValue);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2IntegerGetIntegerFromString",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,attrName=%s,attrValue=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(attrName),
+                    xmlSecErrorsSafeString(attrValue));
+        xmlFree(attrValue);
+        return(-1);
+    }
+    xmlFree(attrValue);
+    return(0);
+}
+/**
+ * xmlSecQName2IntegerAttributeWrite:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the parent node.
+ * @attrName:           the name of attribute.
+ * @intValue:           the integer value.
+ *
+ * Converts @intValue to a qname and sets it to the value of
+ * attribute @attrName in @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerAttributeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
+                            const xmlChar* attrName, int intValue) {
+    xmlChar* qname;
+    xmlAttrPtr attr;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(attrName != NULL, -1);
+    /* find and build qname */
+    qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue);
+    if(qname == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2IntegerGetStringFromInteger",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,attrName=%s,intValue=%d",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(attrName),
+                    intValue);
+        return(-1);
+    }
+    attr = xmlSetProp(node, attrName, qname);
+    if(attr == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecAddChildNode",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,attrName=%s,intValue=%d",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(attrName),
+                    intValue);
+        xmlFree(qname);
+        return(-1);
+    }
+    xmlFree(qname);
+    return(0);
+}
+/**
+ * xmlSecQName2IntegerDebugDump:
+ * @info:               the qname<->integer mapping information.
+ * @intValue:           the integer value.
+ * @name:               the value name to print.
+ * @output:             the pointer to output FILE.
+ *
+ * Prints @intValue into @output.
+ */
+void
+xmlSecQName2IntegerDebugDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
+                            const xmlChar* name, FILE* output) {
+    xmlSecQName2IntegerInfoConstPtr qnameInfo;
+    xmlSecAssert(info != NULL);
+    xmlSecAssert(name != NULL);
+    xmlSecAssert(output != NULL);
+    qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
+    if(qnameInfo != NULL) {
+        fprintf(output, "== %s: %d (name=\"%s\", href=\"%s\")\n", name, intValue,
+            (qnameInfo->qnameLocalPart) ? qnameInfo->qnameLocalPart : BAD_CAST NULL,
+            (qnameInfo->qnameHref) ? qnameInfo->qnameHref : BAD_CAST NULL);
+    }
+}
+/**
+ * xmlSecQName2IntegerDebugXmlDump:
+ * @info:               the qname<->integer mapping information.
+ * @intValue:           the integer value.
+ * @name:               the value name to print.
+ * @output:             the pointer to output FILE.
+ *
+ * Prints @intValue into @output in XML format.
+ */
+void
+xmlSecQName2IntegerDebugXmlDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
+                            const xmlChar* name, FILE* output) {
+    xmlSecQName2IntegerInfoConstPtr qnameInfo;
+    xmlSecAssert(info != NULL);
+    xmlSecAssert(name != NULL);
+    xmlSecAssert(output != NULL);
+    qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
+    if(qnameInfo != NULL) {
+        fprintf(output, "<%s value=\"%d\" href=\"%s\">%s<%s>\n", name, intValue,
+            (qnameInfo->qnameHref) ? qnameInfo->qnameHref : BAD_CAST NULL,
+            (qnameInfo->qnameLocalPart) ? qnameInfo->qnameLocalPart : BAD_CAST NULL,
+            name);
+    }
+}
+/*************************************************************************
+ *
+ * QName <-> Bits mask mapping
+ *
+ ************************************************************************/
+/**
+ * xmlSecQName2BitMaskGetInfo:
+ * @info:               the qname<->bit mask mapping information.
+ * @mask:               the bit mask.
+ *
+ * Converts @mask to qname.
+ *
+ * Returns: pointer to the qname info for @mask or NULL if mask is unknown.
+ */
+xmlSecQName2BitMaskInfoConstPtr
+xmlSecQName2BitMaskGetInfo(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask) {
+    unsigned int ii;
+    xmlSecAssert2(info != NULL, NULL);
+    for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+        xmlSecAssert2(info[ii].mask != 0, NULL);
+        if(info[ii].mask == mask) {
+            return(&info[ii]);
+        }
+    }
+    return(NULL);
+}
+/**
+ * xmlSecQName2BitMaskGetBitMask:
+ * @info:               the qname<->bit mask mapping information.
+ * @qnameHref:          the qname Href value.
+ * @qnameLocalPart:     the qname LocalPart value.
+ * @mask:               the pointer to result mask.
+ *
+ * Converts @qnameLocalPart to @mask.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskGetBitMask(xmlSecQName2BitMaskInfoConstPtr info,
+                            const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
+                            xmlSecBitMask* mask) {
+    unsigned int ii;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(qnameLocalPart != NULL, -1);
+    xmlSecAssert2(mask != NULL, -1);
+    for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+        xmlSecAssert2(info[ii].mask != 0, -1);
+        if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
+           xmlStrEqual(info[ii].qnameHref, qnameHref)) {
+            (*mask) = info[ii].mask;
+            return(0);
+        }
+    }
+    return(-1);
+}
+/**
+ * xmlSecQName2BitMaskGetBitMaskFromString:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the pointer to node.
