- Moved the EncryptedKey to the same level as EncryptedData in xml

- Changed the prototype for lasso_node_encrypt and lasso_node_encrypt - Moved lasso_node_encrypt and lasso_node_encrypt declaration to xml_enc.h - Added a GList for EncryptedKey in EncryptedElement
author: Damien Laniel <dlaniel@entrouvert.com> 2006-11-16 14:34:57 +0000
committer: Damien Laniel <dlaniel@entrouvert.com> 2006-11-16 14:34:57 +0000
commit: 92e8799a564ea6a14e35806a6f9cac9bd02b08ea (patch)
tree: 0e568406746defc8a7207b155d82913f80fd9ca0
parent: fb131f73c583b19c379f35b44689f622b7804894 (diff)
6 files changed, 123 insertions, 46 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index 9fd749be..040bd36f 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -534,8 +534,7 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 	LassoSaml2NameID *name_id = NULL;
 	LassoSaml2AuthnStatement *authentication_statement;
 	LassoProvider *provider = NULL;
-	xmlNode *encrypted_node = NULL;
-	LassoSaml2EncryptedElement *encrypted_name_id = NULL;
+	LassoSaml2EncryptedElement *encrypted_element = NULL;
 
 	federation = g_hash_table_lookup(profile->identity->federations,
 			                        profile->remote_providerID);
@@ -587,13 +586,11 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 
 	/* If there is a key, encrypt. Maybe there should be another condition ? */
 	if (provider && provider->private_data->encryption_public_key != NULL) {
-		encrypted_node = lasso_node_encrypt(LASSO_NODE(assertion->Subject->NameID),
-			provider->private_data->encryption_public_key);
-		if (encrypted_node != NULL) {
-			encrypted_name_id = LASSO_SAML2_ENCRYPTED_ELEMENT(
-				lasso_saml2_encrypted_element_new());
-			encrypted_name_id->EncryptedData = encrypted_node;
-			assertion->Subject->EncryptedID = encrypted_name_id;
+		encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(lasso_node_encrypt(
+			LASSO_NODE(assertion->Subject->NameID),
+			provider->private_data->encryption_public_key));
+		if (encrypted_element != NULL) {
+			assertion->Subject->EncryptedID = encrypted_element;
 			assertion->Subject->NameID = NULL;
 		}
 	}
@@ -938,7 +935,8 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 		LassoProfile *profile = LASSO_PROFILE(login);
 		LassoSaml2Assertion *assertion = LASSO_SAMLP2_RESPONSE(response)->Assertion->data;
 		LassoNode *id_node = NULL;
-		xmlNode *encrypted_data = NULL;
+		LassoSaml2EncryptedElement* encrypted_element = NULL;
+/* 		xmlNode *encrypted_data = NULL; */
 		xmlSecKey *encryption_private_key = NULL;
 		
 		if (profile->remote_providerID == NULL)
@@ -967,11 +965,11 @@ lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login)
 			return LASSO_PROFILE_ERROR_MISSING_NAME_IDENTIFIER;
 		}
 
-		encrypted_data = LASSO_SAML2_ENCRYPTED_ELEMENT(id_node)->EncryptedData;
+		encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(id_node);
 		encryption_private_key = profile->server->private_data->encryption_private_key;
-		if (encrypted_data != NULL && encryption_private_key != NULL) {
-			LASSO_PROFILE(login)->nameIdentifier =
-				lasso_node_decrypt(encrypted_data, encryption_private_key);
+		if (encrypted_element != NULL && encryption_private_key != NULL) {
+			LASSO_PROFILE(login)->nameIdentifier = LASSO_NODE(
+				lasso_node_decrypt(encrypted_element, encryption_private_key));
 			assertion->Subject->NameID =
 				LASSO_SAML2_NAME_ID(LASSO_PROFILE(login)->nameIdentifier);
 			assertion->Subject->EncryptedID = NULL;
diff --git a/lasso/xml/saml-2.0/saml2_encrypted_element.c b/lasso/xml/saml-2.0/saml2_encrypted_element.c
index ba7558a1..fe2178dc 100644
--- a/lasso/xml/saml-2.0/saml2_encrypted_element.c
+++ b/lasso/xml/saml-2.0/saml2_encrypted_element.c
@@ -43,7 +43,7 @@
 static struct XmlSnippet schema_snippets[] = {
 	{ "EncryptedData", SNIPPET_XMLNODE,
 		G_STRUCT_OFFSET(LassoSaml2EncryptedElement, EncryptedData) },
-	{ "EncryptedKey", SNIPPET_NODE,
+	{ "EncryptedKey", SNIPPET_LIST_XMLNODES,
 		G_STRUCT_OFFSET(LassoSaml2EncryptedElement, EncryptedKey) },
 	{NULL, 0, 0}
 };
diff --git a/lasso/xml/saml-2.0/saml2_encrypted_element.h b/lasso/xml/saml-2.0/saml2_encrypted_element.h
index c48da752..5fb89af8 100644
--- a/lasso/xml/saml-2.0/saml2_encrypted_element.h
+++ b/lasso/xml/saml-2.0/saml2_encrypted_element.h
@@ -29,6 +29,8 @@
 extern "C" {
 #endif /* __cplusplus */
 
