diff options
| author | Nicolas Clapies <nclapies@entrouvert.com> | 2005-10-06 15:03:56 +0000 |
|---|---|---|
| committer | Nicolas Clapies <nclapies@entrouvert.com> | 2005-10-06 15:03:56 +0000 |
| commit | 2b247d80b9428b78f0adbf603c7ada5172f2cf53 (patch) | |
| tree | 19690a899165c1404b34bab9ca306f10436e25fd | |
| parent | 9a139b11a6e93645d751f44828acc8c434ef427d (diff) | |
Added check by AP if it wants X509 authentication of SP. Does not work yet, need to fix retrieving public key from credential before.
| -rw-r--r-- | lasso/id-wsf/data_service.c | 6 | ||||
| -rw-r--r-- | lasso/id-wsf/wsf_profile.c | 32 | ||||
| -rw-r--r-- | lasso/id-wsf/wsf_profile_private.h | 2 |
3 files changed, 31 insertions, 9 deletions
diff --git a/lasso/id-wsf/data_service.c b/lasso/id-wsf/data_service.c index 42c70346..a6c3de26 100644 --- a/lasso/id-wsf/data_service.c +++ b/lasso/id-wsf/data_service.c @@ -172,10 +172,7 @@ lasso_data_service_init_query(LassoDataService *service, const char *select, return LASSO_ERROR_UNIMPLEMENTED; } - profile->soap_envelope_request = lasso_wsf_profile_build_soap_envelope( - NULL, NULL); - profile->soap_envelope_request->Body->any = g_list_append( - profile->soap_envelope_request->Body->any, query); + lasso_wsf_profile_init_soap_request(LASSO_WSF_PROFILE(service), LASSO_NODE(query)); if (!security_mech_id) description = LASSO_DISCO_DESCRIPTION(offering->ServiceInstance->Description->data); @@ -184,6 +181,7 @@ lasso_data_service_init_query(LassoDataService *service, const char *select, } if (!description) return -1; + lasso_wsf_profile_set_description(LASSO_WSF_PROFILE(service), description); if (description->Endpoint != NULL) { profile->msg_url = g_strdup(description->Endpoint); diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c index b9e08f63..85e2e7c2 100644 --- a/lasso/id-wsf/wsf_profile.c +++ b/lasso/id-wsf/wsf_profile.c @@ -47,12 +47,20 @@ struct _LassoWsfProfilePrivate gboolean dispose_has_run; LassoDiscoDescription *description; LassoSoapFault *fault; + gchar *public_key; }; /*****************************************************************************/ /* private methods */ /*****************************************************************************/ +void +lasso_wsf_profile_set_public_key(LassoWsfProfile *profile, const char *public_key) +{ + if (public_key) + profile->private_data->public_key = g_strdup(public_key); +} + LassoDiscoDescription* lasso_wsf_profile_get_description_auto(LassoDiscoServiceInstance *si, const gchar *security_mech_id) { @@ -285,9 +293,10 @@ lasso_wsf_profile_add_x509_authentication(LassoWsfProfile *profile, LassoNode *e gint lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlDoc *doc) { - LassoProvider *lasso_provider; + LassoProvider *lasso_provider = NULL; - xmlNode *provider, *correlation, *security, *body, *signature, *x509data, *node; + xmlNode *provider = NULL, *correlation = NULL, *security = NULL, *body = NULL; + xmlNode *signature = NULL, *x509data = NULL, *node; xmlChar *id; xmlAttr *id_attr; @@ -348,8 +357,9 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlDoc *d if(node == NULL) return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND; + /* Case of X509 signature type */ x509data = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Data, xmlSecDSigNs); - if (x509data != NULL && lasso_provider->ca_cert_chain != NULL) { + if (x509data != NULL && lasso_provider != NULL && lasso_provider->ca_cert_chain != NULL) { keys_mngr = lasso_load_certs_from_pem_certs_chain_file( lasso_provider->ca_cert_chain); if (keys_mngr == NULL) { @@ -357,10 +367,20 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlDoc *d return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED; } } + else if (x509data != NULL) { + xmlFreeDoc(doc); + return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED; + } dsigCtx = xmlSecDSigCtxCreate(keys_mngr); + + /* Case of simple public key signature type */ if (keys_mngr == NULL) { - dsigCtx->signKey = lasso_provider_get_public_key(lasso_provider); + if (lasso_provider != NULL) + dsigCtx->signKey = lasso_provider_get_public_key(lasso_provider); + else if (profile->private_data->public_key) { + /* TODO: load public key from private attribute */ + } if (dsigCtx->signKey == NULL) { xmlSecDSigCtxDestroy(dsigCtx); xmlFreeDoc(doc); @@ -382,7 +402,7 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile, xmlDoc *d xmlSecDSigCtxDestroy(dsigCtx); return LASSO_DS_ERROR_INVALID_SIGNATURE; } - printf("Signature is OK\n"); + /*printf("Signature is OK\n");*/ return 0; } @@ -843,6 +863,8 @@ lasso_wsf_profile_process_soap_request_msg(LassoWsfProfile *profile, const gchar fault = lasso_soap_fault_new(); fault->faultstring = "Invalid signature"; } + else if (res < 0) + return res; /* FIXME: Remove Signature element if exists, it seg fault when a call to lasso_node_new_from_xmlNode() */ diff --git a/lasso/id-wsf/wsf_profile_private.h b/lasso/id-wsf/wsf_profile_private.h index 14da4971..cceda001 100644 --- a/lasso/id-wsf/wsf_profile_private.h +++ b/lasso/id-wsf/wsf_profile_private.h @@ -38,6 +38,8 @@ void lasso_wsf_profile_set_security_mech_id(LassoWsfProfile *profile, const gchar *security_mech_id); LassoSoapFault* lasso_wsf_profile_get_fault(LassoWsfProfile *profile); +void lasso_wsf_profile_set_public_key(LassoWsfProfile *profile, const char *public_key); + #ifdef __cplusplus } #endif /* __cplusplus */ |