SAML 2.0: if assertion possess a signed original_xmlnode return it instead of using get_xmlNode

 * lasso/xml/saml-2.0/saml2_assertion.c:
   assertion in lasso when read are not usable anymore because the
   signature is lost, this commit allows to keep assertion unaltered
   after reading them if they contained a top level signature (a
   signature contained in the Assertion node).
   This is useful for reusing assertion kept in a LassoSession object
   and for using assertion as security token for ID-WSF.

1 files changed, 18 insertions, 1 deletions

diff --git a/lasso/xml/saml-2.0/saml2_assertion.c b/lasso/xml/saml-2.0/saml2_assertion.c
index 35c8e472..5bf46b6f 100644
--- a/lasso/xml/saml-2.0/saml2_assertion.c
+++ b/lasso/xml/saml-2.0/saml2_assertion.c
@@ -27,6 +27,7 @@
 #include "../private.h"
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
+#include <xmlsec/xmltree.h>
 
 #include "saml2_assertion.h"
 
@@ -118,9 +119,25 @@ static xmlNode*
 get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
 	LassoSaml2Assertion *assertion = LASSO_SAML2_ASSERTION(node);
-	xmlNode *xmlnode;
+	xmlNode *xmlnode, *original_xmlnode;
 	int rc = 0;
 
+	/* If assertion has been deserialized and contain a signature, dump it from the
+	 * original xmlnode. */
+	original_xmlnode = lasso_node_get_original_xmlnode(node);
+	while (original_xmlnode) {
+		xmlNode *signature, *signature_value;
+
+		signature = xmlSecFindChild(original_xmlnode, xmlSecNodeSignature, xmlSecDSigNs);
+		if (! signature)
+			break;
+		signature_value = xmlSecFindNode(signature, xmlSecNodeSignatureValue, xmlSecDSigNs);
+		if (signature_value && signature_value->children) {
+			return xmlCopyNode(original_xmlnode, 1);
+		}
+		break;
+	}
+
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 
 	if (lasso_dump == FALSE && assertion->sign_type) {