+#include <glib/glist.h>
+
 #include <lasso/xml/xml.h>
 
 #define LASSO_TYPE_SAML2_ENCRYPTED_ELEMENT (lasso_saml2_encrypted_element_get_type())
@@ -56,7 +58,7 @@ struct _LassoSaml2EncryptedElement {
 	/*< public >*/
 	/* elements */
 	xmlNode *EncryptedData;
-	/* XXX */ void *EncryptedKey;
+	GList *EncryptedKey;
 };
 
 
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index 52efef7a..52e3c183 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -35,6 +35,7 @@
 #include <xmlsec/xmlenc.h>
 
 #include <lasso/xml/xml.h>
+#include <lasso/xml/xml_enc.h>
 #include <lasso/xml/saml_name_identifier.h>
 
 
@@ -407,32 +408,34 @@ lasso_node_export_to_soap(LassoNode *node)
  * Return value: an xmlNode which is the @node in an encrypted fashion.
  * It must be freed by the caller.
  **/
-xmlNode*
+LassoSaml2EncryptedElement*
 lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key)
 {
 	xmlDocPtr doc = NULL;
 	xmlNodePtr orig_node = NULL;
-	xmlNodePtr encrypted_data_node = NULL;
+	LassoSaml2EncryptedElement *encrypted_element = NULL;
 	xmlSecKeysMngrPtr key_manager = NULL;
 	xmlNodePtr key_info_node = NULL;
 	xmlNodePtr encrypted_key_node = NULL;
 	xmlNodePtr key_info_node2 = NULL;
 	xmlSecEncCtxPtr enc_ctx = NULL;
 
+	encrypted_element = LASSO_SAML2_ENCRYPTED_ELEMENT(lasso_saml2_encrypted_element_new());
+
 	/* Create a document to contain the node to encrypt */
 	doc = xmlNewDoc((xmlChar*)"1.0");
 	orig_node = lasso_node_get_xmlNode(lasso_node, 1);
 	xmlDocSetRootElement(doc, orig_node);
 
 	/* Create encryption template */
-	encrypted_data_node = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+	encrypted_element->EncryptedData = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
 		NULL, xmlSecTypeEncElement, NULL, NULL);
-	if (encrypted_data_node == NULL) {
+	if (encrypted_element->EncryptedData == NULL) {
 		message(G_LOG_LEVEL_WARNING, "Failed to create encryption template");
 		return NULL;
 	}
 
-	if (xmlSecTmplEncDataEnsureCipherValue(encrypted_data_node) == NULL) {
+	if (xmlSecTmplEncDataEnsureCipherValue(encrypted_element->EncryptedData) == NULL) {
 		message(G_LOG_LEVEL_WARNING, "Failed to add CipherValue node");
 		return NULL;
 	}
@@ -462,7 +465,7 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key)
 	}
 