+ * @qname:              the qname string.
+ * @mask:               the pointer to result msk value.
+ *
+ * Converts @qname into integer in context of @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info,
+                                        xmlNodePtr node, const xmlChar* qname,
+                                        xmlSecBitMask* mask) {
+    const xmlChar* qnameLocalPart = NULL;
+    xmlChar* qnamePrefix = NULL;
+    const xmlChar* qnameHref;
+    xmlNsPtr ns;
+    int ret;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(qname != NULL, -1);
+    xmlSecAssert2(mask != NULL, -1);
+    qnameLocalPart = xmlStrchr(qname, ':');
+    if(qnameLocalPart != NULL) {
+        qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname);
+        if(qnamePrefix == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlStrndup",
+                        XMLSEC_ERRORS_R_MALLOC_FAILED,
+                        "node=%s,value=%s",
+                        xmlSecErrorsSafeString(node->name),
+                        xmlSecErrorsSafeString(qname));
+            return(-1);
+        }
+        qnameLocalPart++;
+    } else {
+        qnamePrefix = NULL;
+        qnameLocalPart = qname;
+    }
+    /* search namespace href */
+    ns = xmlSearchNs(node->doc, node, qnamePrefix);
+    if((ns == NULL) && (qnamePrefix != NULL)) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSearchNs",
+                    XMLSEC_ERRORS_R_XML_FAILED,
+                    "node=%s,qnamePrefix=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(qnamePrefix));
+        if(qnamePrefix != NULL) {
+            xmlFree(qnamePrefix);
+        }
+        return(-1);
+    }
+    qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
+    /* and finally search for integer */
+    ret = xmlSecQName2BitMaskGetBitMask(info, qnameHref, qnameLocalPart, mask);
+    if(ret < 0) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2BitMaskGetBitMask",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,qnameLocalPart=%s,qnameHref=%s",
+                    xmlSecErrorsSafeString(node->name),
+                    xmlSecErrorsSafeString(qnameLocalPart),
+                    xmlSecErrorsSafeString(qnameHref));
+        if(qnamePrefix != NULL) {
+            xmlFree(qnamePrefix);
+        }
+        return(-1);
+    }
+    if(qnamePrefix != NULL) {
+        xmlFree(qnamePrefix);
+    }
+    return(0);
+}
+/**
+ * xmlSecQName2BitMaskGetStringFromBitMask:
+ * @info:               the qname<->integer mapping information.
+ * @node:               the pointer to node.
+ * @mask:               the mask.
+ *
+ * Creates qname string for @mask in context of given @node. Caller
+ * is responsible for freeing returned string with @xmlFree.
+ *
+ * Returns: pointer to newly allocated string on success or NULL if an error occurs,
+ */
+xmlChar*
+xmlSecQName2BitMaskGetStringFromBitMask(xmlSecQName2BitMaskInfoConstPtr info,
+                                        xmlNodePtr node, xmlSecBitMask mask) {
+    xmlSecQName2BitMaskInfoConstPtr qnameInfo;
+    xmlSecAssert2(info != NULL, NULL);
+    xmlSecAssert2(node != NULL, NULL);
+    qnameInfo = xmlSecQName2BitMaskGetInfo(info, mask);
+    if(qnameInfo == NULL) {
+        xmlSecError(XMLSEC_ERRORS_HERE,
+                    NULL,
+                    "xmlSecQName2BitMaskGetInfo",
+                    XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                    "node=%s,mask=%d",
+                    xmlSecErrorsSafeString(node->name),
+                    mask);
+        return(NULL);
+    }
+    return(xmlSecGetQName(node, qnameInfo->qnameHref, qnameInfo->qnameLocalPart));
+}
+/**
+ * xmlSecQName2BitMaskNodesRead:
+ * @info:               the qname<->bit mask mapping information.
+ * @node:               the start.
+ * @nodeName:           the mask nodes name.
+ * @nodeNs:             the mask nodes namespace.
+ * @stopOnUnknown:      if this flag is set then function exits if unknown
+ *                      value was found.
+ * @mask:               the pointer to result mask.
+ *
+ * Reads <@nodeNs:@nodeName> elements and puts the result bit mask
+ * into @mask. When function exits, @node points to the first element node
+ * after all the <@nodeNs:@nodeName> elements.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskNodesRead(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr* node,
+                            const xmlChar* nodeName, const xmlChar* nodeNs,
+                            int stopOnUnknown, xmlSecBitMask* mask) {
+    xmlNodePtr cur;
+    xmlChar* content;
+    xmlSecBitMask tmp;
+    int ret;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(mask != NULL, -1);
+    (*mask) = 0;
+    cur = (*node);
+    while((cur != NULL) && (xmlSecCheckNodeName(cur, nodeName, nodeNs))) {
+        content = xmlNodeGetContent(cur);
+        if(content == NULL) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlNodeGetContent",
+                        XMLSEC_ERRORS_R_XML_FAILED,
+                        "node=%s",
+                        xmlSecErrorsSafeString(cur->name));
+            return(-1);
+        }
+        ret = xmlSecQName2BitMaskGetBitMaskFromString(info, cur, content, &tmp);
+        if(ret < 0) {
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlSecQName2BitMaskGetBitMaskFromString",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "value=%s",
+                        xmlSecErrorsSafeString(content));
+            xmlFree(content);
+            return(-1);
+        }
+        xmlFree(content);
+        if((stopOnUnknown != 0) && (tmp == 0)) {
+            /* todo: better error */
+            xmlSecError(XMLSEC_ERRORS_HERE,
+                        NULL,
+                        "xmlSecQName2BitMaskGetBitMaskFromString",
+                        XMLSEC_ERRORS_R_XMLSEC_FAILED,
+                        "value=%s",
+                        xmlSecErrorsSafeString(content));
+            return(-1);
+        }
+        (*mask) |= tmp;
+        cur = xmlSecGetNextElementNode(cur->next);
+    }
+    (*node) = cur;
+    return(0);
+}
+/**
+ * xmlSecQName2BitMaskNodesWrite:
+ * @info:               the qname<->bit mask mapping information.
