Closed HealthOneNZ closed 6 months ago
So the proposed change is to simply add an optional param to the method signature
ISignatureContext = interface
// snip
procedure LoadKey(AStream: TStream; AFormat: TKeyDataFormat; AOwnsStream: Boolean; APassword: string = '');
and to the concrete class
TSignatureContext = class(TInterfacedObject, ISignatureContext)
//snip
procedure LoadKey(AStream: TStream; AFormat: TKeyDataFormat; AOwnsStream: Boolean; APassword: string = '');
// snip
procedure TSignatureContext.LoadKey(AStream: TStream; AFormat: TKeyDataFormat; AOwnsStream: Boolean; APassword: string);
var
//snip
Pass: PAnsiChar; // new var to hold password
begin
//snip
Pass := PAnsiChar(Pointer(AnsiString(APassword))); // convert password to xmlsec compatible type
dsigCtx.signKey := xmlSecCryptoAppKeyLoadMemory(data, dataSize, xmlSecKeyDataFormat(AFormat), Pass, nil, nil);
//snip
This handles the case where the private key has not been protected with a password, also the case where there is a password.
The current implementation has a method to load private keys without requiring their password.
The implementation class makes a call to the underlying xmlsec API, assuming there is no password
I am proposing to overload the method to allow for a password to be provided.