diff options
author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-19 15:24:19 +0000 |
---|---|---|
committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-19 15:24:19 +0000 |
commit | 1ecf9e1123e9f566edb4607d6010b0f78c2c5340 (patch) | |
tree | 217bf47620f77a4af22dfe3484cfc4f5f7ed9009 /lasso | |
parent | cae2befb48c60998515875b735e8c2e9ba6f5cfa (diff) | |
download | lasso-1ecf9e1123e9f566edb4607d6010b0f78c2c5340.tar.gz lasso-1ecf9e1123e9f566edb4607d6010b0f78c2c5340.tar.xz lasso-1ecf9e1123e9f566edb4607d6010b0f78c2c5340.zip |
Moved signature template stuff into xml.c and use XmlSnippet for them; this
should insure proper validation against Liberty XML schemas and should help
adding missing signature support to <Assertion>
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/xml/internals.h | 3 | ||||
-rw-r--r-- | lasso/xml/samlp_request_abstract.c | 54 | ||||
-rw-r--r-- | lasso/xml/samlp_response_abstract.c | 56 | ||||
-rw-r--r-- | lasso/xml/xml.c | 62 |
4 files changed, 77 insertions, 98 deletions
diff --git a/lasso/xml/internals.h b/lasso/xml/internals.h index 8e819465..9e16bb19 100644 --- a/lasso/xml/internals.h +++ b/lasso/xml/internals.h @@ -40,6 +40,7 @@ typedef enum { SNIPPET_LIST_NODES, SNIPPET_LIST_CONTENT, SNIPPET_EXTENSION, + SNIPPET_SIGNATURE, /* transformers for content transformation */ SNIPPET_STRING = 1 << 0, /* default, can be omitted */ @@ -64,6 +65,8 @@ struct _LassoNodeClassData struct QuerySnippet *query_snippets; char *node_name; xmlNs *ns; + int sign_type_offset; + int sign_method_offset; }; void lasso_node_class_set_nodename(LassoNodeClass *klass, char *name); diff --git a/lasso/xml/samlp_request_abstract.c b/lasso/xml/samlp_request_abstract.c index 188b4340..970a6394 100644 --- a/lasso/xml/samlp_request_abstract.c +++ b/lasso/xml/samlp_request_abstract.c @@ -55,6 +55,8 @@ /*****************************************************************************/ static struct XmlSnippet schema_snippets[] = { + { "Signature", SNIPPET_SIGNATURE, + G_STRUCT_OFFSET(LassoSamlpRequestAbstract, RequestID) }, { "RequestID", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlpRequestAbstract, RequestID) }, { "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER, G_STRUCT_OFFSET(LassoSamlpRequestAbstract, MajorVersion) }, @@ -65,52 +67,6 @@ static struct XmlSnippet schema_snippets[] = { { NULL, 0, 0} }; -static LassoNodeClass *parent_class = NULL; - -static xmlNode* -get_xmlNode(LassoNode *node) -{ - xmlNode *xmlnode; - LassoSamlpRequestAbstract *request = LASSO_SAMLP_REQUEST_ABSTRACT(node); - - xmlnode = parent_class->get_xmlNode(node); - - /* signature stuff */ - if (request->sign_type != LASSO_SIGNATURE_TYPE_NONE) { - xmlNode *signature = NULL, *reference, *key_info; - char *uri; - - if (request->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) { - signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId, - xmlSecTransformRsaSha1Id, NULL); - } - if (request->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) { - signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId, - xmlSecTransformDsaSha1Id, NULL); - } - /* get out if signature == NULL ? */ - xmlAddChild(xmlnode, signature); - - uri = g_strdup_printf("#%s", request->RequestID); - reference = xmlSecTmplSignatureAddReference(signature, - xmlSecTransformSha1Id, NULL, uri, NULL); - g_free(uri); - - /* add enveloped transform */ - xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId); - /* add exclusive C14N transform */ - xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId); - - /* add <dsig:KeyInfo/> */ - if (request->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) { - key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); - xmlSecTmplKeyInfoAddX509Data(key_info); - } - } - - return xmlnode; -} - static char* get_sign_attr_name() { @@ -138,13 +94,15 @@ class_init(LassoSamlpRequestAbstractClass *klass) { LassoNodeClass *nclass = LASSO_NODE_CLASS(klass); - parent_class = g_type_class_peek_parent(klass); - nclass->get_xmlNode = get_xmlNode; nclass->get_sign_attr_name = get_sign_attr_name; nclass->node_data = g_new0(LassoNodeClassData, 1); lasso_node_class_set_nodename(nclass, "RequestAbstract"); lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX); lasso_node_class_add_snippets(nclass, schema_snippets); + nclass->node_data->sign_type_offset = G_STRUCT_OFFSET( + LassoSamlpRequestAbstract, sign_type); + nclass->node_data->sign_method_offset = G_STRUCT_OFFSET( + LassoSamlpRequestAbstract, sign_method); } GType diff --git a/lasso/xml/samlp_response_abstract.c b/lasso/xml/samlp_response_abstract.c index 128054fa..7e78496c 100644 --- a/lasso/xml/samlp_response_abstract.c +++ b/lasso/xml/samlp_response_abstract.c @@ -57,6 +57,8 @@ /*****************************************************************************/ static struct XmlSnippet