Added a new argument 'err' (GError *) in 5 methods:

	lasso_ds_signature_sign,
	lasso_node_add_signature,
	lasso_node_verify_signature,
	lasso_saml_assertion_set_signature,
	lasso_samlp_request_abstract_set_signature,
	lasso_samlp_response_abstract_set_signature
for reporting always more errors.

17 files changed, 320 insertions, 141 deletions

diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index 3370dd6e..bb986c5f 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -47,10 +47,13 @@ struct _LassoLoginPrivate
 /*****************************************************************************/
 
 static gchar*
-lasso_login_get_assertion_nameIdentifier(LassoNode *assertion)
+lasso_login_get_assertion_nameIdentifier(LassoNode  *assertion,
+					 GError    **err)
 {
   xmlChar *ni, *idp_ni;
 
+  g_return_val_if_fail (err == NULL || *err == NULL, NULL);
+
   ni = lasso_node_get_child_content(assertion, "NameIdentifier", NULL, NULL);
   idp_ni = lasso_node_get_child_content(assertion, "IDPProvidedNameIdentifier",
 					NULL, NULL);
@@ -65,7 +68,9 @@ lasso_login_get_assertion_nameIdentifier(LassoNode *assertion)
       return (ni);
     }
     else {
-      message(G_LOG_LEVEL_CRITICAL, "NameIdentifier value not found in AuthenticationStatement element.\n");
+      g_set_error(err, g_quark_from_string("Lasso"),
+		  LASSO_XML_ERROR_UNDEFINED,
+		  "NameIdentifier value not found in Assertion element.\n");
       return (NULL);
     }
   }
@@ -89,7 +94,7 @@ lasso_login_add_response_assertion(LassoLogin      *login,
     message(G_LOG_LEVEL_CRITICAL, err->message);
     ret = err->code;
     g_error_free(err);
-    return(ret);
+    return(-1);
   }
 
   assertion = lasso_assertion_new(LASSO_PROFILE(login)->server->providerID,
@@ -105,16 +110,25 @@ lasso_login_add_response_assertion(LassoLogin      *login,
   }
   else {
     message(G_LOG_LEVEL_CRITICAL, "Failed to build the AuthenticationStatement element of the Assertion.\n");
-    lasso_node_destroy(assertion);
-    return(-3);
+    ret = -2;
+    goto done;
   }
+
   /* store NameIdentifier */
-  LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion);
+  LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err);
+  if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
+    message(G_LOG_LEVEL_CRITICAL, err->message);
+    ret = err->code;
+    g_error_free(err);
+    goto done;
+  }
 
+  /* FIXME : How to know if the assertion must be signed or unsigned ? */
   ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
 					   LASSO_PROFILE(login)->server->signature_method,
 					   LASSO_PROFILE(login)->server->private_key,
-					   LASSO_PROFILE(login)->server->certificate);
+					   LASSO_PROFILE(login)->server->certificate,
+					   &err);
   if (ret == 0) {
     lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE(login)->response),
 				       assertion);
@@ -127,7 +141,13 @@ lasso_login_add_response_assertion(LassoLogin      *login,
 				LASSO_PROFILE(login)->remote_providerID,
 				assertion);
   }
+  else {
+    message(G_LOG_LEVEL_CRITICAL, err->message);
+    ret = err->code;
+    g_error_free(err);
+  }
 
+ done:
   lasso_node_destroy(authentication_statement);
   lasso_node_destroy(assertion);
 
@@ -225,58 +245,63 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) {
   assertion = lasso_node_get_child(LASSO_PROFILE(login)->response,
 				   "Assertion",
 				   lassoLibHRef,
-				   NULL);
+				   &err);
   idp = lasso_server_get_provider(LASSO_PROFILE(login)->server,
 				  LASSO_PROFILE(login)->remote_providerID);
 
   if (assertion != NULL) {
     /* verify signature */
     if (idp->ca_certificate != NULL) {
-      signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate);
+      signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate, &err);
       if (signature_check < 0) {
-	/* ret = -1 or -2 or -3 */
-	ret = signature_check;
-	goto done;
+	message(G_LOG_LEVEL_CRITICAL, err->message);
+	ret = err->code;
+	g_clear_error(&err);
+	/* we continue */
       }
     }
 
     /* store NameIdentifier */
-    LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion);
+    LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err);
     if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
-      message(G_LOG_LEVEL_ERROR, "NameIdentifier element not found in Assertion.\n");
-      ret = -4;
-      goto done;
+      message(G_LOG_LEVEL_CRITICAL, err->message);
+      ret = err->code;
+      g_clear_error(&err);
+      /* we continue */
     }
   }
+  else {
+    message(G_LOG_LEVEL_CRITICAL, err->message);
+    ret = err->code;
+    g_clear_error(&err);
+    /* we continue */
+  }
 
