[xmlsec] Big patch to xmlsec in recent OpenOffice.org sources

[Andrew Fan]

I think we can just use the getBestSlot() simply at present, and waiting 
for those guys raise they hands and say no if they want a more general 
way. That's a lazy way, isn't it? :-)

-Andrew

Aleksey Sanin wrote:

>>>>> 10) src/nss/tokens.c
>>>>
> Thanks for long explanations! I think I understand your point but
> I am just not sure that the way it is done right now is generic
> enough :) For example, it is still one and only one "best slot"
> for a given algorithm for the whole application. I can see a
> situation when one would need to do encryption on *different* slots
> (for example, for performance reasons different threads run crypto
> operation on different slots).
>
> Anyway, I have another proposal. How about replacing NSS GetBestSlot()
> function with xmlSecNss one. By default, xmlsec will simply call
> NSS version but application would be able to replace this callback
> with anything it wants. In your case, you'll have some custom function
> that would use the tokens list you have right now. In the case
> I described above, it might be a simple function that provides a static
> mapping between threads and slots.
>
> On your side, the only change would be to move the tokens list code
> out of xmlsec to the application layer (and may be you can rewrite it
> using better data structures like map or hash than a plain list used
> now).
>
> How does it sounds to you?
>
> Aleksey
>