 	/* add <dsig:KeyInfo/> */
-	key_info_node = xmlSecTmplEncDataEnsureKeyInfo(encrypted_data_node, NULL);
+	key_info_node = xmlSecTmplEncDataEnsureKeyInfo(encrypted_element->EncryptedData, NULL);
 	if (key_info_node == NULL) {
 		message(G_LOG_LEVEL_WARNING, "Failed to add key info");
 		return NULL;
@@ -472,7 +475,7 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key)
 	encrypted_key_node = xmlSecTmplKeyInfoAddEncryptedKey(key_info_node,
 		xmlSecTransformRsaPkcs1Id, NULL, NULL, NULL);
 	if (encrypted_key_node == NULL) {
-		message(G_LOG_LEVEL_WARNING, "Failed to add key info");
+		message(G_LOG_LEVEL_WARNING, "Failed to add encrypted key");
 		return NULL;
 	}
 
@@ -510,23 +513,23 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key)
 	}
 
 	/* encrypt the data */
-	if (xmlSecEncCtxXmlEncrypt(enc_ctx, encrypted_data_node, orig_node) < 0) {
+	if (xmlSecEncCtxXmlEncrypt(enc_ctx, encrypted_element->EncryptedData, orig_node) < 0) {
 		message(G_LOG_LEVEL_WARNING, "Encryption failed");
 		return NULL;
 	}
 	
+	encrypted_element->EncryptedKey = g_list_append(encrypted_element->EncryptedKey,
+			xmlCopyNode(encrypted_key_node, 1));
+	key_info_node->children = NULL;
+	
 	/* cleanup */
 	xmlSecEncCtxDestroy(enc_ctx);
 
-/* 	if (encrypted_data_node != NULL) { */
-/* 		xmlFreeNode(encrypted_data_node); */
-/* 	} */
-
 /* 	if (doc != NULL) { */
 /* 		xmlFreeDoc(doc); */
 /* 	} */
 
-	return encrypted_data_node;
+	return encrypted_element;
 }
 
 
@@ -542,27 +545,59 @@ lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key)
  * It must be freed by the caller.
  **/
 LassoNode*
-lasso_node_decrypt(xmlNode* xml_node, xmlSecKey *encryption_private_key)
+lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
+			xmlSecKey *encryption_private_key)
 {
 	xmlDocPtr doc = NULL;
+	xmlDocPtr doc2 = NULL;
 	xmlSecEncCtxPtr encCtx = NULL;
 	xmlSecKeyPtr des_key = NULL;
 	xmlSecBufferPtr key_buffer;
 	LassoNode *decrypted_node;
+	xmlNodePtr encrypted_data_node = NULL;
+	xmlNodePtr encrypted_key_node = NULL;
+	GList *encrypted_key_list = NULL;
 
-	/* Create a document to contain the node to decrypt */
-	doc = xmlNewDoc((xmlChar*)"1.0");
-	xmlDocSetRootElement(doc, xml_node);
-	
-	xmlNode *t = xml_node;
-	while (t && strcmp((char*)t->name, "EncryptedKey") != 0 ) {
-		if (strcmp((char*)t->name, "EncryptedData") == 0 ||
-				strcmp((char*)t->name, "KeyInfo") == 0)
-			t = t->children;
-		t = t->next;
+	encrypted_data_node = encrypted_element->EncryptedData;
+
+	if (encrypted_element->EncryptedKey == NULL) {
+		message(G_LOG_LEVEL_WARNING, "No EncryptedKey node\n");
+		return NULL;
 	}
-	if (t == NULL)
+
+	encrypted_key_list = g_list_next(encrypted_element->EncryptedKey);
+
+	if (encrypted_key_list == NULL) {
+		message(G_LOG_LEVEL_WARNING, "No EncryptedKey\n");
+		return NULL;
+	}
+
+	encrypted_key_node = (xmlNode *)(encrypted_key_list->data);
+
+	if (encrypted_key_node == NULL) {
+		message(G_LOG_LEVEL_WARNING, "No EncryptedKey\n");
 		return NULL;
+	}
+
+	/* Create a document to contain the node to decrypt */
+	doc = xmlNewDoc((xmlChar*)"1.0");
+	xmlDocSetRootElement(doc, encrypted_data_node);
+
+	doc2 = xmlNewDoc((xmlChar*)"1.0");
+	xmlDocSetRootElement(doc2, encrypted_key_node);
+
+	/* This block can be used in case we must be compatible with an EncryptedKey
+	* inside the EncryptedData
+	*/
+/* 	xmlNode *t = xml_node; */
+/* 	while (t && strcmp((char*)t->name, "EncryptedKey") != 0 ) { */
+/* 		if (strcmp((char*)t->name, "EncryptedData") == 0 || */
+/* 				strcmp((char*)t->name, "KeyInfo") == 0) */
+/* 			t = t->children; */
+/* 		t = t->next; */
+/* 	} */
+/* 	if (t == NULL) */
+/* 		return NULL; */
 