   /* check StatusCode value */
   status = lasso_node_get_child(LASSO_PROFILE(login)->response,
-				"Status", lassoSamlProtocolHRef, NULL);
+				"Status", lassoSamlProtocolHRef, &err);
   if (status == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Status element not found in response.\n");
-    ret = -9;
     goto done;
   }
-  statusCode = lasso_node_get_child(status, "StatusCode", lassoSamlProtocolHRef, NULL);
-    
+  statusCode = lasso_node_get_child(status, "StatusCode", lassoSamlProtocolHRef, &err);
   if (statusCode == NULL) {
-    message(G_LOG_LEVEL_ERROR, "StatusCode element not found in Status.\n");
-    ret = -8;
     goto done;
   }
   statusCode_value = lasso_node_get_attr_value(statusCode, "Value", &err);
-  if (err == NULL) {
+  if (statusCode_value != NULL) {
     if (!xmlStrEqual(statusCode_value, lassoSamlStatusCodeSuccess)) {
       ret = -7;
     }
   }
-  else {
-    message(G_LOG_LEVEL_ERROR, err->message);
-    ret = err->code;
-    g_error_free(err);
-  }
 
  done:
+  if (err != NULL) {
+    if (err->code < 0) {
+      message(G_LOG_LEVEL_CRITICAL, err->message);
+      ret = err->code;
+      g_clear_error(&err);
+    }
+  }
   xmlFree(statusCode_value);
   lasso_node_destroy(statusCode);
   lasso_node_destroy(status);
@@ -665,7 +690,8 @@ lasso_login_init_from_authn_request_msg(LassoLogin       *login,
   gchar *protocolProfile;
   xmlChar *md_authnRequestsSigned;
   gboolean must_verify_signature = FALSE;
-  gint signature_status = 0;
+  gint ret = 0;
+  GError *err = NULL;
 
   if (authn_request_method != lassoHttpMethodRedirect && \
       authn_request_method != lassoHttpMethodGet && \
@@ -744,26 +770,27 @@ lasso_login_init_from_authn_request_msg(LassoLogin       *login,
     case lassoHttpMethodGet:
     case lassoHttpMethodRedirect:
       debug("Query signature has been verified\n");
-      signature_status = lasso_query_verify_signature(authn_request_msg,
-						      remote_provider->public_key,
-						      LASSO_PROFILE(login)->server->private_key);
+      ret = lasso_query_verify_signature(authn_request_msg,
+					 remote_provider->public_key,
+					 LASSO_PROFILE(login)->server->private_key);
       break;
     case lassoHttpMethodPost:
-      signature_status = lasso_node_verify_signature(LASSO_PROFILE(login)->request,
-						     remote_provider->ca_certificate);
+      ret = lasso_node_verify_signature(LASSO_PROFILE(login)->request,
+					remote_provider->ca_certificate,
+					NULL);
       break;
     }
     
     /* Modify StatusCode if signature is not OK */
-    if (signature_status == 0 || signature_status == 2) {
-      switch (signature_status) {
-      case 0: /* Invalid Signature */
+    if (ret == LASSO_DS_ERROR_INVALID_SIGNATURE || ret == LASSO_DS_ERROR_SIGNATURE_NOTFOUND) {
+      switch (ret) {
+      case LASSO_DS_ERROR_INVALID_SIGNATURE:
 	lasso_profile_set_response_status(LASSO_PROFILE(login),
-						  lassoLibStatusCodeInvalidSignature);
+					  lassoLibStatusCodeInvalidSignature);
 	break;
-      case 2: /* Unsigned AuthnRequest */
+      case LASSO_DS_ERROR_SIGNATURE_NOTFOUND: /* Unsigned AuthnRequest */
 	lasso_profile_set_response_status(LASSO_PROFILE(login),
-						  lassoLibStatusCodeUnsignedAuthnRequest);
+					  lassoLibStatusCodeUnsignedAuthnRequest);
 	break;
       }
       return (-2);
@@ -871,7 +898,7 @@ lasso_login_process_request_msg(LassoLogin *login,
 				gchar      *request_msg)
 {
   LASSO_PROFILE(login)->request = lasso_request_new_from_export(request_msg,
-									lassoNodeExportTypeSoap);
+								lassoNodeExportTypeSoap);
   LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
 
   login->assertionArtifact = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
@@ -886,7 +913,7 @@ lasso_login_process_response_msg(LassoLogin  *login,
 				 gchar       *response_msg)
 {
   LASSO_PROFILE(login)->response = lasso_response_new_from_export(response_msg,
-									  lassoNodeExportTypeSoap);
+								  lassoNodeExportTypeSoap);
   LASSO_PROFILE(login)->response_type = lassoMessageTypeResponse;
 
   return (lasso_login_process_response_status_and_assertion(login));
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index 15b95cb0..56b9b1dc 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -94,7 +94,8 @@ lasso_logout_build_request_msg(LassoLogout *logout)
     lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request),
 					       profile->server->signature_method,
 					       profile->server->private_key,
-					       profile->server->certificate);
+					       profile->server->certificate,
+					       NULL);
     
