diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-03-27 15:04:58 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-03-27 15:04:58 +0000 |
| commit | 3b2f3fbced62690bcabe817769a6544f03104487 (patch) | |
| tree | a54e9fe54fe7869215e66febf7f007d905b74216 | |
| parent | 7b4cd86ae37e0d0262e3c9f50c8edca141dc84fb (diff) | |
| download | lasso-3b2f3fbced62690bcabe817769a6544f03104487.tar.gz lasso-3b2f3fbced62690bcabe817769a6544f03104487.tar.xz lasso-3b2f3fbced62690bcabe817769a6544f03104487.zip | |
Core: add xmlDoc parameter to lasso_provider_verify_saml_signature
* lasso/id-ff/provider.c:
add an xmlDoc parameter to lasso_provider_verify_saml_signature,
reflecting change in lasso_verify_signature.
fix memory leaks of an xmlSecKeysMngr.
complete arguments checking.
* lasso/id-ff/login.c:
update use of lasso_provider_verify_signature in LassoLogin
| -rw-r--r-- | lasso/id-ff/login.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/provider.c | 13 | ||||
| -rw-r--r-- | lasso/id-ff/providerprivate.h | 2 |
3 files changed, 10 insertions, 7 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index cf07d5f2..d2fa5d98 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -634,7 +634,7 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) LASSO_PROFILE_ERROR_INVALID_ISSUER); if (assertion_xmlnode) { - profile->signature_status = lasso_provider_verify_saml_signature(idp, assertion_xmlnode); + profile->signature_status = lasso_provider_verify_saml_signature(idp, assertion_xmlnode, NULL); goto_exit_if_fail(profile->signature_status == 0, profile->signature_status); } } diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index 60009e37..6dfc93ac 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -1068,7 +1068,7 @@ lasso_provider_new_from_dump(const gchar *dump) int lasso_provider_verify_saml_signature(LassoProvider *provider, - xmlNode *signed_node) + xmlNode *signed_node, xmlDoc *doc) { const char *id_attribute_name = NULL; const xmlChar *node_ns = NULL; @@ -1076,8 +1076,10 @@ lasso_provider_verify_saml_signature(LassoProvider *provider, xmlSecKeysMngr *keys_manager; int rc = 0; - g_return_val_if_fail(LASSO_IS_PROVIDER(provider) && signed_node, - LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); + lasso_bad_param(PROVIDER, provider); + lasso_null_param(signed_node); + g_return_val_if_fail((signed_node->doc && doc) || ! signed_node->doc, LASSO_PARAM_ERROR_INVALID_VALUE); + /* ID-FF 1.2 Signatures case */ if (xmlSecCheckNodeName(signed_node, (xmlChar*)"Request", (xmlChar*)LASSO_SAML_PROTOCOL_HREF)) { id_attribute_name = "RequestID"; @@ -1098,11 +1100,12 @@ lasso_provider_verify_saml_signature(LassoProvider *provider, /* Get provider credentials */ public_key = lasso_provider_get_public_key(provider); keys_manager = lasso_load_certs_from_pem_certs_chain_file(provider->ca_cert_chain); - goto_exit_if_fail_with_warning(public_key && keys_manager, + goto_exit_if_fail_with_warning(public_key || keys_manager, LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED); - rc = lasso_verify_signature(signed_node, id_attribute_name, keys_manager, public_key, + rc = lasso_verify_signature(signed_node, doc, id_attribute_name, keys_manager, public_key, NO_OPTION, NULL); exit: + lasso_release_key_manager(keys_manager); return rc; } diff --git a/lasso/id-ff/providerprivate.h b/lasso/id-ff/providerprivate.h index b141144b..15b716db 100644 --- a/lasso/id-ff/providerprivate.h +++ b/lasso/id-ff/providerprivate.h @@ -72,7 +72,7 @@ int lasso_provider_verify_signature(LassoProvider *provider, gboolean lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType public_key_type); xmlSecKey* lasso_provider_get_public_key(LassoProvider *provider); -int lasso_provider_verify_saml_signature(LassoProvider *provider, xmlNode *signed_node); +int lasso_provider_verify_saml_signature(LassoProvider *provider, xmlNode *signed_node, xmlDoc *doc); #ifdef __cplusplus |