diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-09-01 12:44:42 +0200 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-09-03 19:02:41 +0200 |
commit | 90fda9d5564dfc690e5df9c9085bf534f918b2e8 (patch) | |
tree | 5bb3b03523b9b1bcd6c510684819f65cb3a75483 /lasso/xml | |
parent | 5f5942a4dd209a6c608aa67f3af4b62c2be9bdf0 (diff) | |
download | lasso-90fda9d5564dfc690e5df9c9085bf534f918b2e8.tar.gz lasso-90fda9d5564dfc690e5df9c9085bf534f918b2e8.tar.xz lasso-90fda9d5564dfc690e5df9c9085bf534f918b2e8.zip |
[Core] load signature parameters
Generic signature parameters (attached as qdata to nodes) is now
reloaded when initializing a node from XML for a node type with a
signature snippet in its metadatas.
It fixes the problematic usage of ciphered private keys with the
HTTP-Artifact binding (which needs to keep a copy of the AuthnResponse
around and to sign it later).
Diffstat (limited to 'lasso/xml')
-rw-r--r-- | lasso/xml/xml.c | 54 |
1 files changed, 49 insertions, 5 deletions
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index 6fbe700e..5dbc010b 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -1162,6 +1162,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) struct XmlSnippet *snippet_any = NULL; struct XmlSnippet *snippet_any_attribute = NULL; struct XmlSnippet *snippet_collect_namespaces = NULL; + struct XmlSnippet *snippet_signature = NULL; GSList *unknown_nodes = NULL; GSList *known_attributes = NULL; gboolean keep_xmlnode = FALSE; @@ -1363,6 +1364,10 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) snippet_collect_namespaces = snippet; } + if (type == SNIPPET_SIGNATURE) { + snippet_signature = snippet; + } + if (type == SNIPPET_ATTRIBUTE) { if (snippet->type & SNIPPET_ANY) { snippet_any_attribute = snippet; @@ -1411,6 +1416,44 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) _lasso_node_collect_namespaces(value, xmlnode); } + /* Collect signature parameters */ + { + LassoSignatureMethod method; + LassoSignatureType type; + xmlChar *private_key = NULL; + xmlChar *private_key_password = NULL; + xmlChar *certificate = NULL; + + while (snippet_signature) { + int what; + if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE, + BAD_CAST LASSO_LIB_HREF, &what, + LASSO_SIGNATURE_METHOD_RSA_SHA1, + LASSO_SIGNATURE_METHOD_LAST)) + break; + method = what; + if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE, + BAD_CAST LASSO_LIB_HREF, &what, LASSO_SIGNATURE_TYPE_NONE+1, + LASSO_SIGNATURE_TYPE_LAST)) + break; + type = what; + private_key = xmlGetNsProp(xmlnode, LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE, + BAD_CAST LASSO_LIB_HREF); + if (! private_key) + break; + private_key = xmlGetNsProp(xmlnode, LASSO_PRIVATE_KEY_ATTRIBUTE, BAD_CAST + LASSO_LIB_HREF); + certificate = xmlGetNsProp(xmlnode, LASSO_CERTIFICATE_ATTRIBUTE, BAD_CAST + LASSO_LIB_HREF); + lasso_node_set_signature(node, type, + method, (char*) private_key, (char*) private_key_password, (char*) certificate); + } + lasso_release_xml_string(private_key); + lasso_release_xml_string(private_key_password); + lasso_release_xml_string(certificate); + } + + /* Collect other children */ if (unknown_nodes && snippet_any) { xmlNode *t = unknown_nodes->data; void *tmp; @@ -1419,6 +1462,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) (*(char**)value) = tmp; } + /* Collect other attributes */ if (snippet_any_attribute) { GHashTable **any_attribute; GSList *tmp_attr; @@ -1638,15 +1682,15 @@ lasso_node_impl_get_xmlNode(LassoNode *node, gboolean lasso_dump) if (private_key) { ns = get_or_define_ns(xmlnode, BAD_CAST LASSO_LASSO_HREF); sprintf(buffer, "%u", type); - xmlSetNsProp(xmlnode, ns, BAD_CAST "SignatureType", BAD_CAST buffer); + xmlSetNsProp(xmlnode, ns, LASSO_SIGNATURE_TYPE_ATTRIBUTE, BAD_CAST buffer); sprintf(buffer, "%u", method); - xmlSetNsProp(xmlnode, ns, BAD_CAST "SignatureMethod", BAD_CAST buffer); - xmlSetNsProp(xmlnode, ns, BAD_CAST "PrivateKey", BAD_CAST private_key); + xmlSetNsProp(xmlnode, ns, LASSO_SIGNATURE_METHOD_ATTRIBUTE, BAD_CAST buffer); + xmlSetNsProp(xmlnode, ns, LASSO_PRIVATE_KEY_ATTRIBUTE, BAD_CAST private_key); if (private_key_password) { - xmlSetNsProp(xmlnode, ns, BAD_CAST "PrivateKeyPassword", BAD_CAST private_key_password); + xmlSetNsProp(xmlnode, ns, LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE, BAD_CAST private_key_password); } if (certificate) { - xmlSetNsProp(xmlnode, ns, BAD_CAST "Certificate", BAD_CAST certificate); + xmlSetNsProp(xmlnode, ns, LASSO_CERTIFICATE_ATTRIBUTE, BAD_CAST certificate); } } } |