     profile->msg_url  = lasso_provider_get_soapEndpoint(provider);
     profile->msg_body = lasso_node_export_to_soap(profile->request);
diff --git a/lasso/id-ff/register_name_identifier.c b/lasso/id-ff/register_name_identifier.c
index 7aca6b41..c402165e 100644
--- a/lasso/id-ff/register_name_identifier.c
+++ b/lasso/id-ff/register_name_identifier.c
@@ -75,7 +75,8 @@ lasso_register_name_identifier_build_request_msg(LassoRegisterNameIdentifier *re
     lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request),
 					       profile->server->signature_method,
 					       profile->server->private_key,
-					       profile->server->certificate);
+					       profile->server->certificate,
+					       NULL);
     
     profile->msg_url  = lasso_provider_get_soapEndpoint(provider);
     profile->msg_body = lasso_node_export_to_soap(profile->request);
diff --git a/lasso/xml/ds_signature.c b/lasso/xml/ds_signature.c
index c60ad1de..e904ca10 100644
--- a/lasso/xml/ds_signature.c
+++ b/lasso/xml/ds_signature.c
@@ -23,6 +23,8 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+#include "errors.h"
+
 #include <xmlsec/templates.h>
 #include <xmlsec/crypto.h>
 
@@ -34,19 +36,24 @@ The schema fragment ():
 */
 
 gint
-lasso_ds_signature_sign(LassoDsSignature *node,
-			const xmlChar    *private_key_file,
-			const xmlChar    *certificate_file)
+lasso_ds_signature_sign(LassoDsSignature  *node,
+			const xmlChar     *private_key_file,
+			const xmlChar     *certificate_file,
+			GError           **err)
 {
   xmlNodePtr signature = LASSO_NODE_GET_CLASS(node)->get_xmlNode(LASSO_NODE(node));
   xmlSecDSigCtxPtr dsig_ctx;
   gint ret = 0;
 
+  g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
+
   /* create signature context */
   dsig_ctx = xmlSecDSigCtxCreate(NULL);
   if(dsig_ctx == NULL) {
-    debug("Failed to create signature context.\n");
-    return(-1);
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_CONTEXT_CREATION_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED));
+    return(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED);
   }
   
   /* load private key, assuming that there is not password */
@@ -54,22 +61,31 @@ lasso_ds_signature_sign(LassoDsSignature *node,
 					     xmlSecKeyDataFormatPem,
 					     NULL, NULL, NULL);
   if(dsig_ctx->signKey == NULL) {
-    ret = -2;
-    debug("Failed to load private pem key from \"%s\"\n", private_key_file);
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED),
+		private_key_file);
+    ret = LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED;
     goto done;
   }
   
   /* load certificate and add to the key */
   if(xmlSecCryptoAppKeyCertLoad(dsig_ctx->signKey, certificate_file,
 				xmlSecKeyDataFormatPem) < 0) {
-    ret = -3;
-    debug("Failed to load pem certificate \"%s\"\n", certificate_file);
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED),
+		certificate_file);
+    ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED;
     goto done;
   }
 
   /* sign the template */
   if(xmlSecDSigCtxSign(dsig_ctx, signature) < 0) {
-    debug("Signature failed.\n");
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_SIGNATURE_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_SIGNATURE_FAILED));
+    ret = LASSO_DS_ERROR_SIGNATURE_FAILED;
   }
 
  done:
@@ -140,28 +156,28 @@ LassoNode* lasso_ds_signature_new(LassoNode        *node,
   signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
 					sign_method, NULL);
   if (signature == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to create signature template\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to create signature template\n");
   }
   reference = xmlSecTmplSignatureAddReference(signature,
 					      xmlSecTransformSha1Id,
 					      NULL, NULL, NULL);
   if (reference == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to add reference to signature template\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to add reference to signature template\n");
   }
 
   /* add enveloped transform */
   if (xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId) == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to add enveloped transform to reference\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to add enveloped transform to reference\n");
   }
 
   /* add <dsig:KeyInfo/> and <dsig:X509Data/> */
   key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL);
   if(key_info == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to add key info\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to add key info\n");
   }
   
   if(xmlSecTmplKeyInfoAddX509Data(key_info) == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to add X509Data node\n");
+    message(G_LOG_LEVEL_CRITICAL, "Failed to add X509Data node\n");
   }
 
   LASSO_NODE_GET_CLASS(sign_node)->set_xmlNode(sign_node, signature);
diff --git a/lasso/xml/ds_signature.h b/lasso/xml/ds_signature.h
index 69386f82..ffa60145 100644
--- a/lasso/xml/ds_signature.h
+++ b/lasso/xml/ds_signature.h
@@ -57,9 +57,10 @@ LASSO_EXPORT GType lasso_ds_signature_get_type(void);
 LASSO_EXPORT LassoNode* lasso_ds_signature_new(LassoNode        *node,
 					       xmlSecTransformId sign_method);
 
