properly verify signatures and return code appriopriately (closes: #362)

7 files changed, 31 insertions, 17 deletions

diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c
index b351b667..c4196ee6 100644
--- a/lasso/id-ff/login.c
+++ b/lasso/id-ff/login.c
@@ -307,7 +307,7 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login)
 	LassoProvider *idp;
 	LassoSamlpResponse *response;
 	char *status_value;
-	int ret;
+	int ret = 0;
 
 	g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
 
@@ -353,7 +353,7 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login)
 			return LASSO_ERROR_UNDEFINED;
 	}
 
-	return 0;
+	return ret;
 }
 
 /*****************************************************************************/
diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c
index 3e52d617..580b145c 100644
--- a/lasso/id-ff/name_identifier_mapping.c
+++ b/lasso/id-ff/name_identifier_mapping.c
@@ -285,7 +285,7 @@ lasso_name_identifier_mapping_process_response_msg(LassoNameIdentifierMapping *m
 	mapping->targetNameIdentifier = g_strdup(LASSO_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(
 			profile->request)->NameIdentifier->content);
 
-	return 0;
+	return rc;
 }
 
 gint
diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c
index f5faab79..3e89084e 100644
--- a/lasso/id-ff/name_registration.c
+++ b/lasso/id-ff/name_registration.c
@@ -123,7 +123,8 @@ lasso_name_registration_build_response_msg(LassoNameRegistration *name_registrat
 
 	if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
 		profile->msg_url = NULL; /* XXX ??? */
-		profile->msg_body = lasso_node_export_to_soap(profile->response, NULL, NULL);
+		profile->msg_body = lasso_node_export_to_soap(profile->response,
+				profile->server->private_key, profile->server->certificate);
 		return 0;
 	}
 
@@ -274,7 +275,8 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration,
 
 	profile->request = lasso_lib_register_name_identifier_request_new_full(
 			LASSO_PROVIDER(profile->server)->ProviderID,
-			idpNameIdentifier, spNameIdentifier, oldNameIdentifier);
+			idpNameIdentifier, spNameIdentifier, oldNameIdentifier,
+			LASSO_SIGNATURE_TYPE_WITHX509, LASSO_SIGNATURE_METHOD_RSA_SHA1);
 	if (profile->request == NULL) {
 		message(G_LOG_LEVEL_CRITICAL, "Error creating the request");
 		return -1;
@@ -312,6 +314,10 @@ gint lasso_name_registration_process_request_msg(LassoNameRegistration *name_reg
 					profile->request)->ProviderID);
 	}
 
+	/* verify signatures */
+	profile->signature_status = lasso_provider_verify_signature(
+			remote_provider, request_msg, "RequestID", format);
+
 	if (format == LASSO_MESSAGE_FORMAT_SOAP)
 		profile->http_request_method = LASSO_HTTP_METHOD_SOAP;
 	if (format == LASSO_MESSAGE_FORMAT_QUERY)
@@ -347,7 +353,7 @@ gint lasso_name_registration_process_request_msg(LassoNameRegistration *name_reg
 	}
 
 
-	return 0;
+	return profile->signature_status;
 }
 
 gint
@@ -436,7 +442,7 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr
 	profile->msg_relayState = g_strdup(
 			LASSO_LIB_STATUS_RESPONSE(profile->response)->RelayState);
 
-	return 0;
+	return rc;
 }
 
 gint
@@ -471,7 +477,8 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio
 	profile->response = lasso_lib_register_name_identifier_response_new_full(
 			LASSO_PROVIDER(profile->server)->ProviderID,
 			LASSO_SAML_STATUS_CODE_SUCCESS, 
-			LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request));
+			LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request),
+			LASSO_SIGNATURE_TYPE_WITHX509, LASSO_SIGNATURE_METHOD_RSA_SHA1);
 	if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) {
 		message(G_LOG_LEVEL_CRITICAL, "Error building response");
 		return -1;
diff --git a/lasso/xml/lib_register_name_identifier_request.c b/lasso/xml/lib_register_name_identifier_request.c
index cace603b..25d39e86 100644
--- a/lasso/xml/lib_register_name_identifier_request.c
+++ b/lasso/xml/lib_register_name_identifier_request.c
@@ -269,10 +269,11 @@ lasso_lib_register_name_identifier_request_new()
 }
 
