OPC Security
------------
....
<RItemList> | <WItemList> | <ItemList>
...
<Items ... EncyptAnswer, SignAnswer/>

<Items ... EncyptAnswer, SignAnswer/>
....
</RItemList> | </WItemList> | </ItemList>
....

[
+ to each item can corrsenpond attachment in following format

struct OPCData {
    void *ptr
    unsigned long size;
}
]


Two types of XML encryption/signing
1. All inside <ItemList> tag
2. All inside <Items> tag

Specifications
--------------
OPC XML-DA specification
XML Encryption specification
XML Signature specification


Request processing
------------------
1.  Decrypt List if encrypted (encrypted using Server certificate, 
    or one of Item certificates)
    [ If failed return error ]

2.  Decrypt Encrypted Items
    [ If one of items failed, replace with empty item and set error in 
    OPCSecurityRequestContext ]    

3.  Verify List and Items signatures
    [ All certificates corresponding to valid signatures place into 
    OPCSecurityRequestContext ]

4.  Remove signatures from XML document

5.  Analyze EncryptAnswer, SignAnswer fields and remove them from XML

Repsonse processing
-------------------

1. Sign and encrypt items and list depending on supported 
   OPCSecurityRequestContext
   
   a) SignItems
   b) SignList
   c) EncyptItems
   d) EncryptList

Classes
-------

struct OPCSecurityContextT {
    Server Certificate
    Server Key
    
    OPCContext sctx;
};

OPCSecurityContext opcSecurityCreateContext()
int opcSecurityInitContext(ctx, cert_file, key_file, ???)
void opcSecurityFreeContext(ctx)
void opcSecurityDestroyContext(ctx)

opcSecurityDecryptItem(ctx, xmlnode, attachment)
opcSecurityDecryptList(ctx, xmlnode, attachments)
opcSecuritySignItem(ctx, xmlnode, attachment)
opcSecuritySignList(ctx, xmlnode, attachments)

opcSecurityEncryptItem(ctx, certificate, xmlnode, attachment)
opcSecurityEncryptList(ctx, certificate, xmlnode, attachments)
opcSecurityVerifyItem(ctx, &certificate, xmlnode, attachment)
opcSecurityVerifyList(ctx, &certificate, xmlnode, attachment)

opcSecurityProcessRequest(ctx, &requestctx, xmldoc, attachments)
opcSecurityProcessAnswer(ctx, requestctx, xmldoc, attachments)


struct OPCSecurityRequestContextT {
    usercert_list
    usercert_item[]
    
    tosign_list
    tosign_item[]
    
    toencrypt_list
    toencrypt_item[]
    
    failure_list (0 - OK, 1 - Decrypt failed, 2 - Verify failed)
    failure_item[]
};

OPCSecuriyRequest opcSecurityRequestCreateContext()
int opcSecurityInitContext(OPCSecurityRequest ctx, ...)
void opcSecurityFreeContext(OPCSecurityRequest ctx)
void opcSecurityDestroyContext(OPCSecurityRequest ctx)


External Function:
-----------------
OPCSecurityContext opcServerInterfaceGetItemSecurity(OPCContext ctx, item_path, item_name);
[ In development treat that it returns server security context ]


External Libraries
------------------
Gnome XML Library (http://libxml.org)
Gnome XML Security Library xmlsec (http://www.aleksey.com/xmlsec/)
OpenSSL