[xmlsec] ignore spaces for ski

[Aleksey Sanin <aleksey src gnome org>]

commit 8932e699764e1a23a6ea4f5504624e54e7a33bd0
Author: Aleksey Sanin <aleksey aleksey com>
Date:   Mon May 24 14:57:36 2010 -0700

    ignore spaces for ski

 TODO              |   49 ++++++-------------------------------------------
 src/gnutls/x509.c |   30 ++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 43 deletions(-)
---
diff --git a/TODO b/TODO
index 98d7f4e..c5d0bd5 100644
--- a/TODO
+++ b/TODO
@@ -65,57 +65,17 @@ merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes
 aleksey-xmldsig-01/enveloped-gost
 
 -------------------------------------------------
-* xmlsec-gnutls (May 09, 2010 using GnuTLS)
+* xmlsec-gnutls (May 24, 2010 using GnuTLS)
 -------------------------------------------------
 
-** Skipped tests due to missing transforms: RSA, DSA, RSA PKCS/OAEP, X509, GOST
+** Skipped tests due to missing transforms: RSA, DSA, RSA PKCS/OAEP, GOST
 
-aleksey-xmldsig-01/enveloping-dsa-x509chain
-aleksey-xmldsig-01/enveloping-rsa-x509chain
 aleksey-xmldsig-01/enveloping-sha224-hmac-sha224
 aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
-aleksey-xmldsig-01/enveloping-md5-rsa-md5
-aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160
-aleksey-xmldsig-01/enveloping-sha1-rsa-sha1
 aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
-aleksey-xmldsig-01/enveloping-sha256-rsa-sha256
-aleksey-xmldsig-01/enveloping-sha384-rsa-sha384
-aleksey-xmldsig-01/enveloping-sha512-rsa-sha512
-aleksey-xmldsig-01/enveloping-expired-cert
-aleksey-xmldsig-01/x509data-test
-aleksey-xmldsig-01/x509data-sn-test
-merlin-xmldsig-twenty-three/signature-keyname
-merlin-xmldsig-twenty-three/signature-x509-crt
-merlin-xmldsig-twenty-three/signature-x509-sn
-merlin-xmldsig-twenty-three/signature-x509-is
-merlin-xmldsig-twenty-three/signature-x509-ski
-merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt
-merlin-xmldsig-twenty-three/signature
-phaos-xmldsig-three/signature-big
-phaos-xmldsig-three/signature-dsa-detached
-phaos-xmldsig-three/signature-dsa-enveloped
-phaos-xmldsig-three/signature-dsa-enveloping
-phaos-xmldsig-three/signature-dsa-manifest
-phaos-xmldsig-three/signature-rsa-detached-b64-transform
-phaos-xmldsig-three/signature-rsa-detached
-phaos-xmldsig-three/signature-rsa-detached-xpath-transform
-phaos-xmldsig-three/signature-rsa-detached-xslt-transform-retrieval-method
-phaos-xmldsig-three/signature-rsa-detached-xslt-transform
-phaos-xmldsig-three/signature-rsa-enveloped
-phaos-xmldsig-three/signature-rsa-enveloping
-phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert-chain
-phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert
-phaos-xmldsig-three/signature-rsa-manifest-x509-data-issuer-serial
-phaos-xmldsig-three/signature-rsa-manifest-x509-data-ski
-phaos-xmldsig-three/signature-rsa-manifest-x509-data-subject-name
-phaos-xmldsig-three/signature-rsa-manifest
-phaos-xmldsig-three/signature-rsa-xpath-transform-enveloped
 aleksey-xmldsig-01/enveloped-gost
-merlin-xmldsig-twenty-three/signature-x509-crt-crl
+
 aleksey-xmldsig-01/enveloping-expired-cert
-phaos-xmldsig-three/signature-rsa-detached-xslt-transform-bad-retrieval-method
-phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val
-phaos-xmldsig-three/signature-rsa-enveloped-bad-sig
 phaos-xmldsig-three/signature-rsa-manifest-x509-data-crl
 
 merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5
@@ -129,6 +89,9 @@ merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p
 01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5
 01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1
 
+** Failed tests due to no support for CRLs in XML document
+merlin-xmldsig-twenty-three/signature-x509-crt-crl
+
 -------------------------------------------------
 * xmlsec-gcrypt (May 09, 2010 using GCrypt)
 -------------------------------------------------
diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c
index 3326dd7..71e4a50 100644
--- a/src/gnutls/x509.c
+++ b/src/gnutls/x509.c
@@ -828,6 +828,32 @@ xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xm
     return(0);
 }
 
+#define XMLSEC_GNUTLS_IS_SPACE(ch) \
+    (((ch) == ' ') || ((ch) == '\r') || ((ch) == '\n'))
+
+static void
+xmlSecGnuTLSX509Trim(xmlChar * str) {
+    xmlChar * p, * q;
+
+    xmlSecAssert(str != NULL);
+
+    /* skip spaces from the beggining */
+    p = str;
+    while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) ++p;
+    if(p != str) {
+        for(q = str; ; ++q, ++p) {
+            (*q) = (*p);
+            if((*p) == '\0') {
+                break;
+            }
+        }
+    }
+
+    /* skip spaces from the end */
+    for(p = str; (*p) != '\0'; ++p);
+    while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) *(--p) = '\0';
+}
+
 static int
 xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
     xmlSecKeyDataStorePtr x509Store;
@@ -867,6 +893,7 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS
         return(0);
     }
 
+    xmlSecGnuTLSX509Trim(subject);
     cert = xmlSecGnuTLSX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
     if(cert == NULL){
 
@@ -1048,6 +1075,8 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml
         return(-1);
     }
 
+    xmlSecGnuTLSX509Trim(issuerName);
+    xmlSecGnuTLSX509Trim(issuerSerial);
     cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
     if(cert == NULL){
 
@@ -1211,6 +1240,7 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf
         return(0);
     }
 
+    xmlSecGnuTLSX509Trim(ski);
     cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
     if(cert == NULL){
         xmlFree(ski);