-LASSO_EXPORT gint lasso_ds_signature_sign (LassoDsSignature *node,
-					   const xmlChar    *private_key_file,
-					   const xmlChar    *certificate_file);
+LASSO_EXPORT gint lasso_ds_signature_sign (LassoDsSignature  *node,
+					   const xmlChar     *private_key_file,
+					   const xmlChar     *certificate_file,
+					   GError           **err);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/xml/errors.c b/lasso/xml/errors.c
index df152193..f2e823cd 100644
--- a/lasso/xml/errors.c
+++ b/lasso/xml/errors.c
@@ -24,10 +24,14 @@
  */
 
 #include "errors.h"
+#include <stdio.h>
+#include <string.h>
 
 const char*
 lasso_strerror(int error_code)
 {
+  char msg[256];
+
   switch (error_code) {
   case LASSO_XML_ERROR_NODE_NOTFOUND:
     return "Unable to get '%s' child of '%s' element.\n";
@@ -37,7 +41,35 @@ lasso_strerror(int error_code)
     return "Unable to get '%s' attribute of '%s' element.\n";
   case LASSO_XML_ERROR_ATTR_VALUE_NOTFOUND:
     return "Unable to get '%s' attribute value of '%s' element.\n";
+
+  case LASSO_DS_ERROR_CONTEXT_CREATION_FAILED:
+    return "Failed to create signature context.\n";
+  case LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED:
+    return "Failed to load public key %s.\n";
+  case LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED:
+    return "Failed to load private key %s.\n";
+  case LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED:
+    return "Failed to load certificate %s.\n";
+  case LASSO_DS_ERROR_SIGNATURE_FAILED:
+    return "Failed to sign the node.\n";
+  case LASSO_DS_ERROR_SIGNATURE_NOTFOUND:
+    return "Signature element not found in %s.\n";
+  case LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED:
+    return "Failed to create keys manager.\n";
+  case LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED:
+    return "Failed to initialize keys manager.\n";
+  case LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED:
+    return "Failed to verify signature of %s.\n";
+  case LASSO_DS_ERROR_INVALID_SIGNATURE:
+    return "The signature of %s is invalid.\n";
+
+  case LASSO_PARAM_ERROR_INVALID_OBJ_TYPE:
+    return "The type of an object provided as parameter is invalid.\n";
+  case LASSO_PARAM_ERROR_INVALID_VALUE:
+    return "The value of a parameter is invalid.\n";
+
   default:
-    return "Undefined error code !!!\n";
+    sprintf(msg, "Undefined error code %d !!!", error_code);
+    return(strdup(msg));
   }
 }
diff --git a/lasso/xml/errors.h b/lasso/xml/errors.h
index 61e0a844..a127148e 100644
--- a/lasso/xml/errors.h
+++ b/lasso/xml/errors.h
@@ -28,4 +28,22 @@
 #define LASSO_XML_ERROR_ATTR_NOTFOUND  -3
 #define LASSO_XML_ERROR_ATTR_VALUE_NOTFOUND  -4
 
+#define LASSO_XML_ERROR_UNDEFINED  -99
+
+#define LASSO_DS_ERROR_CONTEXT_CREATION_FAILED       -101
+#define LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED        -102
+#define LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED       -103
+#define LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED       -104
+#define LASSO_DS_ERROR_SIGNATURE_FAILED              -105
+#define LASSO_DS_ERROR_SIGNATURE_NOTFOUND            -106
+#define LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED     -107
+#define LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED         -108
+#define LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED -109
+#define LASSO_DS_ERROR_INVALID_SIGNATURE             -110
+
+#define LASSO_PARAM_ERROR_INVALID_OBJ_TYPE -201
+#define LASSO_PARAM_ERROR_INVALID_VALUE    -202
+
+#define LASSO_ERR_ERROR_CHECK_FAILED  -666
+
 const char* lasso_strerror(int error_code);
diff --git a/lasso/xml/saml_assertion.c b/lasso/xml/saml_assertion.c
index 75a8c19d..a845ad70 100644
--- a/lasso/xml/saml_assertion.c
+++ b/lasso/xml/saml_assertion.c
@@ -23,6 +23,8 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+#include "errors.h"
+
 #include <lasso/xml/saml_assertion.h>
 
 /*
@@ -245,18 +247,29 @@ lasso_saml_assertion_set_minorVersion(LassoSamlAssertion *node,
 }
 
 gint
-lasso_saml_assertion_set_signature(LassoSamlAssertion *node,
-				   gint                sign_method,
-				   const xmlChar      *private_key_file,
-				   const xmlChar      *certificate_file)
+lasso_saml_assertion_set_signature(LassoSamlAssertion  *node,
+				   gint                 sign_method,
+				   const xmlChar       *private_key_file,
+				   const xmlChar       *certificate_file,
+				   GError             **err)
 {
+  gint ret;
+  GError *tmp_err = NULL;
+
   g_assert(LASSO_IS_SAML_ASSERTION(node));
   g_assert(private_key_file != NULL);
   g_assert(certificate_file != NULL);
+  g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
 
   LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
-  return (class->add_signature(LASSO_NODE (node), sign_method,
-			       private_key_file, certificate_file));
+
+  ret = class->add_signature(LASSO_NODE (node), sign_method,
+			     private_key_file, certificate_file, &tmp_err);
+  if (ret < 0) {
+    g_propagate_error (err, tmp_err);
+  }
+
+  return (ret);
 }
 
 /*****************************************************************************/
diff --git a/lasso/xml/saml_assertion.h b/lasso/xml/saml_assertion.h
index 4e83803b..95962d02 100644
--- a/lasso/xml/saml_assertion.h
+++ b/lasso/xml/saml_assertion.h
@@ -90,10 +90,11 @@ LASSO_EXPORT void lasso_saml_assertion_set_majorVersion            (LassoSamlAss
 LASSO_EXPORT void lasso_saml_assertion_set_minorVersion            (LassoSamlAssertion *node,
 								    const xmlChar *minorVersion);
 
-LASSO_EXPORT gint lasso_saml_assertion_set_signature               (LassoSamlAssertion *node,
-								    gint                sign_method,
-								    const xmlChar      *private_key_file,
-								    const xmlChar      *certificate_file);
+LASSO_EXPORT gint lasso_saml_assertion_set_signature               (LassoSamlAssertion  *node,
+								    gint                 sign_method,
+								    const xmlChar       *private_key_file,
+								    const xmlChar       *certificate_file,
+								    GError             **err);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/xml/samlp_request_abstract.c b/lasso/xml/samlp_request_abstract.c
index 12263a41..c6995d28 100644
--- a/lasso/xml/samlp_request_abstract.c
+++ b/lasso/xml/samlp_request_abstract.c
@@ -23,6 +23,8 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+#include "errors.h"
+
 #include <lasso/xml/samlp_request_abstract.h>
 
 /*
@@ -111,19 +113,30 @@ lasso_samlp_request_abstract_set_requestID(LassoSamlpRequestAbstract *node,
   class->set_prop(LASSO_NODE (node), "RequestID", requestID);
 }
 
-void
-lasso_samlp_request_abstract_set_signature(LassoSamlpRequestAbstract *node,
-					   gint                       sign_method,
-					   const xmlChar             *private_key_file,
-					   const xmlChar             *certificate_file)
+gint
+lasso_samlp_request_abstract_set_signature(LassoSamlpRequestAbstract  *node,
+					   gint                        sign_method,
+					   const xmlChar              *private_key_file,
+					   const xmlChar              *certificate_file,
+					   GError                    **err)
 {
+  gint ret;
+  GError *tmp_err = NULL;
+
   g_assert(LASSO_IS_SAMLP_REQUEST_ABSTRACT(node));
   g_assert(private_key_file != NULL);
   g_assert(certificate_file != NULL);
+  g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
 
   LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
-  class->add_signature(LASSO_NODE (node), sign_method,
-		       private_key_file, certificate_file);
+
+  ret = class->add_signature(LASSO_NODE (node), sign_method,
+			     private_key_file, certificate_file, &tmp_err);
+  if (ret < 0) {
+    g_propagate_error (err, tmp_err);
+  }
+
+  return (ret);
 }
 
 /*****************************************************************************/
diff --git a/lasso/xml/samlp_request_abstract.h b/lasso/xml/samlp_request_abstract.h
index 0a913714..8e72ce9e 100644
--- a/lasso/xml/samlp_request_abstract.h
+++ b/lasso/xml/samlp_request_abstract.h
@@ -70,10 +70,11 @@ LASSO_EXPORT void lasso_samlp_request_abstract_set_minorVersion  (LassoSamlpRequ
 LASSO_EXPORT void lasso_samlp_request_abstract_set_requestID     (LassoSamlpRequestAbstract *node,
 								  const xmlChar *requestID);
 
-LASSO_EXPORT void lasso_samlp_request_abstract_set_signature     (LassoSamlpRequestAbstract *node,
-								  gint                       sign_method,
-								  const xmlChar             *private_key_file,
-								  const xmlChar             *certificate_file);
+LASSO_EXPORT gint lasso_samlp_request_abstract_set_signature     (LassoSamlpRequestAbstract  *node,
+								  gint                        sign_method,
+								  const xmlChar              *private_key_file,
+								  const xmlChar              *certificate_file,
+								  GError                    **err);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/xml/samlp_response_abstract.c b/lasso/xml/samlp_response_abstract.c
index e66dead3..1823e6ff 100644
--- a/lasso/xml/samlp_response_abstract.c
+++ b/lasso/xml/samlp_response_abstract.c
@@ -23,6 +23,8 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
+#include "errors.h"
+
 #include <lasso/xml/samlp_response_abstract.h>
 
