From 851e653728688d7ba38c2fc74bd37ff626eb1aa0 Mon Sep 17 00:00:00 2001 From: Valery Febvre Date: Thu, 19 Aug 2004 12:51:25 +0000 Subject: Splited lasso_node_verify_signature() (LassoNode class) in 2 methods: lasso_node_verify_signature(), lasso_node_verify_x509_signature() Added 2 private methods in LassoNode: add_signature_tmpl(), sign_signature_tmpl(), Removed 'err' param in all methods for signing --- lasso/id-ff/federation_termination.c | 3 +- lasso/id-ff/login.c | 151 ++++++---- lasso/id-ff/login.h | 4 +- lasso/id-ff/logout.c | 16 +- lasso/id-ff/register_name_identifier.c | 3 +- lasso/xml/saml_assertion.c | 25 +- lasso/xml/saml_assertion.h | 3 +- lasso/xml/xml.c | 518 ++++++++++++++++++++++++--------- lasso/xml/xml.h | 234 ++++++++------- 9 files changed, 615 insertions(+), 342 deletions(-) (limited to 'lasso') diff --git a/lasso/id-ff/federation_termination.c b/lasso/id-ff/federation_termination.c index fd14f79d..c8f2b3d1 100644 --- a/lasso/id-ff/federation_termination.c +++ b/lasso/id-ff/federation_termination.c @@ -94,8 +94,7 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request), profile->server->signature_method, profile->server->private_key, - profile->server->certificate, - NULL); + profile->server->certificate); } /* build the message */ diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index f1b77d2f..b145f200 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -29,12 +29,12 @@ #include -#include - #include #include #include +#include + static GObjectClass *parent_class = NULL; struct _LassoLoginPrivate @@ -168,11 +168,11 @@ lasso_login_add_response_assertion(LassoLogin *login, } /* FIXME : How to know if the assertion must be signed or unsigned ? */ + /* signature should be added at end */ ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), LASSO_PROFILE(login)->server->signature_method, LASSO_PROFILE(login)->server->private_key, - LASSO_PROFILE(login)->server->certificate, - &err); + LASSO_PROFILE(login)->server->certificate); if (ret == 0) { lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE(login)->response), assertion); @@ -185,11 +185,6 @@ lasso_login_add_response_assertion(LassoLogin *login, LASSO_PROFILE(login)->remote_providerID, assertion); } - else { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_error_free(err); - } done: lasso_node_destroy(as); @@ -209,7 +204,7 @@ lasso_login_process_federation(LassoLogin *login) g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); - /* verify if a identity exists else create it */ + /* verify if an identity exists else create it */ if (LASSO_PROFILE(login)->identity == NULL) { LASSO_PROFILE(login)->identity = lasso_identity_new(); } @@ -265,7 +260,7 @@ lasso_login_process_federation(LassoLogin *login) federation); } else { - debug("Ok, an federation was found.\n"); + debug("Ok, a federation was found.\n"); } } else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) { @@ -293,7 +288,7 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) { assertion = lasso_node_get_child(LASSO_PROFILE(login)->response, "Assertion", - lassoLibHRef, + NULL, /* lassoLibHRef, comment for SourceID */ &err); if (assertion != NULL) { @@ -302,18 +297,10 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) { &err); /* verify signature */ if (idp != NULL) { - if (idp->ca_certificate != NULL) { - signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate, &err); - if (signature_check < 0) { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_clear_error(&err); - /* we continue */ - } - } - else { - message(G_LOG_LEVEL_CRITICAL, "Failed to verify Response signature, Idp CA certificate is NULL\n"); - ret = -1; + /* FIXME detect X509Data ? */ + /* signature_check = lasso_node_verify_x509_signature(assertion, idp->ca_certificate); */ + ret = lasso_node_verify_signature(assertion, idp->public_key); + if (ret < 0) { goto done; } } @@ -378,6 +365,17 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) { /* public methods */ /*****************************************************************************/ +/** + * lasso_login_accept_sso: + * @login: a LassoLogin + * + * Gets the assertion of the response and adds it into the session. + * Builds a federation with the 2 name identifiers of the assertion + * and adds it into the identity. + * If the session or the identity are NULL, they are created. + * + * Return value: 0 on success and a negative value otherwise. + **/ gint lasso_login_accept_sso(LassoLogin *login) { @@ -387,6 +385,7 @@ lasso_login_accept_sso(LassoLogin *login) LassoNode *copy_idpProvidedNameIdentifier = NULL; LassoFederation *federation = NULL; gint ret = 0; + GError *err = NULL; g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); @@ -399,32 +398,35 @@ lasso_login_accept_sso(LassoLogin *login) if (LASSO_PROFILE(login)->response != NULL) { assertion = lasso_node_get_child(LASSO_PROFILE(login)->response, - "Assertion", lassoLibHRef, NULL); + "Assertion", lassoLibHRef, &err); if (assertion == NULL) { - message(G_LOG_LEVEL_CRITICAL, "Assertion element not found in response.