Slightly hacky but hopefully functional fix for KDMs after the changes

to signer.  The KDM stuff uses add_signature_value() but not sign()
since it has to allow pass-through of a KDM (so it handles <Signature> etc.
itself).  This means we have to make the indentation-adding optional.

It might have been nicer to make indent() not add indentation if it's
not already there.

diff --git a/src/certificate_chain.cc b/src/certificate_chain.cc
index 353444faa308cc95bbc6d6cbfe6f1eaeb60cbc07..614144366b1864bb79b4d744a9ded8b191730746 100644 (file)
--- a/src/certificate_chain.cc
+++ b/src/certificate_chain.cc
@@ -603,7 +603,7 @@ CertificateChain::sign (xmlpp::Element* parent, Standard standard) const
 
        signature->add_child("SignatureValue", "dsig");
        signature->add_child("KeyInfo", "dsig");
-       add_signature_value (signature, "dsig");
+       add_signature_value (signature, "dsig", true);
 }
 
 
@@ -613,7 +613,7 @@ CertificateChain::sign (xmlpp::Element* parent, Standard standard) const
  *  @param ns Namespace to use for the signature XML nodes.
  */
 void
-CertificateChain::add_signature_value (xmlpp::Element* parent, string ns) const
+CertificateChain::add_signature_value (xmlpp::Element* parent, string ns, bool add_indentation) const
 {
        cxml::Node cp (parent);
        xmlpp::Node* key_info = cp.node_child("KeyInfo")->node ();
@@ -644,7 +644,9 @@ CertificateChain::add_signature_value (xmlpp::Element* parent, string ns) const
                throw runtime_error ("could not read private key");
        }
 
-       indent (parent, 2);
+       if (add_indentation) {
+               indent (parent, 2);
+       }
        int const r = xmlSecDSigCtxSign (signature_context, parent->cobj ());
        if (r < 0) {
                throw MiscError (String::compose ("could not sign (%1)", r));

diff --git a/src/certificate_chain.h b/src/certificate_chain.h
index 8b54604d2f6d38e4a2a549231e6e8368ecb35b63..63ef89015eee80e7cc6dd8822759d82865fc6e66 100644 (file)
--- a/src/certificate_chain.h
+++ b/src/certificate_chain.h
@@ -103,7 +103,7 @@ public:
        bool private_key_valid () const;
 
        void sign (xmlpp::Element* parent, Standard standard) const;
-       void add_signature_value (xmlpp::Element* parent, std::string ns) const;
+       void add_signature_value (xmlpp::Element* parent, std::string ns, bool add_indentation) const;
 
        boost::optional<std::string> key () const {
                return _key;

diff --git a/src/encrypted_kdm.cc b/src/encrypted_kdm.cc
index 9d581451ff0dba97153dacbb33f8f65ba6dcbccd..996708ad7d0535c2b642d1eaf4b58baeb799d5b3 100644 (file)
--- a/src/encrypted_kdm.cc
+++ b/src/encrypted_kdm.cc
@@ -554,6 +554,7 @@ public:
                        xmlAddID (0, document->cobj(), (const xmlChar *) i->first.c_str(), i->second->cobj ());
                }
 
+               indent (document->get_root_node(), 0);
                return document;
        }
 
@@ -670,7 +671,7 @@ EncryptedKDM::EncryptedKDM (
        xmlpp::Node::NodeList children = doc->get_root_node()->get_children ();
        for (xmlpp::Node::NodeList::const_iterator i = children.begin(); i != children.end(); ++i) {
                if ((*i)->get_name() == "Signature") {
-                       signer->add_signature_value (dynamic_cast<xmlpp::Element*>(*i), "ds");
+                       signer->add_signature_value (dynamic_cast<xmlpp::Element*>(*i), "ds", false);
                }
        }