diff options
| author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-19 20:34:22 +0000 |
|---|---|---|
| committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-19 20:34:22 +0000 |
| commit | 95afff30e76e9a0cf32651f726ea932b678c7410 (patch) | |
| tree | ae851ffbbe7df619190cea47a31228c7eadafad7 | |
| parent | 5f74157e3a2450eb066a3e2e19561612894a6cd1 (diff) | |
Added differentiation between creating xmlnode for lasso use (the _dump
functions) and creating xmlnode for the wire (export_to_soap...). This
was necessary to keep track of private_key_file to use on an Assertion
while it was kept in a lasso session dump and restored later.
This means the get_xmlNode functions have now a second parameter, gboolean
lasso_dump, TRUE when dumping for lasso internal use.
On the bright side assertions are now signed (that signature is not yet
checked).
| -rw-r--r-- | lasso/id-ff/federation.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/identity.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/lecp.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 31 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/name_registration.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/provider.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/server.c | 8 | ||||
| -rw-r--r-- | lasso/id-ff/session.c | 4 | ||||
| -rw-r--r-- | lasso/id-wsf/discovery.c | 4 | ||||
| -rw-r--r-- | lasso/xml/dst_modify.c | 4 | ||||
| -rw-r--r-- | lasso/xml/dst_modify_response.c | 4 | ||||
| -rw-r--r-- | lasso/xml/dst_query.c | 4 | ||||
| -rw-r--r-- | lasso/xml/dst_query_response.c | 4 | ||||
| -rw-r--r-- | lasso/xml/internals.h | 3 | ||||
| -rw-r--r-- | lasso/xml/saml_assertion.c | 99 | ||||
| -rw-r--r-- | lasso/xml/saml_assertion.h | 11 | ||||
| -rw-r--r-- | lasso/xml/samlp_response.c | 4 | ||||
| -rw-r--r-- | lasso/xml/xml.c | 37 | ||||
| -rw-r--r-- | lasso/xml/xml.h | 4 |
20 files changed, 156 insertions, 85 deletions
diff --git a/lasso/id-ff/federation.c b/lasso/id-ff/federation.c index 5e44b71b..3319e117 100644 --- a/lasso/id-ff/federation.c +++ b/lasso/id-ff/federation.c @@ -139,11 +139,11 @@ static struct XmlSnippet schema_snippets[] = { static LassoNodeClass *parent_class = NULL; static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); xmlSetProp(xmlnode, "FederationDumpVersion", "2"); return xmlnode; diff --git a/lasso/id-ff/identity.c b/lasso/id-ff/identity.c index 8a912890..8e0e91e4 100644 --- a/lasso/id-ff/identity.c +++ b/lasso/id-ff/identity.c @@ -80,11 +80,11 @@ static LassoNodeClass *parent_class = NULL; static void add_federation_childnode(gchar *key, LassoFederation *value, xmlNode *xmlnode) { - xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value))); + xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE)); } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; LassoIdentity *identity = LASSO_IDENTITY(node); diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index a9c67c74..3223a078 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -58,6 +58,8 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } + /* XXX: should not use lasso_node_dump; it is not a dump, it will go + * on the wire */ profile->msg_body = lasso_node_dump(LASSO_NODE(lecp->authnRequestEnvelope), "utf-8", 0); if (profile->msg_body == NULL) { message(G_LOG_LEVEL_CRITICAL, diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index b00ad7a9..58619d96 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -68,7 +68,7 @@ lasso_login_build_assertion(LassoLogin *login, const char *notBefore, const char *notOnOrAfter) { - LassoLibAssertion *assertion; + LassoSamlAssertion *assertion; LassoLibAuthenticationStatement *as; LassoSamlNameIdentifier *nameIdentifier; LassoProfile *profile; @@ -88,11 +88,10 @@ lasso_login_build_assertion(LassoLogin *login, in this case, no InResponseTo will be added in assertion (XXX: what does that mean ? would profile->request also be NULL?) */ - assertion = lasso_lib_assertion_new_full( + assertion = LASSO_SAML_ASSERTION(lasso_lib_assertion_new_full( LASSO_PROVIDER(profile->server)->ProviderID, LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->RequestID, - profile->remote_providerID, - notBefore, notOnOrAfter); + profile->remote_providerID, notBefore, notOnOrAfter)); if (strcmp(login->nameIDPolicy, LASSO_LIB_NAMEID_POLICY_TYPE_ONE_TIME) == 0) { /* if NameIDPolicy is 'onetime', don't use a federation */ @@ -115,15 +114,14 @@ lasso_login_build_assertion(LassoLogin *login, LASSO_SAML_ASSERTION(assertion)->AuthenticationStatement = LASSO_SAML_AUTHENTICATION_STATEMENT(as); - /* FIXME : How to know if the assertion must be signed or unsigned ? */ -#if 0 - /* signature should be added at end (i.e. move this to - * build_response_msg and build_authn_response_msg) */ - ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), - profile->server->signature_method, - profile->server->private_key, - profile->server->certificate); -#endif + if (profile->server->certificate) { + assertion->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; + } else { + assertion->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; + } + assertion->sign_method = profile->server->signature_method; + assertion->private_key_file = g_strdup(profile->server->private_key); + assertion->certificate_file = g_strdup(profile->server->certificate); if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST) { /* only add assertion if response is an AuthnResponse */ @@ -639,7 +637,8 @@ lasso_login_build_authn_response_msg(LassoLogin *login) return critical_error(LASSO_PROFILE_ERROR_INVALID_PROTOCOLPROFILE); } - /* XXX: not sure this was signed in Lasso 0.5.0 */ + /* Countermeasure: The issuer should sign <lib:AuthnResponse> messages. + * (binding and profiles (1.2errata2, page 65) */ LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; @@ -1175,12 +1174,12 @@ static struct XmlSnippet schema_snippets[] = { static LassoNodeClass *parent_class = NULL; static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; LassoLogin *login = LASSO_LOGIN(node); - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); xmlSetProp(xmlnode, "LoginDumpVersion", "2"); if (login->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART) diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index f1d21325..c93adf5b 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -825,11 +825,11 @@ static void check_soap_support(gchar *key, LassoProvider *provider, LassoProfile static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); xmlNodeSetName(xmlnode, "Logout"); xmlSetProp(xmlnode, "LogoutDumpVersion", "2"); diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index e4151d76..65b75156 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -532,11 +532,11 @@ static struct XmlSnippet schema_snippets[] = { static LassoNodeClass *parent_class = NULL; static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); xmlSetProp(xmlnode, "NameRegistrationDumpVersion", "2"); return xmlnode; diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index dc2939ef..1c7379ef 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -227,7 +227,7 @@ add_descriptor_childnodes(gchar *key, GList *value, xmlNode *xmlnode) } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode, *t; LassoProvider *provider = LASSO_PROVIDER(node); diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index cc53d664..53e42afc 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -107,26 +107,26 @@ static LassoNodeClass *parent_class = NULL; static void add_provider_childnode(gchar *key, LassoProvider *value, xmlNode *xmlnode) { - xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value))); + xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE)); } static void add_service_childnode(gchar *key, GList *value, xmlNode *xmlnode) { while (value != NULL) { - xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value->data))); + xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value->data), TRUE)); value = g_list_next(value); } } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { LassoServer *server = LASSO_SERVER(node); char *signature_methods[] = { NULL, "RSA_SHA1", "DSA_SHA1"}; xmlNode *xmlnode; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); xmlNodeSetName(xmlnode, "Server"); xmlSetProp(xmlnode, "ServerDumpVersion", "2"); diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c index 54e85942..ed52b714 100644 --- a/lasso/id-ff/session.c +++ b/lasso/id-ff/session.c @@ -124,11 +124,11 @@ add_assertion_childnode(gchar *key, LassoLibAssertion *value, xmlNode *xmlnode) xmlNode *t; t = xmlNewTextChild(xmlnode, NULL, "Assertion", NULL); xmlSetProp(t, "RemoteProviderID", key); - xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value))); + xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE)); } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; LassoSession *session = LASSO_SESSION(node); diff --git a/lasso/id-wsf/discovery.c b/lasso/id-wsf/discovery.c index fc8720d9..95c09c84 100644 --- a/lasso/id-wsf/discovery.c +++ b/lasso/id-wsf/discovery.c @@ -333,12 +333,12 @@ lasso_discovery_process_query_msg(LassoDiscovery *discovery, const gchar *messag static LassoNodeClass *parent_class = NULL; static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; LassoDiscovery *discovery = LASSO_DISCOVERY(node); - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); xmlNodeSetName(xmlnode, "Discovery"); xmlSetProp(xmlnode, "DiscoveryDumpVersion", "2"); diff --git a/lasso/xml/dst_modify.c b/lasso/xml/dst_modify.c index 545504f6..6681198c 100644 --- a/lasso/xml/dst_modify.c +++ b/lasso/xml/dst_modify.c @@ -93,12 +93,12 @@ insure_namespace(xmlNode *xmlnode, xmlNs *ns) } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; xmlNs *ns; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); ns = xmlNewNs(xmlnode, LASSO_DST_MODIFY(node)->hrefServiceType, LASSO_DST_MODIFY(node)->prefixServiceType); xmlSetNs(xmlnode, ns); diff --git a/lasso/xml/dst_modify_response.c b/lasso/xml/dst_modify_response.c index 6619dd72..559251e1 100644 --- a/lasso/xml/dst_modify_response.c +++ b/lasso/xml/dst_modify_response.c @@ -74,12 +74,12 @@ insure_namespace(xmlNode *xmlnode, xmlNs *ns) } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; xmlNs *ns; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); ns = xmlNewNs(xmlnode, LASSO_DST_MODIFY_RESPONSE(node)->hrefServiceType, LASSO_DST_MODIFY_RESPONSE(node)->prefixServiceType); xmlSetNs(xmlnode, ns); diff --git a/lasso/xml/dst_query.c b/lasso/xml/dst_query.c index b71fd401..2b1ba141 100644 --- a/lasso/xml/dst_query.c +++ b/lasso/xml/dst_query.c @@ -83,12 +83,12 @@ insure_namespace(xmlNode *xmlnode, xmlNs *ns) } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; xmlNs *ns; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); ns = xmlNewNs(xmlnode, LASSO_DST_QUERY(node)->hrefServiceType, LASSO_DST_QUERY(node)->prefixServiceType); xmlSetNs(xmlnode, ns); diff --git a/lasso/xml/dst_query_response.c b/lasso/xml/dst_query_response.c index 280941bb..12e74295 100644 --- a/lasso/xml/dst_query_response.c +++ b/lasso/xml/dst_query_response.c @@ -87,12 +87,12 @@ insure_namespace(xmlNode *xmlnode, xmlNs *ns) } static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode; xmlNs *ns; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); ns = xmlNewNs(xmlnode, LASSO_DST_QUERY_RESPONSE(node)->hrefServiceType, LASSO_DST_QUERY_RESPONSE(node)->prefixServiceType); xmlSetNs(xmlnode, ns); diff --git a/lasso/xml/internals.h b/lasso/xml/internals.h index 9e16bb19..a5239ba3 100644 --- a/lasso/xml/internals.h +++ b/lasso/xml/internals.h @@ -45,7 +45,8 @@ typedef enum { /* transformers for content transformation */ SNIPPET_STRING = 1 << 0, /* default, can be omitted */ SNIPPET_BOOLEAN = 1 << 20, - SNIPPET_INTEGER = 1 << 21 + SNIPPET_INTEGER = 1 << 21, + SNIPPET_LASSO_DUMP = 1 << 22, } SnippetType; struct