+ * @node:               the parent element for mask nodes.
+ * @nodeName:           the mask nodes name.
+ * @nodeNs:             the mask nodes namespace.
+ * @mask:               the bit mask.
+ *
+ * Writes <@nodeNs:@nodeName> elemnts with values from @mask to @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskNodesWrite(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr node,
+                            const xmlChar* nodeName, const xmlChar* nodeNs,
+                            xmlSecBitMask mask) {
+    unsigned int ii;
+    xmlSecAssert2(info != NULL, -1);
+    xmlSecAssert2(node != NULL, -1);
+    xmlSecAssert2(nodeName != NULL, -1);
+    for(ii = 0; (mask != 0) && (info[ii].qnameLocalPart != NULL); ii++) {
+        xmlSecAssert2(info[ii].mask != 0, -1);
+        if((mask & info[ii].mask) != 0) {
+            xmlNodePtr cur;
+            xmlChar* qname;
+            qname = xmlSecGetQName(node, info[ii].qnameHref, info[ii].qnameLocalPart);
+            if(qname == NULL) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            NULL,
+                            "xmlSecGetQName",
+                            XMLSEC_ERRORS_R_XML_FAILED,
+                            "node=%s",
+                            xmlSecErrorsSafeString(nodeName));
+                return(-1);
+            }
+            cur = xmlSecAddChild(node, nodeName, nodeNs);
+            if(cur == NULL) {
+                xmlSecError(XMLSEC_ERRORS_HERE,
+                            NULL,
+                            "xmlSecAddChild",
+                            XMLSEC_ERRORS_R_XML_FAILED,
+                            "node=%s",
+                            xmlSecErrorsSafeString(nodeName));
+                xmlFree(qname);
+                return(-1);
+            }
+            xmlNodeSetContent(cur, qname);
+            xmlFree(qname);
+        }
+    }
+    return(0);
+}
+/**
+ * xmlSecQName2BitMaskDebugDump:
+ * @info:               the qname<->bit mask mapping information.
+ * @mask:               the bit mask.
+ * @name:               the value name to print.
+ * @output:             the pointer to output FILE.
+ *
+ * Prints debug information about @mask to @output.
+ */
+void
+xmlSecQName2BitMaskDebugDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask,
+                            const xmlChar* name, FILE* output) {
+    unsigned int ii;
+    xmlSecAssert(info != NULL);
+    xmlSecAssert(name != NULL);
+    xmlSecAssert(output != NULL);
+    if(mask == 0) {
+        return;
+    }
+    fprintf(output, "== %s (0x%08x): ", name, mask);
+    for(ii = 0; (mask != 0) && (info[ii].qnameLocalPart != NULL); ii++) {
+        xmlSecAssert(info[ii].mask != 0);
+        if((mask & info[ii].mask) != 0) {
+            fprintf(output, "name=\"%s\" (href=\"%s\"),", info[ii].qnameLocalPart, info[ii].qnameHref);
+        }
+    }
+    fprintf(output, "\n");
+}
+/**
+ * xmlSecQName2BitMaskDebugXmlDump:
+ * @info:               the qname<->bit mask mapping information.
+ * @mask:               the bit mask.
+ * @name:               the value name to print.
+ * @output:             the pointer to output FILE.
+ *
+ * Prints debug information about @mask to @output in XML format.
+ */
+void
+xmlSecQName2BitMaskDebugXmlDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask,
+                            const xmlChar* name, FILE* output) {
+    unsigned int ii;
+    xmlSecAssert(info != NULL);
+    xmlSecAssert(name != NULL);
+    xmlSecAssert(output != NULL);
+    if(mask == 0) {
+        return;
+    }
+    fprintf(output, "<%sList>\n", name);
+    for(ii = 0; (mask != 0) && (info[ii].qnameLocalPart != NULL); ii++) {
+        xmlSecAssert(info[ii].mask != 0);
+        if((mask & info[ii].mask) != 0) {
+            fprintf(output, "<%s href=\"%s\">%s</%s>\n", name,
+                    info[ii].qnameHref, info[ii].qnameLocalPart, name);
+        }
+    }
+    fprintf(output, "</%sList>\n", name);
+}