 	/* create encryption context, with RSA key */
 	encCtx = xmlSecEncCtxCreate(NULL);
@@ -574,7 +609,7 @@ lasso_node_decrypt(xmlNode* xml_node, xmlSecKey *encryption_private_key)
 	encCtx->mode = xmlEncCtxModeEncryptedKey;
 
 	/* decrypt the EncryptedKey */
-	key_buffer = xmlSecEncCtxDecryptToBuffer(encCtx, t);
+	key_buffer = xmlSecEncCtxDecryptToBuffer(encCtx, encrypted_key_node);
 	if (key_buffer != NULL) {
 		des_key = xmlSecKeyReadBuffer(xmlSecKeyDataDesId, key_buffer);
 	}
@@ -594,7 +629,7 @@ lasso_node_decrypt(xmlNode* xml_node, xmlSecKey *encryption_private_key)
 	encCtx->mode = xmlEncCtxModeEncryptedData;
 
 	/* decrypt the EncryptedData */
-	if ((xmlSecEncCtxDecrypt(encCtx, xml_node) < 0) || (encCtx->result == NULL)) {
+	if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
 		message(G_LOG_LEVEL_WARNING, "Decryption failed");
 		return NULL;
 	}
diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h
index f52a1982..1c73701e 100644
--- a/lasso/xml/xml.h
+++ b/lasso/xml/xml.h
@@ -145,9 +145,6 @@ LASSO_EXPORT char* lasso_node_export_to_paos_request(LassoNode *node, const char
 LASSO_EXPORT char* lasso_node_export_to_ecp_soap_response(LassoNode *node,
 				const char *assertionConsumerURL);
 
-LASSO_EXPORT xmlNode* lasso_node_encrypt(LassoNode *lasso_node, xmlSecKey *encryption_public_key);
-LASSO_EXPORT LassoNode* lasso_node_decrypt(xmlNode* xml_node, xmlSecKey *encryption_private_key);
-
 LASSO_EXPORT xmlNode* lasso_node_get_xmlNode(LassoNode *node, gboolean lasso_dump);
 
 LASSO_EXPORT LassoMessageFormat lasso_node_init_from_message(LassoNode *node, const char *message);
diff --git a/lasso/xml/xml_enc.h b/lasso/xml/xml_enc.h
new file mode 100644
index 00000000..b7d87c8b
--- /dev/null
+++ b/lasso/xml/xml_enc.h
@@ -0,0 +1,45 @@
+/* $Id$ 
+ *
+ * Lasso - A free implementation of the Liberty Alliance specifications.
+ *
+ * Copyright (C) 2004, 2005 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: See AUTHORS file in top-level directory.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef __LASSO_XML_ENC_H__
+#define __LASSO_XML_ENC_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <lasso/xml/xml.h>
+#include <lasso/xml/saml-2.0/saml2_encrypted_element.h>
+
+LassoSaml2EncryptedElement* lasso_node_encrypt(LassoNode *lasso_node,
+				xmlSecKey *encryption_public_key);
+LassoNode* lasso_node_decrypt(LassoSaml2EncryptedElement* encrypted_element,
+				xmlSecKey *encryption_private_key);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __LASSO_XML_H__ */
author	Damien Laniel <dlaniel@entrouvert.com>	2006-11-16 14:34:57 +0000
committer	Damien Laniel <dlaniel@entrouvert.com>	2006-11-16 14:34:57 +0000
commit	92e8799a564ea6a14e35806a6f9cac9bd02b08ea (patch)
tree	0e568406746defc8a7207b155d82913f80fd9ca0
parent	fb131f73c583b19c379f35b44689f622b7804894 (diff)