 /*
@@ -126,19 +128,30 @@ lasso_samlp_response_abstract_set_responseID(LassoSamlpResponseAbstract *node,
   class->set_prop(LASSO_NODE (node), "ResponseID", responseID);
 }
 
-void
-lasso_samlp_response_abstract_set_signature(LassoSamlpResponseAbstract *node,
-					    gint                       sign_method,
-					    const xmlChar             *private_key_file,
-					    const xmlChar             *certificate_file)
+gint
+lasso_samlp_response_abstract_set_signature(LassoSamlpResponseAbstract  *node,
+					    gint                         sign_method,
+					    const xmlChar               *private_key_file,
+					    const xmlChar               *certificate_file,
+					    GError                     **err)
 {
+  gint ret;
+  GError *tmp_err = NULL;
+
   g_assert(LASSO_IS_SAMLP_RESPONSE_ABSTRACT(node));
   g_assert(private_key_file != NULL);
   g_assert(certificate_file != NULL);
-  
+  g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
+
   LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
-  class->add_signature(LASSO_NODE (node), sign_method,
-		       private_key_file, certificate_file);
+
+  ret = class->add_signature(LASSO_NODE (node), sign_method,
+			     private_key_file, certificate_file, &tmp_err);
+  if (ret < 0) {
+    g_propagate_error (err, tmp_err);
+  }
+
+  return (ret);
 }
 
 /*****************************************************************************/
diff --git a/lasso/xml/samlp_response_abstract.h b/lasso/xml/samlp_response_abstract.h
index c834cac3..2c6771e7 100644
--- a/lasso/xml/samlp_response_abstract.h
+++ b/lasso/xml/samlp_response_abstract.h
@@ -73,10 +73,11 @@ LASSO_EXPORT void lasso_samlp_response_abstract_set_recipient     (LassoSamlpRes
 LASSO_EXPORT void lasso_samlp_response_abstract_set_responseID    (LassoSamlpResponseAbstract *node,
 								   const xmlChar *responseID);
 
-LASSO_EXPORT void lasso_samlp_response_abstract_set_signature     (LassoSamlpResponseAbstract *node,
-								   gint                        sign_method,
-								   const xmlChar              *private_key_file,
-								   const xmlChar              *certificate_file);
+LASSO_EXPORT gint lasso_samlp_response_abstract_set_signature     (LassoSamlpResponseAbstract  *node,
+								   gint                         sign_method,
+								   const xmlChar               *private_key_file,
+								   const xmlChar               *certificate_file,
+								   GError                     **err);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index ff11a045..10f60824 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -399,13 +399,14 @@ lasso_node_rename_prop(LassoNode     *node,
  * Return value: 1 if signature is valid, 0 if invalid. -1 if an error occurs.
  **/
 gint
-lasso_node_verify_signature(LassoNode   *node,
-			    const gchar *certificate_file)
+lasso_node_verify_signature(LassoNode    *node,
+			    const gchar  *certificate_file,
+			    GError      **err)
 {
   g_return_val_if_fail (LASSO_IS_NODE(node), -1);
 
   LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
-  return (class->verify_signature(node, certificate_file));
+  return (class->verify_signature(node, certificate_file, err));
 }
 
 /*****************************************************************************/
@@ -424,15 +425,17 @@ lasso_node_add_child(LassoNode *node,
 }
 
 static gint
-lasso_node_add_signature(LassoNode         *node,
-			 gint               sign_method,
-			 const xmlChar     *private_key_file,
-			 const xmlChar     *certificate_file)
+lasso_node_add_signature(LassoNode      *node,
+			 gint            sign_method,
+			 const xmlChar  *private_key_file,
+			 const xmlChar  *certificate_file,
+			 GError        **err)
 {
   g_return_val_if_fail(LASSO_IS_NODE(node), -1);
 
   LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
-  return (class->add_signature(node, sign_method, private_key_file, certificate_file));
+  return (class->add_signature(node, sign_method, private_key_file,
+			       certificate_file, err));
 }
 
 static gchar *
@@ -968,18 +971,19 @@ lasso_node_impl_rename_prop(LassoNode     *node,
 }
 
 static gint
-lasso_node_impl_verify_signature(LassoNode   *node,
-				 const gchar *certificate_file)
+lasso_node_impl_verify_signature(LassoNode    *node,
+				 const gchar  *certificate_file,
+				 GError      **err)
 {
   xmlDocPtr doc = xmlNewDoc("1.0");
   xmlNodePtr xmlNode_copy = NULL;
   xmlNodePtr signature = NULL;
   xmlSecKeysMngrPtr mngr = NULL;
   xmlSecDSigCtxPtr dsigCtx = NULL;
-  gint ret = -3;
+  gint ret = 0;
 
