Verify message signature in lasso_saml20_login_process_authn_response_msg

2 files changed, 9 insertions, 5 deletions

diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index aaf7511f..33545745 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -916,12 +916,12 @@ int lasso_provider_verify_signature(LassoProvider *provider,
 	msg = (char*)message;
 
 	if (message == NULL)
-		return -2;
+		return LASSO_PROFILE_ERROR_INVALID_MSG;
 
 	if (format == LASSO_MESSAGE_FORMAT_ERROR)
-		return -2;
+		return LASSO_PROFILE_ERROR_INVALID_MSG;
 	if (format == LASSO_MESSAGE_FORMAT_UNKNOWN)
-		return -2;
+		return LASSO_PROFILE_ERROR_INVALID_MSG;
 
 	if (format == LASSO_MESSAGE_FORMAT_QUERY) {
 		return lasso_query_verify_signature(message,
@@ -933,7 +933,7 @@ int lasso_provider_verify_signature(LassoProvider *provider,
 		rc = xmlSecBase64Decode((xmlChar*)message, (xmlChar*)msg, strlen(message));
 		if (rc < 0) {
 			g_free(msg);
-			return -3;
+			return LASSO_PROFILE_ERROR_INVALID_MSG;
 		}
 	}
 
@@ -957,7 +957,7 @@ int lasso_provider_verify_signature(LassoProvider *provider,
 		xmlXPathFreeContext(xpathCtx);
 		if (xmlnode == NULL) {
 			xmlFreeDoc(doc);
-			return -4;
+			return LASSO_PROFILE_ERROR_INVALID_MSG;
 		}
 	} else {
 		xmlnode = xmlDocGetRootElement(doc);
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index fe062ced..1637611f 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -916,6 +916,10 @@ lasso_saml20_login_process_authn_response_msg(LassoLogin *login, gchar *authn_re
 		return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
 
 	/* XXX: verify signature ? */
+	profile->signature_status = lasso_provider_verify_signature(
+		remote_provider, authn_response_msg, "ID", format);
+	if (profile->signature_status != 0)
+		return profile->signature_status;
 
 	return lasso_saml20_login_process_response_status_and_assertion(login);
 }