XmlSnippet { diff --git a/lasso/xml/saml_assertion.c b/lasso/xml/saml_assertion.c index 2ad0a7d1..161a55f0 100644 --- a/lasso/xml/saml_assertion.c +++ b/lasso/xml/saml_assertion.c @@ -23,6 +23,10 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include <xmlsec/xmltree.h> +#include <xmlsec/xmldsig.h> +#include <xmlsec/templates.h> + #include <lasso/xml/saml_assertion.h> /* @@ -68,6 +72,8 @@ static struct XmlSnippet schema_snippets[] = { G_STRUCT_OFFSET(LassoSamlAssertion, AuthenticationStatement) }, { "AttributeStatement", SNIPPET_NODE, G_STRUCT_OFFSET(LassoSamlAssertion, AttributeStatement) }, + { "Signature", SNIPPET_SIGNATURE, + G_STRUCT_OFFSET(LassoSamlAssertion, AssertionID) }, { "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER, G_STRUCT_OFFSET(LassoSamlAssertion, MajorVersion) }, { "MinorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER, @@ -75,6 +81,17 @@ static struct XmlSnippet schema_snippets[] = { { "AssertionID", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlAssertion, AssertionID) }, { "Issuer", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlAssertion, Issuer) }, { "IssueInstant", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlAssertion, IssueInstant) }, + + /* hidden fields; use in lasso dumps */ + { "SignType", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER | SNIPPET_LASSO_DUMP, + G_STRUCT_OFFSET(LassoSamlAssertion, sign_type) }, + { "SignMethod", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER | SNIPPET_LASSO_DUMP, + G_STRUCT_OFFSET(LassoSamlAssertion, sign_method) }, + { "PrivateKeyFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, + G_STRUCT_OFFSET(LassoSamlAssertion, private_key_file) }, + { "CertificateFile", SNIPPET_CONTENT | SNIPPET_LASSO_DUMP, + G_STRUCT_OFFSET(LassoSamlAssertion, certificate_file) }, + { NULL, 0, 0} }; @@ -114,39 +131,77 @@ insure_namespace(xmlNode *xmlnode, xmlNs *ns) static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { + LassoSamlAssertion *assertion = LASSO_SAML_ASSERTION(node); xmlNode *xmlnode; xmlNs *ns; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); ns = xmlSearchNs(NULL, xmlnode, "saml"); insure_namespace(xmlnode, ns); - return xmlnode; -} + if (lasso_dump == FALSE && assertion->sign_type) { + /* sign assertion now */ + /* code could be refactored with lasso_node_export_to_signed_xmlnode */ + xmlDoc *doc; + xmlNode *sign_tmpl; + xmlSecDSigCtx *dsig_ctx; + char *id_value; + xmlAttr *id_attr; -gint -lasso_saml_assertion_set_signature(LassoSamlAssertion *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file) -{ - return 0; -#if 0 /* XXX: signatures are done differently */ - gint ret; - LassoNodeClass *class; + sign_tmpl = xmlSecFindNode(xmlnode, xmlSecNodeSignature, xmlSecDSigNs); + if (sign_tmpl == NULL) + return xmlnode; - g_return_val_if_fail(LASSO_IS_SAML_ASSERTION(node), - LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); + doc = xmlNewDoc("1.0"); + xmlDocSetRootElement(doc, xmlnode); + xmlSetTreeDoc(sign_tmpl, doc); - class = LASSO_NODE_GET_CLASS(node); + id_value = xmlGetProp(xmlnode, "AssertionID"); + id_attr = xmlHasProp(xmlnode, "AssertionID"); + if (id_value) { + xmlAddID(NULL, doc, id_value, id_attr); + xmlFree(id_value); + } - ret = class->add_signature(LASSO_NODE (node), sign_method, - private_key_file, certificate_file); + dsig_ctx = xmlSecDSigCtxCreate(NULL); + dsig_ctx->signKey = xmlSecCryptoAppKeyLoad(assertion->private_key_file, + xmlSecKeyDataFormatPem, + NULL, NULL, NULL); + if (dsig_ctx->signKey == NULL) { + /* XXX: file existence should actually be tested on + * LassoServer creation */ + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED), + assertion->private_key_file); + xmlSecDSigCtxDestroy(dsig_ctx); + return NULL; + } + if (assertion->certificate_file != NULL && assertion->certificate_file[0] != 0) { + if (xmlSecCryptoAppKeyCertLoad(dsig_ctx->signKey, + assertion->certificate_file, + xmlSecKeyDataFormatPem) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED), + assertion->certificate_file); + xmlSecDSigCtxDestroy(dsig_ctx); + return NULL; + } + } + if (xmlSecDSigCtxSign(dsig_ctx, sign_tmpl) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_FAILED), + xmlnode->name); + xmlSecDSigCtxDestroy(dsig_ctx); + return NULL; + } + xmlSecDSigCtxDestroy(dsig_ctx); + xmlUnlinkNode(xmlnode); + xmlFreeDoc(doc); + } - return ret; -#endif + return xmlnode; } /*****************************************************************************/ @@ -169,6 +224,8 @@ class_init(LassoSamlAssertionClass *klass) lasso_node_class_set_nodename(nclass, "Assertion"); lasso_node_class_set_ns(nclass, LASSO_SAML_ASSERTION_HREF, LASSO_SAML_ASSERTION_PREFIX); lasso_node_class_add_snippets(nclass, schema_snippets); + nclass->node_data->sign_type_offset = G_STRUCT_OFFSET(LassoSamlAssertion, sign_type); + nclass->node_data->sign_method_offset = G_STRUCT_OFFSET(LassoSamlAssertion, sign_method); } GType diff --git a/lasso/xml/saml_assertion.h b/lasso/xml/saml_assertion.h index 9b6560cc..1a556af7 100644 --- a/lasso/xml/saml_assertion.h +++ b/lasso/xml/saml_assertion.h @@ -75,6 +75,12 @@ struct _LassoSamlAssertion { char *AssertionID; char *Issuer; char *IssueInstant; + + /* ds:Signature stuff */ + lassoSignatureType sign_type; + lassoSignatureMethod sign_method; + char *private_key_file; + char *certificate_file; }; struct _LassoSamlAssertionClass { @@ -84,11 +90,6 @@ struct _LassoSamlAssertionClass { LASSO_EXPORT GType lasso_saml_assertion_get_type(void); LASSO_EXPORT LassoNode* lasso_saml_assertion_new(void); -LASSO_EXPORT gint lasso_saml_assertion_set_signature(LassoSamlAssertion *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file); - #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/lasso/xml/samlp_response.c b/lasso/xml/samlp_response.c index 27371848..5638538c 100644 --- a/lasso/xml/samlp_response.c +++ b/lasso/xml/samlp_response.c @@ -55,11 +55,11 @@ static struct XmlSnippet schema_snippets[] = { static LassoNodeClass *parent_class = NULL; static xmlNode* -get_xmlNode(LassoNode *node) +get_xmlNode(LassoNode *node, gboolean lasso_dump) { xmlNode *xmlnode, *t; - xmlnode = parent_class->get_xmlNode(node); + xmlnode = parent_class->get_xmlNode(node, lasso_dump); for (t = xmlnode->children; t && strcmp(t->name, "Assertion"); t = t->next) ; diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index e89ddae1..c93e703b 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -39,8 +39,8 @@ -static void lasso_node_build_xmlNode_from_snippets( - LassoNode *node, xmlNode *xmlnode, struct XmlSnippet *snippets); +static void lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, + struct XmlSnippet *snippets, gboolean lasso_dump); static struct XmlSnippet* find_xml_snippet_by_name(LassoNode *node, char *name); static int set_value_at_path(LassoNode *node, char *path, char *query_value); static char* get_value_by_path(LassoNode *node, char *path); @@ -84,7 +84,7 @@ lasso_node_dump(LassoNode *node, const char *encoding, int format) if (buf == NULL) { return NULL; } - xmlnode = lasso_node_get_xmlNode(node); + xmlnode = lasso_node_get_xmlNode(node, TRUE); xmlNodeDumpOutput(buf, NULL, xmlnode, 0, format, encoding); xmlOutputBufferFlush(buf); if (buf->conv != NULL) { @@ -129,7 +129,7 @@ lasso_node_export_to_signed_xmlnode(LassoNode *node, xmlSecDSigCtx *dsig_ctx; char *id_attr_name = NULL; - message = lasso_node_get_xmlNode(node); + message = lasso_node_get_xmlNode(node, FALSE); sign_tmpl = xmlSecFindNode(message, xmlSecNodeSignature, xmlSecDSigNs); if (sign_tmpl && private_key_file) { @@ -471,12 +471,12 @@ lasso_node_build_query(LassoNode *node) } xmlNodePtr -lasso_node_get_xmlNode(LassoNode *node) +lasso_node_get_xmlNode(LassoNode *node, gboolean lasso_dump) { LassoNodeClass *class; g_return_val_if_fail (LASSO_IS_NODE(node), NULL); class = LASSO_NODE_GET_CLASS(node); - return class->get_xmlNode(node); + return