-  g_return_val_if_fail (LASSO_IS_NODE(node), -4);
-  g_return_val_if_fail (certificate_file != NULL, -5);
+  g_return_val_if_fail (LASSO_IS_NODE(node), LASSO_PARAM_ERROR_INVALID_OBJ_TYPE);
+  g_return_val_if_fail (certificate_file != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
 
   /* create a copy of the xmlNode (node->private->node) of @node */
   xmlNode_copy = xmlCopyNode(lasso_node_get_xmlNode(node), 1);
@@ -991,20 +995,28 @@ lasso_node_impl_verify_signature(LassoNode   *node,
   signature = xmlSecFindNode(xmlNode_copy, xmlSecNodeSignature, 
 			     xmlSecDSigNs);
   if (signature == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Signature element not found.\n");
-    ret = -2;
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_SIGNATURE_NOTFOUND,
+		lasso_strerror(LASSO_DS_ERROR_SIGNATURE_NOTFOUND));
+    ret = LASSO_DS_ERROR_SIGNATURE_NOTFOUND;
     goto done;	
   }
 
   /* create simple keys mngr */
   mngr = xmlSecKeysMngrCreate();
   if (mngr == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to create keys manager.\n");
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED));
+    ret = LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED;
     goto done;
   }
 
   if (xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
-    message(G_LOG_LEVEL_ERROR, "Failed to initialize keys manager.\n");
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED));
+    ret = LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED;
     goto done;
   }
   
@@ -1012,21 +1024,30 @@ lasso_node_impl_verify_signature(LassoNode   *node,
   if (xmlSecCryptoAppKeysMngrCertLoad(mngr, certificate_file,
 				      xmlSecKeyDataFormatPem,
 				      xmlSecKeyDataTypeTrusted) < 0) {
-    message(G_LOG_LEVEL_ERROR, "Failed to load pem certificate from \"%s\".\n",
-	    certificate_file);
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED),
+		certificate_file);
+    ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED;
     goto done;
   }
 
   /* create signature context */
   dsigCtx = xmlSecDSigCtxCreate(mngr);
   if (dsigCtx == NULL) {
-    message(G_LOG_LEVEL_ERROR, "Failed to create signature context.\n");
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_CONTEXT_CREATION_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED));
+    ret = LASSO_DS_ERROR_CONTEXT_CREATION_FAILED;
     goto done;
   }
 
   /* verify signature */
   if (xmlSecDSigCtxVerify(dsigCtx, signature) < 0) {
-    message(G_LOG_LEVEL_ERROR, "Failed to verify signature.\n");
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED,
+		lasso_strerror(LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED));
+    ret = LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
     goto done;
   }
 
@@ -1034,8 +1055,11 @@ lasso_node_impl_verify_signature(LassoNode   *node,
     ret = 0;
   }
   else {
-    message(G_LOG_LEVEL_ERROR, "The signature of response is invalid.\n");
-    ret = -1;
+    g_set_error(err, g_quark_from_string("Lasso"),
+		LASSO_DS_ERROR_INVALID_SIGNATURE,
+		lasso_strerror(LASSO_DS_ERROR_INVALID_SIGNATURE),
+		node->private->node->name);
+    ret = LASSO_DS_ERROR_INVALID_SIGNATURE;
   }
 
  done:
@@ -1058,7 +1082,7 @@ lasso_node_impl_add_child(LassoNode *node,
 			  gboolean   unbounded)
 {
   xmlNodePtr old_child = NULL;
-  const xmlChar   *href = NULL;
+  const xmlChar *href = NULL;
 
   g_return_if_fail (LASSO_IS_NODE(node));
   g_return_if_fail (LASSO_IS_NODE(child));
@@ -1085,13 +1109,17 @@ lasso_node_impl_add_child(LassoNode *node,
 }
 
 static gint
-lasso_node_impl_add_signature(LassoNode     *node,
-			      gint           sign_method,
-			      const xmlChar *private_key_file,
-			      const xmlChar *certificate_file)
+lasso_node_impl_add_signature(LassoNode      *node,
+			      gint            sign_method,
+			      const xmlChar  *private_key_file,
+			      const xmlChar  *certificate_file,
+			      GError        **err)
 {
   LassoNode *signature = NULL;
   gint ret = 0;
+  GError *tmp_err = NULL;
+
+  g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
 
   switch (sign_method) {
   case lassoSignatureMethodRsaSha1:
@@ -1104,8 +1132,13 @@ lasso_node_impl_add_signature(LassoNode     *node,
   lasso_node_add_child(node, signature, TRUE);
   ret = lasso_ds_signature_sign(LASSO_DS_SIGNATURE(signature),
 				private_key_file,
-				certificate_file);
+				certificate_file,
+				&tmp_err);
   lasso_node_destroy(signature);
+  if (ret < 0) {
+    ret = tmp_err->code;
+    g_propagate_error(err, tmp_err);
+  }
 
