XML ID-FF 1.2 & SAML 2.0: Handle signature failure

 * lasso/xml/saml_assertion.c:
 * lasso/xml/samlp_response_abstract.c:
 * lasso/xml/samlp_request_abstract.c:
 * lasso/xml/saml-2.0/samlp2_request_abstract.c:
 * lasso/xml/saml-2.0/saml2_assertion.c:
 * lasso/xml/saml-2.0/samlp2_status_response.c:
   if a failure occur in the signing process, free the xmlnode, return
   NULL and print a warning.

6 files changed, 79 insertions, 32 deletions

diff --git a/lasso/xml/saml-2.0/saml2_assertion.c b/lasso/xml/saml-2.0/saml2_assertion.c
index 582a9f36..bb6145d8 100644
--- a/lasso/xml/saml-2.0/saml2_assertion.c
+++ b/lasso/xml/saml-2.0/saml2_assertion.c
@@ -23,6 +23,7 @@
  */
 
 
+#include "../../utils.h"
 #include "../private.h"
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
@@ -116,20 +117,25 @@ static LassoNodeClass *parent_class = NULL;
 static xmlNode*
 get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
-	LassoSaml2Assertion *request = LASSO_SAML2_ASSERTION(node);
+	LassoSaml2Assertion *assertion = LASSO_SAML2_ASSERTION(node);
 	xmlNode *xmlnode;
 	int rc;
 
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 
-	if (lasso_dump == FALSE && request->sign_type) {
-		if (request->private_key_file == NULL) {
+	if (lasso_dump == FALSE && assertion->sign_type) {
+		if (assertion->private_key_file == NULL) {
 			message(G_LOG_LEVEL_WARNING,
-					"No Private Key set for signing samlp2:RequestAbstract");
+					"No Private Key set for signing saml2:Assertion");
 		} else {
-			rc = lasso_sign_node(xmlnode, "ID", request->ID,
-				request->private_key_file, request->certificate_file);
-			/* signature may have failed; what to do ? */
+			rc = lasso_sign_node(xmlnode, "ID", assertion->ID,
+				assertion->private_key_file, assertion->certificate_file);
+			if (rc != 0) {
+				message(G_LOG_LEVEL_WARNING, "Signing of saml2:Assertion failed: %s", lasso_strerror(rc));
+			}
+		}
+		if (rc != 0) {
+			lasso_release_xml_node(xmlnode);
 		}
 	}
 
diff --git a/lasso/xml/saml-2.0/samlp2_request_abstract.c b/lasso/xml/saml-2.0/samlp2_request_abstract.c
index cecb4abb..d9118d82 100644
--- a/lasso/xml/saml-2.0/samlp2_request_abstract.c
+++ b/lasso/xml/saml-2.0/samlp2_request_abstract.c
@@ -24,6 +24,7 @@
 
 
 #include "../private.h"
+#include "../../utils.h"
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
 
@@ -116,7 +117,7 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
 	LassoSamlp2RequestAbstract *request = LASSO_SAMLP2_REQUEST_ABSTRACT(node);
 	xmlNode *xmlnode;
-	int rc;
+	int rc = -1;
 
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 
@@ -127,7 +128,12 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 		} else {
 			rc = lasso_sign_node(xmlnode, "ID", request->ID,
 				request->private_key_file, request->certificate_file);
-			/* signature may have failed; what to do ? */
+			if (rc != 0) {
+				message(G_LOG_LEVEL_WARNING, "Signing of samlp2:RequestAbstract failed: %s", lasso_strerror(rc));
+			}
+		}
+		if (rc != 0) {
+			lasso_release_xml_node(xmlnode);
 		}
 	}
 
diff --git a/lasso/xml/saml-2.0/samlp2_status_response.c b/lasso/xml/saml-2.0/samlp2_status_response.c
index c06946b9..c25266f3 100644
--- a/lasso/xml/saml-2.0/samlp2_status_response.c
+++ b/lasso/xml/saml-2.0/samlp2_status_response.c
@@ -24,11 +24,11 @@
 
 
 #include "../private.h"
+#include "../../utils.h"
+#include "./samlp2_status_response.h"
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
 
-#include "samlp2_status_response.h"
-
 /**
  * SECTION:samlp2_status_response
  * @short_description: &lt;samlp2:StatusResponse&gt;
@@ -97,7 +97,6 @@ static struct XmlSnippet schema_snippets[] = {
 
 static LassoNodeClass *parent_class = NULL;
 
-
 static gchar*
 build_query(LassoNode *node)
 {
@@ -112,7 +111,6 @@ build_query(LassoNode *node)
 	return ret;
 }
 
-
 static gboolean
 init_from_query(LassoNode *node, char **query_fields)
 {
@@ -122,27 +120,31 @@ init_from_query(LassoNode *node, char **query_fields)
 static xmlNode*
 get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
-	LassoSamlp2StatusResponse *request = LASSO_SAMLP2_STATUS_RESPONSE(node);
+	LassoSamlp2StatusResponse *response = LASSO_SAMLP2_STATUS_RESPONSE(node);
 	xmlNode *xmlnode;
-	int rc;
+	int rc = -1;
 
