SAML 2.0: reduce code in lasso_assertion_query_process_request

 * lasso/saml-2.0/assertion_query.c:
   use new code in SAML 2.0 profile.c to parse requests and decrypt
   nameid, chains calls so that error are kept but all actions are
   accomplished anyway (if first call fails, keep the error but continue
   the processing, then at end return the first returned error).

1 files changed, 19 insertions, 51 deletions

diff --git a/lasso/saml-2.0/assertion_query.c b/lasso/saml-2.0/assertion_query.c
index f551ed3c..ef0137de 100644
--- a/lasso/saml-2.0/assertion_query.c
+++ b/lasso/saml-2.0/assertion_query.c
@@ -36,6 +36,8 @@
 #include <lasso/xml/saml-2.0/samlp2_attribute_query.h>
 #include <lasso/xml/saml-2.0/samlp2_authz_decision_query.h>
 #include <lasso/xml/saml-2.0/samlp2_response.h>
+#include <lasso/xml/saml-2.0/samlp2_subject_query_abstract.h>
+#include "../utils.h"
 
 
 struct _LassoAssertionQueryPrivate
@@ -200,66 +202,32 @@ gint
 lasso_assertion_query_process_request_msg(LassoAssertionQuery *assertion_query,
 		char *request_msg)
 {
-	LassoProfile *profile;
-	LassoProvider *remote_provider;
-	LassoSaml2NameID *name_id = NULL;
-	LassoSaml2EncryptedElement *encrypted_id = NULL;
-	LassoSaml2EncryptedElement* encrypted_element = NULL;
-	xmlSecKey *encryption_private_key = NULL;
+	LassoProfile *profile = NULL;
+	LassoSamlp2SubjectQueryAbstract *subject_query = NULL;
+	LassoSaml2Subject *subject = NULL;
+	int rc = 0, rc1 = 0, rc2 = 0;
 
 	g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query),
 			LASSO_PARAM_ERROR_INVALID_VALUE);
 
 	profile = LASSO_PROFILE(assertion_query);
-	profile->request = lasso_node_new_from_soap(request_msg);
-
-	if (profile->remote_providerID) {
-		g_free(profile->remote_providerID);
-	}
-
-	profile->remote_providerID = g_strdup(
-			LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer->content);
-	remote_provider = g_hash_table_lookup(profile->server->providers,
-			profile->remote_providerID);
-
-	if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
-		return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
-	}
+	rc1 = lasso_saml20_profile_process_soap_request(profile, request_msg);
 
-	/* verify signatures */
-	profile->signature_status = lasso_provider_verify_signature(
-			remote_provider, request_msg, "ID", LASSO_MESSAGE_FORMAT_SOAP);
-	profile->signature_status = 0; /* XXX: signature check disabled for zxid */
+	lasso_extract_node_or_fail(subject_query, profile->request, SAMLP2_SUBJECT_QUERY_ABSTRACT,
+			LASSO_PROFILE_ERROR_INVALID_MSG);
+	lasso_extract_node_or_fail(subject, subject_query->Subject, SAML2_SUBJECT,
+			LASSO_PROFILE_ERROR_MISSING_SUBJECT);
 
-	profile->http_request_method = LASSO_HTTP_METHOD_SOAP;
-
-	if (LASSO_IS_SAMLP2_SUBJECT_QUERY_ABSTRACT(profile->request)) {
-		LassoSamlp2SubjectQueryAbstract *subject_query;
-		subject_query = LASSO_SAMLP2_SUBJECT_QUERY_ABSTRACT(profile->request);
-		if (subject_query->Subject) {
-			name_id = subject_query->Subject->NameID;
-			encrypted_id = subject_query->Subject->EncryptedID;
-		}
-	}
+	rc2 = lasso_saml20_profile_process_name_identifier_decryption(profile, &subject->NameID, &subject->EncryptedID);
 
-	if (name_id == NULL && encrypted_id != NULL) {
-		encryption_private_key = profile->server->private_data->encryption_private_key;
-		encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(encrypted_id);
-		if (encrypted_element != NULL && encryption_private_key == NULL) {
-			return LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY;
-		}
-		if (encrypted_element != NULL && encryption_private_key != NULL) {
-			profile->nameIdentifier = LASSO_NODE(lasso_node_decrypt(
-				encrypted_id, encryption_private_key));
-			LASSO_SAMLP2_MANAGE_NAME_ID_REQUEST(profile->request)->NameID = \
-				LASSO_SAML2_NAME_ID(profile->nameIdentifier);
-			LASSO_SAMLP2_MANAGE_NAME_ID_REQUEST(profile->request)->EncryptedID = NULL;
-		}
-	} else {
-		profile->nameIdentifier = g_object_ref(name_id);
-	}
+	rc = rc1;
+	if (rc == 0)
+		rc = rc2;
+	if (rc == 0)
+		rc = profile->signature_status;
+cleanup:
 
-	return profile->signature_status;
+	return rc;
 }
 
 /**