class->get_xmlNode(node, lasso_dump); } /*****************************************************************************/ @@ -602,7 +602,7 @@ lasso_node_impl_build_query(LassoNode *node) } static xmlNode* -lasso_node_impl_get_xmlNode(LassoNode *node) +lasso_node_impl_get_xmlNode(LassoNode *node, gboolean lasso_dump) { LassoNodeClass *class = LASSO_NODE_GET_CLASS(node); xmlNode *xmlnode; @@ -623,7 +623,8 @@ lasso_node_impl_get_xmlNode(LassoNode *node) t = g_list_last(list_classes); while (t) { class = t->data; - lasso_node_build_xmlNode_from_snippets(node, xmlnode, class->node_data->snippets); + lasso_node_build_xmlNode_from_snippets(node, xmlnode, + class->node_data->snippets, lasso_dump); t = g_list_previous(t); } @@ -1033,7 +1034,7 @@ lasso_node_class_set_ns(LassoNodeClass *klass, char *href, char *prefix) static void lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, - struct XmlSnippet *snippets) + struct XmlSnippet *snippets, gboolean lasso_dump) { struct XmlSnippet *snippet; SnippetType type; @@ -1046,6 +1047,9 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, char *str = value; type = snippet->type & 0xff; + if (lasso_dump == FALSE && snippet->type & SNIPPET_LASSO_DUMP) + continue; + if (value == NULL && ! (snippet->type & SNIPPET_BOOLEAN || snippet->type & SNIPPET_INTEGER) ) continue; @@ -1064,7 +1068,8 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, xmlAddChild(xmlnode, xmlNewText(str)); break; case SNIPPET_NODE: - xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value))); + xmlAddChild(xmlnode, lasso_node_get_xmlNode( + LASSO_NODE(value), lasso_dump)); break; case SNIPPET_CONTENT: xmlNewTextChild(xmlnode, NULL, snippet->name, str); @@ -1073,19 +1078,21 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, xmlns = xmlNewNs(NULL, LASSO_LIB_HREF, LASSO_LIB_PREFIX); t = xmlAddChild(xmlnode, lasso_node_get_xmlNode( - LASSO_NODE(value))); + LASSO_NODE(value), lasso_dump)); xmlNodeSetName(t, snippet->name); xmlSetNs(t, xmlns); break; case SNIPPET_NODE_IN_CHILD: t = xmlNewTextChild(xmlnode, NULL, snippet->name, NULL); - xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value))); + xmlAddChild(t, lasso_node_get_xmlNode( + LASSO_NODE(value), lasso_dump)); break; case SNIPPET_LIST_NODES: elem = (GList *)value; while (elem) { xmlAddChild(xmlnode, lasso_node_get_xmlNode( - LASSO_NODE(elem->data))); + LASSO_NODE(elem->data), + lasso_dump)); elem = g_list_next(elem); } break; @@ -1115,6 +1122,9 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, char *uri; char *id; + if (lasso_dump) + break; /* no signature in lasso dumps */ + while (klass && LASSO_IS_NODE_CLASS(klass) && klass->node_data) { if (klass->node_data->sign_type_offset) break; @@ -1168,6 +1178,7 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, } break; case SNIPPET_INTEGER: case SNIPPET_BOOLEAN: + case SNIPPET_LASSO_DUMP: g_assert_not_reached(); } if (snippet->type & SNIPPET_INTEGER) diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h index e3f341a7..1da85f0b 100644 --- a/lasso/xml/xml.h +++ b/lasso/xml/xml.h @@ -89,7 +89,7 @@ struct _LassoNodeClass { char* (* build_query) (LassoNode *node); gboolean (* init_from_query) (LassoNode *node, char **query_fields); int (* init_from_xml) (LassoNode *node, xmlNode *xmlnode); - xmlNode* (* get_xmlNode) (LassoNode *node); + xmlNode* (* get_xmlNode) (LassoNode *node, gboolean lasso_dump); char* (* get_sign_attr_name) (); }; @@ -113,7 +113,7 @@ LASSO_EXPORT char* lasso_node_export_to_query(LassoNode *node, LASSO_EXPORT char* lasso_node_export_to_soap(LassoNode *node, const char *private_key_file, const char *certificate_file); -LASSO_EXPORT xmlNode* lasso_node_get_xmlNode(LassoNode *node); +LASSO_EXPORT xmlNode* lasso_node_get_xmlNode(LassoNode *node, gboolean lasso_dump); LASSO_EXPORT LassoMessageFormat lasso_node_init_from_message(LassoNode *node, const char *message); LASSO_EXPORT gboolean lasso_node_init_from_query(LassoNode *node, const char *query); |