schema_snippets[] = { + { "Signature", SNIPPET_SIGNATURE, + G_STRUCT_OFFSET(LassoSamlpResponseAbstract, ResponseID) }, { "ResponseID", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlpResponseAbstract, ResponseID) }, { "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER, @@ -71,53 +73,6 @@ static struct XmlSnippet schema_snippets[] = { { NULL, 0, 0} }; -static LassoNodeClass *parent_class = NULL; - -static xmlNode* -get_xmlNode(LassoNode *node) -{ - xmlNode *xmlnode; - LassoSamlpResponseAbstract *response = LASSO_SAMLP_RESPONSE_ABSTRACT(node); - - xmlnode = parent_class->get_xmlNode(node); - - /* signature stuff */ - if (response->sign_type != LASSO_SIGNATURE_TYPE_NONE) { - xmlNode *signature = NULL, *reference, *key_info; - char *uri; - - if (response->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) { - signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId, - xmlSecTransformRsaSha1Id, NULL); - } - if (response->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) { - signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId, - xmlSecTransformDsaSha1Id, NULL); - } - /* get out if signature == NULL ? */ - xmlAddChild(xmlnode, signature); - - uri = g_strdup_printf("#%s", response->ResponseID); - reference = xmlSecTmplSignatureAddReference(signature, - xmlSecTransformSha1Id, NULL, uri, NULL); - g_free(uri); - - /* add enveloped transform */ - xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId); - /* add exclusive C14N transform */ - xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId); - - /* add <dsig:KeyInfo/> */ - if (response->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) { - key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); - xmlSecTmplKeyInfoAddX509Data(key_info); - } - } - - - return xmlnode; -} - static char* get_sign_attr_name() { @@ -125,7 +80,6 @@ get_sign_attr_name() } - /*****************************************************************************/ /* instance and class init functions */ /*****************************************************************************/ @@ -147,13 +101,15 @@ class_init(LassoSamlpResponseAbstractClass *klass) { LassoNodeClass *nclass = LASSO_NODE_CLASS(klass); - parent_class = g_type_class_peek_parent(klass); - nclass->get_xmlNode = get_xmlNode; nclass->get_sign_attr_name = get_sign_attr_name; nclass->node_data = g_new0(LassoNodeClassData, 1); lasso_node_class_set_nodename(nclass, "ResponseAbstract"); lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX); lasso_node_class_add_snippets(nclass, schema_snippets); + nclass->node_data->sign_type_offset = G_STRUCT_OFFSET( + LassoSamlpResponseAbstract, sign_type); + nclass->node_data->sign_method_offset = G_STRUCT_OFFSET( + LassoSamlpResponseAbstract, sign_method); } GType diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index 2e42d453..906cb86e 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -692,6 +692,8 @@ lasso_node_dispose(GObject *object) case SNIPPET_ATTRIBUTE: g_free(*value); break; + case SNIPPET_SIGNATURE: + break; /* no real element here */ default: fprintf(stderr, "%d\n", type); g_assert_not_reached(); @@ -1097,6 +1099,66 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, elem = g_list_next(elem); } break; + case SNIPPET_SIGNATURE: + { + LassoNodeClass *klass = LASSO_NODE_GET_CLASS(node); + lassoSignatureType sign_type; + lassoSignatureType sign_method; + xmlNode *signature = NULL, *reference, *key_info; + char *uri; + char *id; + + while (klass && LASSO_IS_NODE_CLASS(klass) && klass->node_data) { + if (klass->node_data->sign_type_offset) + break; + klass = g_type_class_peek_parent(klass); + } + + if (klass->node_data->sign_type_offset == 0) + break; + + sign_type = G_STRUCT_MEMBER( + lassoSignatureType, node, + klass->node_data->sign_type_offset); + sign_method = G_STRUCT_MEMBER( + lassoSignatureType, node, + klass->node_data->sign_method_offset); + + if (sign_type == LASSO_SIGNATURE_TYPE_NONE) + break; + + if (sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) { + signature = xmlSecTmplSignatureCreate(NULL, + xmlSecTransformExclC14NId, + xmlSecTransformRsaSha1Id, NULL); + } else { + signature = xmlSecTmplSignatureCreate(NULL, + xmlSecTransformExclC14NId, + xmlSecTransformDsaSha1Id, NULL); + } + /* XXX: get out if signature == NULL ? */ + xmlAddChild(xmlnode, signature); + + id = G_STRUCT_MEMBER(char*, node, snippet->offset); + uri = g_strdup_printf("#%s", id); + reference = xmlSecTmplSignatureAddReference(signature, + xmlSecTransformSha1Id, NULL, uri, NULL); + g_free(uri); + + /* add enveloped transform */ + xmlSecTmplReferenceAddTransform(reference, + xmlSecTransformEnvelopedId); + /* add exclusive C14N transform */ + xmlSecTmplReferenceAddTransform(reference, + xmlSecTransformExclC14NId); + + if (sign_type == LASSO_SIGNATURE_TYPE_WITHX509) { + /* add <dsig:KeyInfo/> */ + key_info = xmlSecTmplSignatureEnsureKeyInfo( + signature, NULL); + xmlSecTmplKeyInfoAddX509Data(key_info); + } + } break; case SNIPPET_INTEGER: case SNIPPET_BOOLEAN: g_assert_not_reached(); |