   return (ret);
 }
@@ -1192,7 +1225,7 @@ lasso_node_impl_new_child(LassoNode     *node,
 {
   /* LassoNode *old_child = NULL; */
   xmlNodePtr old_child = NULL;
-  const xmlChar   *href = NULL;
+  const xmlChar *href = NULL;
 
   g_return_if_fail (LASSO_IS_NODE(node));
   g_return_if_fail (name != NULL);
@@ -1451,8 +1484,8 @@ lasso_node_class_init(LassoNodeClass *class)
   class->set_prop      = lasso_node_impl_set_prop;
   class->set_xmlNode   = lasso_node_impl_set_xmlNode;
   /* override parent class methods */
-  gobject_class->dispose  = lasso_node_dispose;
-  gobject_class->finalize = lasso_node_finalize;
+  gobject_class->dispose  = (void *)lasso_node_dispose;
+  gobject_class->finalize = (void *)lasso_node_finalize;
 }
 
 GType lasso_node_get_type() {
diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h
index c519bf1d..20e146fb 100644
--- a/lasso/xml/xml.h
+++ b/lasso/xml/xml.h
@@ -106,15 +106,17 @@ struct _LassoNodeClass {
 				       const xmlChar *old_name,
 				       const xmlChar *new_name);
   gint           (* verify_signature) (LassoNode     *node,
-				       const gchar   *certificate_file);
+				       const gchar   *certificate_file,
+				       GError       **err);
   /*< private >*/
   void       (* add_child)     (LassoNode     *node,
 				LassoNode     *child,
 				gboolean       unbounded);
-  gint       (* add_signature) (LassoNode     *node,
-				gint           sign_method,
-				const xmlChar *private_key_file,
-				const xmlChar *certificate_file);
+  gint       (* add_signature) (LassoNode      *node,
+				gint            sign_method,
+				const xmlChar  *private_key_file,
+				const xmlChar  *certificate_file,
+				GError        **err);
   gchar*     (* build_query)   (LassoNode     *node);
   xmlNodePtr (* get_xmlNode)   (LassoNode     *node);
   void       (* new_child)     (LassoNode     *node,
@@ -192,12 +194,13 @@ LASSO_EXPORT void           lasso_node_import           (LassoNode     *node,
 LASSO_EXPORT void           lasso_node_import_from_node (LassoNode *node,
 							 LassoNode *imported_node);
 
-LASSO_EXPORT void           lasso_node_rename_prop      (LassoNode *node,
+LASSO_EXPORT void           lasso_node_rename_prop      (LassoNode     *node,
 							 const xmlChar *old_name,
 							 const xmlChar *new_name);
 
-LASSO_EXPORT gint           lasso_node_verify_signature (LassoNode *node,
-							 const gchar *certificate_file);
+LASSO_EXPORT gint           lasso_node_verify_signature (LassoNode    *node,
+							 const gchar  *certificate_file,
+							 GError      **err);
 
 #ifdef __cplusplus
 }
diff --git a/python/xml/py_saml_assertion.c b/python/xml/py_saml_assertion.c
index 50a1251d..14ba3bdf 100644
--- a/python/xml/py_saml_assertion.c
+++ b/python/xml/py_saml_assertion.c
@@ -72,6 +72,7 @@ PyObject *saml_assertion_set_signature(PyObject *self, PyObject *args) {
   gint           sign_method;
   const xmlChar *private_key_file;
   const xmlChar *certificate_file;
+  int ret;
 
   if (CheckArgs(args, "OISS:saml_assertion_set_signature")) {
     if(!PyArg_ParseTuple(args, (char *) "Oiss:saml_assertion_set_signature",
@@ -81,9 +82,12 @@ PyObject *saml_assertion_set_signature(PyObject *self, PyObject *args) {
   }
   else return NULL;
 
-  lasso_saml_assertion_set_signature(LassoSamlAssertion_get(node_obj),
-				     sign_method,
-				     private_key_file, certificate_file);
+  ret = lasso_saml_assertion_set_signature(LassoSamlAssertion_get(node_obj),
+					   sign_method,
+					   private_key_file, certificate_file,
+					   NULL);
+  /* FIXME generate an exception here */
+
   Py_INCREF(Py_None);
   return (Py_None);
 }
diff --git a/python/xml/py_xml.c b/python/xml/py_xml.c
index 83636187..54c9ee65 100644
--- a/python/xml/py_xml.c
+++ b/python/xml/py_xml.c
@@ -207,7 +207,8 @@ PyObject *node_verify_signature(PyObject *self, PyObject *args) {
   else return NULL;
 
   ret = lasso_node_verify_signature(LassoNode_get(node_obj),
-				    certificate_file);
+				    certificate_file, NULL);
+  /* FIXME generate an exception here */
 
   return (int_wrap(ret));
 }