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 
-	if (lasso_dump == FALSE && request->sign_type) {
-		if (request->private_key_file == NULL) {
+	if (lasso_dump == FALSE && response->sign_type) {
+		if (response->private_key_file == NULL) {
 			message(G_LOG_LEVEL_WARNING,
-					"No Private Key set for signing samlp2:RequestAbstract");
+					"No Private Key set for signing samlp2:StatusResponse");
 		} else {
-			rc = lasso_sign_node(xmlnode, "ID", request->ID,
-				request->private_key_file, request->certificate_file);
-			/* signature may have failed; what to do ? */
+			rc = lasso_sign_node(xmlnode, "ID", response->ID,
+				response->private_key_file, response->certificate_file);
+			if (rc != 0) {
+				message(G_LOG_LEVEL_WARNING, "Signing of samlp2:StatusResponse failed: %s", lasso_strerror(rc));
+			}
+		}
+		if (rc != 0) {
+			lasso_release_xml_node(xmlnode);
 		}
 	}
 
 	return xmlnode;
 }
 
-
 /*****************************************************************************/
 /* instance and class init functions                                         */
 /*****************************************************************************/
diff --git a/lasso/xml/saml_assertion.c b/lasso/xml/saml_assertion.c
index 8b3608aa..819c733a 100644
--- a/lasso/xml/saml_assertion.c
+++ b/lasso/xml/saml_assertion.c
@@ -23,6 +23,7 @@
  */
 
 #include "private.h"
+#include "../utils.h"
 #include <xmlsec/xmltree.h>
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
@@ -152,16 +153,26 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 	LassoSamlAssertion *assertion = LASSO_SAML_ASSERTION(node);
 	xmlNode *xmlnode;
 	xmlNs *ns;
-	int rc;
+	int rc = -1;
 
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 	ns = xmlSearchNs(NULL, xmlnode, (xmlChar*)"saml");
 	insure_namespace(xmlnode, ns);
 
 	if (lasso_dump == FALSE && assertion->sign_type) {
-		rc = lasso_sign_node(xmlnode, "AssertionID", assertion->AssertionID,
+		if (assertion->private_key_file == NULL) {
+			message(G_LOG_LEVEL_WARNING,
+					"No Private Key set for signing saml:Assertion");
+		} else {
+			rc = lasso_sign_node(xmlnode, "AssertionID", assertion->AssertionID,
 				assertion->private_key_file, assertion->certificate_file);
-		/* signature may have failed; what to do ? */
+			if (rc != 0) {
+				message(G_LOG_LEVEL_WARNING, "Signing of saml:Assertion failed: %s", lasso_strerror(rc));
+			}
+		}
+		if (rc != 0) {
+			lasso_release_xml_node(xmlnode);
+		}
 	}
 
 	return xmlnode;
diff --git a/lasso/xml/samlp_request_abstract.c b/lasso/xml/samlp_request_abstract.c
index b6f23025..3ef984f1 100644
--- a/lasso/xml/samlp_request_abstract.c
+++ b/lasso/xml/samlp_request_abstract.c
@@ -23,6 +23,7 @@
  */
 
 #include "private.h"
+#include "../utils.h"
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
 
@@ -82,14 +83,24 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
 	LassoSamlpRequestAbstract *request = LASSO_SAMLP_REQUEST_ABSTRACT(node);
 	xmlNode *xmlnode;
-	int rc;
+	int rc = -1;
 
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 
 	if (lasso_dump == FALSE && request->sign_type) {
-		rc = lasso_sign_node(xmlnode, "RequestID", request->RequestID,
+		if (request->private_key_file == NULL) {
+			message(G_LOG_LEVEL_WARNING,
+					"No Private Key set for signing samlp:RequestAbstract");
+		} else {
+			rc = lasso_sign_node(xmlnode, "RequestID", request->RequestID,
 				request->private_key_file, request->certificate_file);
-		/* signature may have failed; what to do ? */
+			if (rc != 0) {
+				message(G_LOG_LEVEL_WARNING, "Signing of samlp:RequestAbstract failed: %s", lasso_strerror(rc));
+			}
+		}
+		if (rc != 0) {
+			lasso_release_xml_node(xmlnode);
+		}
 	}
 
 	return xmlnode;
diff --git a/lasso/xml/samlp_response_abstract.c b/lasso/xml/samlp_response_abstract.c
index 5fab29e7..e52e4ba8 100644
--- a/lasso/xml/samlp_response_abstract.c
+++ b/lasso/xml/samlp_response_abstract.c
@@ -23,6 +23,7 @@
  */
 
 #include "private.h"
+#include "../utils.h"
 #include <xmlsec/xmldsig.h>
 #include <xmlsec/templates.h>
 
@@ -86,14 +87,24 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
 	LassoSamlpResponseAbstract *response = LASSO_SAMLP_RESPONSE_ABSTRACT(node);
 	xmlNode *xmlnode;
-	int rc;
+	int rc = -1;
 
 	xmlnode = parent_class->get_xmlNode(node, lasso_dump);
 
 	if (lasso_dump == FALSE && response->sign_type) {
-		rc = lasso_sign_node(xmlnode, "ResponseID", response->ResponseID,
-				response->private_key_file, response->certificate_file);
-		/* signature may have failed; what to do ? */
+		if (response->private_key_file == NULL) {
+			message(G_LOG_LEVEL_WARNING,
+					"No Private Key set for signing samlp:ResponseAbstract");
+		} else {
+			rc = lasso_sign_node(xmlnode, "ResponseID", response->ResponseID,
+					response->private_key_file, response->certificate_file);
+			if (rc != 0) {
+				message(G_LOG_LEVEL_WARNING, "Signing of samlp:ResponseAbstract failed: %s", lasso_strerror(rc));
+			}
+		}
+		if (rc != 0) {
+			lasso_release_xml_node(xmlnode);
+		}
 	}
 
 	return xmlnode;