diff options
| -rw-r--r-- | lasso/id-ff/defederation.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/lecp.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 26 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/name_identifier_mapping.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/name_registration.c | 4 | ||||
| -rw-r--r-- | lasso/xml/samlp_request_abstract.c | 88 | ||||
| -rw-r--r-- | lasso/xml/samlp_request_abstract.h | 4 | ||||
| -rw-r--r-- | lasso/xml/xml.c | 257 | ||||
| -rw-r--r-- | lasso/xml/xml.h | 5 |
10 files changed, 136 insertions, 262 deletions
diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c index 3ed3307f..d735deab 100644 --- a/lasso/id-ff/defederation.c +++ b/lasso/id-ff/defederation.c @@ -94,7 +94,7 @@ lasso_defederation_build_notification_msg(LassoDefederation *defederation) /* build the logout request message */ profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request); + profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); } if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) { /* build and optionaly sign the query message and build the diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index 90913ab7..90f87ed3 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -106,7 +106,7 @@ lasso_lecp_build_authn_request_msg(LassoLecp *lecp, remote_provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SingleSignOnServiceURL"); - profile->msg_body = lasso_node_export_to_soap(profile->request); + profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); if (profile->msg_body == NULL) { message(G_LOG_LEVEL_CRITICAL, "Error while building the AuthnRequest SOAP message"); return -1; @@ -190,7 +190,7 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp, lecp->authnResponseEnvelope = lasso_lib_authn_response_envelope_new( LASSO_LIB_AUTHN_RESPONSE(profile->response), assertionConsumerServiceURL); - LASSO_PROFILE(lecp)->msg_body = lasso_node_export_to_soap(lecp->authnResponseEnvelope); + LASSO_PROFILE(lecp)->msg_body = lasso_node_export_to_soap(lecp->authnResponseEnvelope, NULL, NULL); if (LASSO_PROFILE(lecp)->msg_body == NULL) { message(G_LOG_LEVEL_CRITICAL, "Error while exporting the AuthnResponseEnvelope to SOAP msg"); diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 683b354a..167e01e8 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -770,26 +770,22 @@ gint lasso_login_build_request_msg(LassoLogin *login) { LassoProvider *remote_provider; + LassoProfile *profile; g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); - /* sign request */ -#if 0 /* XXX: signatures are done differently */ - ret = lasso_samlp_request_abstract_sign_signature_tmpl( - LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request), - LASSO_PROFILE(login)->server->private_key, - LASSO_PROFILE(login)->server->certificate); -#endif - LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(LASSO_PROFILE(login)->request); + profile = LASSO_PROFILE(login); - remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers, - LASSO_PROFILE(login)->remote_providerID); + LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(profile->request, + profile->server->private_key, profile->server->certificate); + + remote_provider = g_hash_table_lookup(profile->server->providers, + profile->remote_providerID); if (remote_provider == NULL) { message(G_LOG_LEVEL_CRITICAL, "Remote provider not found"); return -1; } - LASSO_PROFILE(login)->msg_url = lasso_provider_get_metadata_one( - remote_provider, "SoapEndpoint"); + profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); return 0; } @@ -847,7 +843,8 @@ lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID) LASSO_SAML_STATUS_CODE_REQUEST_DENIED); } - LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(LASSO_PROFILE(login)->response); + LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap( + LASSO_PROFILE(login)->response, NULL, NULL); return ret; } @@ -970,9 +967,10 @@ lasso_login_init_request(LassoLogin *login, gchar *response_msg, request->IssueInstant = lasso_get_current_time(); LASSO_SAMLP_REQUEST(request)->AssertionArtifact = artifact_b64; + request->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; + request->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; LASSO_PROFILE(login)->request = LASSO_NODE(request); - return ret; } diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 