 LassoNode*
-lasso_lib_register_name_identifier_request_new_full(char *providerID,
+lasso_lib_register_name_identifier_request_new_full(const char *providerID,
 		LassoSamlNameIdentifier *idpNameIdentifier,
 		LassoSamlNameIdentifier *spNameIdentifier,
-		LassoSamlNameIdentifier *oldNameIdentifier)
+		LassoSamlNameIdentifier *oldNameIdentifier,
+		lassoSignatureType sign_type, lassoSignatureMethod sign_method)
 {
 	LassoLibRegisterNameIdentifierRequest *request;
 	LassoSamlpRequestAbstract *request_base;
@@ -284,6 +285,8 @@ lasso_lib_register_name_identifier_request_new_full(char *providerID,
 	request_base->MajorVersion = LASSO_LIB_MAJOR_VERSION_N;
 	request_base->MinorVersion = LASSO_LIB_MINOR_VERSION_N;
 	request_base->IssueInstant = lasso_get_current_time();
+	request_base->sign_type = sign_type;
+	request_base->sign_method = sign_method;
 
 	request->ProviderID = g_strdup(providerID);
 	request->IDPProvidedNameIdentifier = idpNameIdentifier;
diff --git a/lasso/xml/lib_register_name_identifier_request.h b/lasso/xml/lib_register_name_identifier_request.h
index 54c8463c..091857dd 100644
--- a/lasso/xml/lib_register_name_identifier_request.h
+++ b/lasso/xml/lib_register_name_identifier_request.h
@@ -76,10 +76,11 @@ struct _LassoLibRegisterNameIdentifierRequestClass {
 LASSO_EXPORT GType lasso_lib_register_name_identifier_request_get_type(void);
 LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_request_new(void);
 LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_request_new_full(
-		char *providerID,
+		const char *providerID,
 		LassoSamlNameIdentifier *idpNameIdentifier,
 		LassoSamlNameIdentifier *spNameIdentifier,
-		LassoSamlNameIdentifier *oldNameIdentifier);
+		LassoSamlNameIdentifier *oldNameIdentifier,
+		lassoSignatureType sign_type, lassoSignatureMethod sign_method);
 
 #ifdef __cplusplus
 }
diff --git a/lasso/xml/lib_register_name_identifier_response.c b/lasso/xml/lib_register_name_identifier_response.c
index 0af644b9..2f0cc471 100644
--- a/lasso/xml/lib_register_name_identifier_response.c
+++ b/lasso/xml/lib_register_name_identifier_response.c
@@ -87,8 +87,9 @@ lasso_lib_register_name_identifier_response_new()
 }
 
 LassoNode*
-lasso_lib_register_name_identifier_response_new_full(char *providerID,
-		const char *statusCodeValue, LassoLibRegisterNameIdentifierRequest *request)
+lasso_lib_register_name_identifier_response_new_full(const char *providerID,
+		const char *statusCodeValue, LassoLibRegisterNameIdentifierRequest *request,
+		lassoSignatureType sign_type, lassoSignatureMethod sign_method)
 {
 	LassoLibStatusResponse *response;
 	
@@ -99,6 +100,8 @@ lasso_lib_register_name_identifier_response_new_full(char *providerID,
 			LASSO_SAMLP_RESPONSE_ABSTRACT(response),
 			LASSO_SAMLP_REQUEST_ABSTRACT(request)->RequestID,
 			request->ProviderID);
+	LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_type = sign_type;
+	LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_method = sign_method;
 
 	response->RelayState = g_strdup(request->RelayState);
 	response->Status = lasso_samlp_status_new();
diff --git a/lasso/xml/lib_register_name_identifier_response.h b/lasso/xml/lib_register_name_identifier_response.h
index 3cf8ad92..f99f6ca2 100644
--- a/lasso/xml/lib_register_name_identifier_response.h
+++ b/lasso/xml/lib_register_name_identifier_response.h
@@ -64,9 +64,9 @@ struct _LassoLibRegisterNameIdentifierResponseClass {
 LASSO_EXPORT GType lasso_lib_register_name_identifier_response_get_type(void);
 LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_response_new(void);
 LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_response_new_full(
-		char *providerID,
-		const char *statusCodeValue,
-		LassoLibRegisterNameIdentifierRequest *request);
+		const char *providerID, const char *statusCodeValue,
+		LassoLibRegisterNameIdentifierRequest *request,
+		lassoSignatureType sign_type, lassoSignatureMethod sign_method);
 
 #ifdef __cplusplus
 }