072c4394..a4384207 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -95,7 +95,7 @@ lasso_logout_build_request_msg(LassoLogout *logout) #endif /* build the logout request message */ profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request); + profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); } if (logout->initial_http_request_method == LASSO_HTTP_METHOD_REDIRECT) { /* build and optionaly sign the logout request QUERY message */ @@ -187,7 +187,7 @@ lasso_logout_build_response_msg(LassoLogout *logout) } profile->msg_url = NULL; - profile->msg_body = lasso_node_export_to_soap(profile->response); + profile->msg_body = lasso_node_export_to_soap(profile->response, NULL, NULL); break; case LASSO_HTTP_METHOD_REDIRECT: url = lasso_provider_get_metadata_one(provider, "SingleLogoutServiceReturnURL"); diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 6c9dc751..9b263ad1 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -60,7 +60,7 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp return -1; } - profile->msg_body = lasso_node_export_to_soap(profile->request); + profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); if (profile->msg_body == NULL) { message(G_LOG_LEVEL_CRITICAL, "Error building name identifier mapping request SOAP message"); @@ -100,7 +100,7 @@ lasso_name_identifier_mapping_build_response_msg(LassoNameIdentifierMapping *map } profile->msg_url = NULL; - profile->msg_body = lasso_node_export_to_soap(profile->response); + profile->msg_body = lasso_node_export_to_soap(profile->response, NULL, NULL); return 0; } diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index 9b9a42a0..0de68d03 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -75,7 +75,7 @@ lasso_name_registration_build_request_msg(LassoNameRegistration *name_registrati if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { /* XXX had call to lasso_samlp_request_abstract_sign_signature_tmpl */ profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request); + profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); } if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) { /* build and optionaly sign the query message and build the @@ -129,7 +129,7 @@ lasso_name_registration_build_response_msg(LassoNameRegistration *name_registrat if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { profile->msg_url = NULL; /* XXX ??? */ - profile->msg_body = lasso_node_export_to_soap(profile->response); + profile->msg_body = lasso_node_export_to_soap(profile->response, NULL, NULL); return 0; } if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) { diff --git a/lasso/xml/samlp_request_abstract.c b/lasso/xml/samlp_request_abstract.c index 0a33e3a6..2f1ad213 100644 --- a/lasso/xml/samlp_request_abstract.c +++ b/lasso/xml/samlp_request_abstract.c @@ -25,6 +25,9 @@ #include "errors.h" +#include <xmlsec/xmldsig.h> +#include <xmlsec/templates.h> + #include <lasso/xml/samlp_request_abstract.h> /* @@ -56,51 +59,6 @@ From oasis-sstc-saml-schema-assertion-1.0.xsd: static LassoNodeClass *parent_class = NULL; -#if 0 -gint -lasso_samlp_request_abstract_set_signature(LassoSamlpRequestAbstract *node, - gint sign_method, const xmlChar *private_key_file, const xmlChar *certificate_file) -{ - return 0; -} - -gint -lasso_samlp_request_abstract_set_signature_tmpl(LassoSamlpRequestAbstract *node, - lassoSignatureType sign_type, lassoSignatureMethod sign_method, - xmlChar *reference_id) -{ - LassoNodeClass *class; - - g_return_val_if_fail(LASSO_IS_SAMLP_REQUEST_ABSTRACT(node), - LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); - - class = LASSO_NODE_GET_CLASS(node); - - return class->add_signature_tmpl(LASSO_NODE (node), sign_type, sign_method, reference_id); -} - -gint -lasso_samlp_request_abstract_sign_signature_tmpl(LassoSamlpRequestAbstract *node, - const xmlChar *private_key_file, const xmlChar *certificate_file) -{ - LassoNodeClass *class; - gint result; - char t[10]; - - return 0; /* FIXME (signature is broken) */ - - g_return_val_if_fail(LASSO_IS_SAMLP_REQUEST_ABSTRACT(node), - LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); - - class = LASSO_NODE_GET_CLASS(node); - - result = class->sign_signature_tmpl(LASSO_NODE(node), private_key_file, certificate_file); - return result; - -} -#endif - - static gchar* build_query(LassoNode *node) { @@ -131,6 +89,37 @@ get_xmlNode(LassoNode *node) xmlSetProp(xmlnode, "MinorVersion", t); xmlSetProp(xmlnode, "IssueInstant", request->IssueInstant); + /* signature stuff */ + if (request->sign_type != LASSO_SIGNATURE_TYPE_NONE) { + xmlDoc *doc; + xmlNode *signature = NULL, *reference, *key_info; + char *uri; + + if (request->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) { + signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId, + xmlSecTransformRsaSha1Id, NULL); + } + if (request->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) { + signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, + xmlSecTransformDsaSha1Id, NULL); + } + /* get out if signature == NULL ? */ + xmlAddChild(xmlnode, signature); + + uri = g_strdup_printf("#%s", request->RequestID); + reference = xmlSecTmplSignatureAddReference(signature, + xmlSecTransformSha1Id, NULL, uri, NULL); + g_free(uri); + + /* add enveloped transform */ + xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId); + /* add <dsig:KeyInfo/> */ + key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); + if (request->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) { + xmlSecTmplKeyInfoAddX509Data(key_info); + } + } + return xmlnode; } @@ -185,6 +174,12 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) } +char* +get_sign_attr_name() +{ + return "RequestID"; +} + /*****************************************************************************/ /* instance and class init functions */ @@ -198,6 +193,7 @@ instance_init(LassoSamlpRequestAbstract *node) node->MajorVersion = 0; node->MinorVersion = 0; node->IssueInstant = NULL; + node->sign_type = LASSO_SIGNATURE_TYPE_NONE; } static void @@ -208,6 +204,7 @@ class_init(LassoSamlpRequestAbstractClass *klass) LASSO_NODE_CLASS(klass)->get_xmlNode = get_xmlNode; LASSO_NODE_CLASS(klass)->init_from_query = init_from_query; LASSO_NODE_CLASS(klass)->init_from_xml = init_from_xml; + LASSO_NODE_CLASS(klass)->get_sign_attr_name = get_sign_attr_name; } GType @@ -239,3 +236,4 @@ lasso_samlp_request_abstract_new() { return g_object_new(LASSO_TYPE_SAMLP_REQUEST_ABSTRACT, NULL); } + diff --git a/lasso/xml/samlp_request_abstract.h b/lasso/xml/samlp_request_abstract.h index d548500b..25d82320 100644 --- a/lasso/xml/samlp_request_abstract.h +++ b/lasso/xml/samlp_request_abstract.h @@ -55,6 +55,10 @@ struct _LassoSamlpRequestAbstract { int MinorVersion; /* <attribute name="IssueInstant" type="dateTime" use="required"/> */ char *IssueInstant; + + /* ds:Signature stuffs */ + lassoSignatureType sign_type; + lassoSignatureMethod sign_method; }; struct _LassoSamlpRequestAbstractClass { diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index e13655ea..72cb2054 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -159,26 +159,85 @@ lasso_node_export_to_query(LassoNode *node, /** * lasso_node_export_to_soap: * @node: a LassoNode + * @private_key_file: path to private key for signature + * @certificate_file: path to certificate for signature * * Like lasso_node_export() method except that result is SOAP enveloped. * * Return value: a SOAP enveloped export of the LassoNode **/ char* -lasso_node_export_to_soap(LassoNode *node) +lasso_node_export_to_soap(LassoNode *node, + const char *private_key_file, const char *certificate_file) { - xmlNode *envelope, *body; + xmlDoc *doc; + xmlNode *envelope, *body, *message, *sign_tmpl; xmlOutputBuffer *buf; xmlCharEncodingHandler *handler; + xmlSecDSigCtx *dsig_ctx; char *ret; + char *id_attr_name = NULL; g_return_val_if_fail (LASSO_IS_NODE(node), NULL); + message = lasso_node_get_xmlNode(node); + + sign_tmpl = xmlSecFindNode(message, xmlSecNodeSignature, xmlSecDSigNs); + if (sign_tmpl && private_key_file) { + doc = xmlNewDoc("1.0"); + xmlDocSetRootElement(doc, message); + xmlSetTreeDoc(sign_tmpl, doc); + if (LASSO_NODE_GET_CLASS(node)->get_sign_attr_name) + id_attr_name = LASSO_NODE_GET_CLASS(node)->get_sign_attr_name(); + if (id_attr_name) { + char *id_value = xmlGetProp(message, id_attr_name); + xmlAttr *id_attr = xmlHasProp(message, id_attr_name); + if (id_value) { + xmlAddID(NULL, doc, id_value, id_attr); + xmlFree(id_value); + } + } + + dsig_ctx = xmlSecDSigCtxCreate(NULL); + dsig_ctx->signKey = xmlSecCryptoAppKeyLoad(private_key_file, + xmlSecKeyDataFormatPem, + NULL, NULL, NULL); + if (dsig_ctx->signKey == NULL) { + /* XXX: file existence should actually be tested on + * LassoServer creation */ + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED), + private_key_file); + xmlSecDSigCtxDestroy(dsig_ctx); + return NULL; + } + if (certificate_file != NULL && certificate_file[0] != 0) { + if (xmlSecCryptoAppKeyCertLoad(dsig_ctx->signKey, certificate_file, + xmlSecKeyDataFormatPem) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED), + certificate_file); + xmlSecDSigCtxDestroy(dsig_ctx); + return NULL; + } + } + if (xmlSecDSigCtxSign(dsig_ctx, sign_tmpl) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_FAILED), + message->name); + xmlSecDSigCtxDestroy(dsig_ctx); + return NULL; + } + xmlSecDSigCtxDestroy(dsig_ctx); + xmlUnlinkNode(message); + xmlFreeDoc(doc); + } + envelope = xmlNewNode(NULL, "Envelope"); xmlSetNs(envelope, xmlNewNs(envelope, LASSO_SOAP_ENV_HREF, LASSO_SOAP_ENV_PREFIX)); body = xmlNewTextChild(envelope, NULL, "Body", NULL); - xmlAddChild(body, lasso_node_get_xmlNode(node)); + xmlAddChild(body, message); handler = xmlFindCharEncodingHandler("utf-8"); buf = xmlAllocOutputBuffer(handler); @@ -240,7 +299,7 @@ lasso_node_verify_signature(LassoNode *node, const char *public_key_file, const char *ca_cert_chain_file) { return 0; -#if 0 /* XXX: signature should be verified in relevant nodes */ +#if 0 /* XXX: signature should be verified when importing request */ xmlDocPtr doc = NULL; xmlNodePtr xmlNode = NULL; xmlNodePtr signature = NULL; @@ -405,122 +464,6 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) /*** private methods **********************************************************/ -#if 0 /* XXX: signature stuff done differently */ -static gint -lasso_node_impl_add_signature(LassoNode *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file) -{ - gint ret = 0; - - g_return_val_if_fail (private_key_file != NULL, - LASSO_PARAM_ERROR_INVALID_VALUE); - - if (certificate_file != NULL) { - ret = lasso_node_add_signature_tmpl(node, LASSO_SIGNATURE_TYPE_WITHX509, sign_method, 0); - } - else { - ret = lasso_node_add_signature_tmpl(node, LASSO_SIGNATURE_TYPE_SIMPLE, sign_method, 0); - } - if (ret == 0) { - ret = lasso_node_sign_signature_tmpl(node, private_key_file, certificate_file); - } - - return ret; -} -#endif - -#if 0 /* XXX: signature_tmpl are hopefully unnecessary now */ -static gint -lasso_node_impl_add_signature_tmpl(LassoNode *node, - lassoSignatureType sign_type, - lassoSignatureMethod sign_method, - xmlChar *reference_uri) -{ - LassoNode *sign_node; - xmlDocPtr doc; - xmlNodePtr signature, reference, key_info; - char *uri; - - g_return_val_if_fail(sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1 || \ - sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1, - LASSO_PARAM_ERROR_INVALID_VALUE); - - doc = xmlNewDoc("1.0"); - xmlAddChild((xmlNodePtr)doc, lasso_node_get_xmlNode(node)); - - switch (sign_method) { - case LASSO_SIGNATURE_METHOD_RSA_SHA1: - signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, - xmlSecTransformRsaSha1Id, NULL); - break; - case LASSO_SIGNATURE_METHOD_DSA_SHA1: - signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, - xmlSecTransformDsaSha1Id, NULL); - break; - default: - signature = NULL; - } - - if (signature == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Failed to create signature template\n"); - return LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED; - } - - if (reference_uri != NULL) { - uri = g_strdup_printf("#%s", reference_uri); - } - else { - uri = NULL; - } - reference = xmlSecTmplSignatureAddReference(signature, - xmlSecTransformSha1Id, - NULL, uri, NULL); - g_free(uri); - - if (reference == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Failed to add reference to signature template\n"); - xmlFreeNode(signature); - return LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED; - } - - /* add enveloped transform */ - if (xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId) == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Failed to add enveloped transform to reference\n"); - xmlFreeNode(signature); - return LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED; - } - - /* add <dsig:KeyInfo/> */ - key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); - if (key_info == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Failed to add key info\n"); - xmlFreeNode(signature); - return LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED; - } - - /* add <dsig:X509Data/> */ - if (sign_type == LASSO_SIGNATURE_TYPE_WITHX509) { - if (xmlSecTmplKeyInfoAddX509Data(key_info) == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Failed to add X509Data node\n"); - xmlFreeNode(signature); - return LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED; - } - } - - sign_node = lasso_node_new(); - lasso_node_set_xmlNode(sign_node, signature); - lasso_node_add_child(node, sign_node, TRUE); - lasso_node_destroy(sign_node); - - /* xmlUnlinkNode(lasso_node_get_xmlNode(node)); */ - /* xmlFreeDoc(doc); */ - - return 0; -} -#endif - static char* lasso_node_impl_build_query(LassoNode *node) { @@ -528,79 +471,6 @@ lasso_node_impl_build_query(LassoNode *node) return NULL; } - -#if 0 /* probably no longer necessary with the move to structures */ -gint -lasso_node_impl_sign_signature_tmpl(LassoNode *node, - const xmlChar *private_key_file, - const xmlChar *certificate_file) -{ - xmlDocPtr doc; - xmlNodePtr signature_tmpl; - xmlSecDSigCtxPtr dsig_ctx; - gint ret = 0; - xmlNode *xmlnode; - - g_return_val_if_fail(private_key_file != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); - - doc = xmlNewDoc("1.0"); - xmlnode = lasso_node_get_xmlNode(node); - xmlAddChild((xmlNodePtr)doc, xmlnode); - signature_tmpl = xmlSecFindNode(xmlnode, xmlSecNodeSignature, xmlSecDSigNs); - if (signature_tmpl == NULL) { - /* it had no signature_tmpl; we add it one now */ - } - - /* create signature context */ - dsig_ctx = xmlSecDSigCtxCreate(NULL); - if (dsig_ctx == NULL) { - message(G_LOG_LEVEL_CRITICAL, - lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED)); - return LASSO_DS_ERROR_CONTEXT_CREATION_FAILED; - } - - /* load private key, assuming that there is not password */ - dsig_ctx->signKey = xmlSecCryptoAppKeyLoad(private_key_file, - xmlSecKeyDataFormatPem, - NULL, NULL, NULL); - if (dsig_ctx->signKey == NULL) { - message(G_LOG_LEVEL_CRITICAL, - lasso_strerror(LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED), - private_key_file); - ret = LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED; - goto done; - } - - /* load certificate and add to the key */ - if (certificate_file != NULL) { - if (xmlSecCryptoAppKeyCertLoad(dsig_ctx->signKey, certificate_file, - xmlSecKeyDataFormatPem) < 0) { - message(G_LOG_LEVEL_CRITICAL, - lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED), - certificate_file); - ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED; - goto done; - } - } - - /* sign the template */ - if (xmlSecDSigCtxSign(dsig_ctx, signature_tmpl) < 0) { - message(G_LOG_LEVEL_CRITICAL, - lasso_strerror(LASSO_DS_ERROR_SIGNATURE_FAILED), - node->private->node->name); - ret = LASSO_DS_ERROR_SIGNATURE_FAILED; - } - - done: - xmlSecDSigCtxDestroy(dsig_ctx); - /* FIXME */ - /* xmlUnlinkNode(lasso_node_get_xmlNode(node)); */ - /* xmlFreeDoc(doc); */ - - return ret; -} -#endif - /*****************************************************************************/ /* overrided parent class methods */ /*****************************************************************************/ @@ -634,6 +504,7 @@ class_init(LassoNodeClass *class) class->destroy = lasso_node_impl_destroy; class->init_from_query = lasso_node_impl_init_from_query; class->init_from_xml = lasso_node_impl_init_from_xml; + class->get_sign_attr_name = NULL; /* virtual private methods */ class->build_query = lasso_node_impl_build_query; diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h index f1124e6c..8f89d67b 100644 --- a/lasso/xml/xml.h +++ b/lasso/xml/xml.h @@ -74,6 +74,8 @@ struct _LassoNodeClass { void (* init_from_query) (LassoNode *node, char **query_fields); void (* init_from_xml) (LassoNode *node, xmlNode *xmlnode); xmlNode* (* get_xmlNode) (LassoNode *node); + + char* (* get_sign_attr_name) (); }; LASSO_EXPORT GType lasso_node_get_type(void); @@ -90,7 +92,8 @@ LASSO_EXPORT char* lasso_node_build_query(LassoNode *node); LASSO_EXPORT char* lasso_node_export_to_base64(LassoNode *node); LASSO_EXPORT char* lasso_node_export_to_query(LassoNode *node, lassoSignatureMethod sign_method, const char *private_key_file); -LASSO_EXPORT char* lasso_node_export_to_soap(LassoNode *node); +LASSO_EXPORT char* lasso_node_export_to_soap(LassoNode *node, + const char *private_key_file, const char *certificate_file); LASSO_EXPORT xmlNode* lasso_node_get_xmlNode(LassoNode *node); |