\n"); - ret = -2; + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); goto done; } - /* put response assertion in identity object */ + /* put response assertion in session object */ lasso_session_add_assertion(LASSO_PROFILE(login)->session, LASSO_PROFILE(login)->remote_providerID, assertion); /* put the 2 NameIdentifiers in identity object */ nameIdentifier = lasso_node_get_child(assertion, "NameIdentifier", - lassoSamlAssertionHRef, NULL); + lassoSamlAssertionHRef, &err); if (nameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "NameIdentifier element not found in assertion.\n"); - ret = -3; + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); goto done; } idpProvidedNameIdentifier = lasso_node_get_child(assertion, "IDPProvidedNameIdentifier", - lassoLibHRef, NULL); + lassoLibHRef, &err); if (idpProvidedNameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, "IDPProvidedNameIdentifier element not found in assertion.\n"); - ret = -4; + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); goto done; } copy_idpProvidedNameIdentifier = lasso_node_copy(idpProvidedNameIdentifier); @@ -456,9 +458,24 @@ lasso_login_accept_sso(LassoLogin *login) return (ret); } +/** + * lasso_login_build_artifact_msg: + * @login: a LassoLogin + * @authentication_result: the authentication result + * @authenticationMethod: the authentication method + * @reauthenticateOnOrAfter: the time at, or after which the service provider + * reauthenticates the Principal with the identity provider + * @method: the HTTP method to send the artifact (REDIRECT or POST) + * + * Builds an artifact. Depending of the HTTP method, the data for the sending of + * the artifact are stored in login->msg_url (REDIRECT) or login->msg_url, + * login->msg_body and login->msg_relayState (POST). + * + * Return value: 0 on success and a negative value otherwise. + **/ gint lasso_login_build_artifact_msg(LassoLogin *login, - gint authentication_result, + gboolean authentication_result, const gchar *authenticationMethod, const gchar *reauthenticateOnOrAfter, lassoHttpMethod method) @@ -554,6 +571,18 @@ lasso_login_build_artifact_msg(LassoLogin *login, return (0); } +/** + * lasso_login_build_authn_request_msg: + * @login: a LassoLogin + * @remote_providerID: the providerID of the identity provider + * + * Builds an authentication request. Depending of the SSO protocol profile of + * the identity provider (defined in metadata file), the data for the sending of + * the request are stored in login->msg_url (GET) or login->msg_url and + * login->msg_body (POST). + * + * Return value: 0 on success and a negative value otherwise. + **/ gint lasso_login_build_authn_request_msg(LassoLogin *login, const gchar *remote_providerID) @@ -646,19 +675,13 @@ lasso_login_build_authn_request_msg(LassoLogin *login, else if (xmlStrEqual(request_protocolProfile, lassoLibProtocolProfileSSOPost)) { /* POST -> formular */ if (must_sign) { - lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request), - LASSO_PROFILE(login)->server->signature_method, - LASSO_PROFILE(login)->server->private_key, - LASSO_PROFILE(login)->server->certificate, - &err); + ret = lasso_samlp_request_abstract_sign_signature_tmpl(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request), + LASSO_PROFILE(login)->server->private_key, + LASSO_PROFILE(login)->server->certificate); } - if (err != NULL) { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_error_free(err); + if (ret < 0) { goto done; } - printf("%s\n", lasso_node_export(LASSO_PROFILE(login)->request)); lareq = lasso_node_export_to_base64(LASSO_PROFILE(login)->request); if (lareq != NULL) { LASSO_PROFILE(login)->msg_url = g_strdup(url); @@ -680,9 +703,22 @@ lasso_login_build_authn_request_msg(LassoLogin *login, return (ret); } +/** + * lasso_login_build_authn_response_msg: + * @login: a LassoLogin + * @authentication_result: the authentication result + * @authenticationMethod: the authentication method + * @reauthenticateOnOrAfter: the time at, or after which the service provider + * reauthenticates the Principal with the identity provider + * + * Builds an authentication response. The data for the sending of the response + * are stored in login->msg_url and login->msg_body. + * + * Return value: 0 on success and a negative value otherwise. + **/ gint lasso_login_build_authn_response_msg(LassoLogin *login, - gint authentication_result, + gboolean authentication_result, const gchar *authenticationMethod, const gchar *reauthenticateOnOrAfter) { @@ -738,14 +774,9 @@ lasso_login_build_request_msg(LassoLogin *login) g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); /* sign request */ - lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request), - LASSO_PROFILE(login)->server->signature_method, - LASSO_PROFILE(login)->server->private_key, - LASSO_PROFILE(login)->server->certificate, - &err); - if (err != NULL) { - goto done; - } + ret= lasso_samlp_request_abstract_sign_signature_tmpl(LASSO_SAMLP_REQUEST_ABSTRACT(LASSO_PROFILE(login)->request), + LASSO_PROFILE(login)->server->private_key, + LASSO_PROFILE(login)->server->certificate); LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(LASSO_PROFILE(login)->request); /* get msg_url (SOAP Endpoint) */ @@ -805,11 +836,13 @@ lasso_login_dump(LassoLogin *login) } gint -lasso_login_init_authn_request(LassoLogin *login) +lasso_login_init_authn_request(LassoLogin *login) { g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); - LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID); + LASSO_PROFILE(login)->request = lasso_authn_request_new(LASSO_PROFILE(login)->server->providerID, + lassoSignatureTypeNone, + 0); LASSO_PROFILE(login)->request_type = lassoMessageTypeAuthnRequest; if (LASSO_PROFILE(login)->request == NULL) { @@ -931,9 +964,11 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login, LASSO_PROFILE(login)->server->private_key); break; case lassoHttpMethodPost: + /* FIXME detect X509Data ? */ + /* ret = lasso_node_verify_x509_signature(LASSO_PROFILE(login)->request, */ + /* remote_provider->ca_certificate); */ ret = lasso_node_verify_signature(LASSO_PROFILE(login)->request, - remote_provider->ca_certificate, - NULL); + remote_provider->public_key); break; } diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h index e1964c9d..0700c3a5 100644 --- a/lasso/id-ff/login.h +++ b/lasso/id-ff/login.h @@ -79,7 +79,7 @@ LASSO_EXPORT LassoLogin* lasso_login_new_from_dump (Lasso LASSO_EXPORT gint lasso_login_accept_sso (LassoLogin *login); LASSO_EXPORT gint lasso_login_build_artifact_msg (LassoLogin *login, - gint authentication_result, + gboolean authentication_result, const gchar *authenticationMethod, const gchar *reauthenticateOnOrAfter, lassoHttpMethod method); @@ -88,7 +88,7 @@ LASSO_EXPORT gint lasso_login_build_authn_request_msg (Lasso const gchar *remote_providerID); LASSO_EXPORT gint lasso_login_build_authn_response_msg (LassoLogin *login, - gint authentication_result, + gboolean authentication_result, const gchar *authenticationMethod, const gchar *reauthenticateOnOrAfter); diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 463868b8..c79294bd 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -121,8 +121,7 @@ lasso_logout_build_request_msg(LassoLogout *logout) lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request), profile->server->signature_method, profile->server->private_key, - profile->server->certificate, - NULL); + profile->server->certificate); } /* build the logout request message */ @@ -209,8 +208,7 @@ lasso_logout_build_response_msg(LassoLogout *logout) lasso_samlp_response_abstract_set_signature(LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response), profile->server->signature_method, profile->server->private_key, - profile->server->certificate, - NULL); + profile->server->certificate); } /* build the logout response messsage */ @@ -424,7 +422,7 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, LassoProfile *profile; LassoProvider *provider; gchar *remote_providerID; - gint signature_check, ret = 0; + gint ret = 0; GError *err = NULL; g_return_val_if_fail(LASSO_IS_LOGOUT(logout), -1); @@ -454,12 +452,8 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, goto done; } if (provider->ca_certificate != NULL) { - signature_check = lasso_node_verify_signature(profile->request, provider->ca_certificate, &err); - if (signature_check < 0) { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_clear_error(&err); - } + ret = lasso_node_verify_x509_signature(profile->request, provider->ca_certificate); + /* ret = lasso_node_verify_signature(profile->request, provider->public_key); */ } break; case lassoHttpMethodRedirect: diff --git a/lasso/id-ff/register_name_identifier.c b/lasso/id-ff/register_name_identifier.c index f54b52b9..33d5225c 100644 --- a/lasso/id-ff/register_name_identifier.c +++ b/lasso/id-ff/register_name_identifier.c @@ -108,8 +108,7 @@ lasso_register_name_identifier_build_request_msg(LassoRegisterNameIdentifier *re lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request), profile->server->signature_method, profile->server->private_key, - profile->server->certificate, - NULL); + profile->server->certificate); /* build the registration request message */ profile->msg_url = lasso_provider_get_soapEndpoint(provider, diff --git a/lasso/xml/saml_assertion.c b/lasso/xml/saml_assertion.c index 43708e33..581410c8 100644 --- a/lasso/xml/saml_assertion.c +++ b/lasso/xml/saml_assertion.c @@ -260,35 +260,18 @@ gint lasso_saml_assertion_set_signature(LassoSamlAssertion *node, gint sign_method, const xmlChar *private_key_file, - const xmlChar *certificate_file, - GError **err) + const xmlChar *certificate_file) { gint ret; - GError *tmp_err = NULL; LassoNodeClass *class; - if (err != NULL && *err != NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_ERR_CHECK_FAILED, - lasso_strerror(LASSO_PARAM_ERROR_ERR_CHECK_FAILED)); - g_return_val_if_fail (err == NULL || *err == NULL, - LASSO_PARAM_ERROR_ERR_CHECK_FAILED); - } - if (LASSO_IS_SAML_ASSERTION(node) == FALSE) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ, - lasso_strerror(LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ)); - g_return_val_if_fail(LASSO_IS_SAML_ASSERTION(node), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); - } + g_return_val_if_fail(LASSO_IS_SAML_ASSERTION(node), + LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); class = LASSO_NODE_GET_CLASS(node); ret = class->add_signature(LASSO_NODE (node), sign_method, - private_key_file, certificate_file, &tmp_err); - if (ret < 0) { - g_propagate_error (err, tmp_err); - } + private_key_file, certificate_file); return (ret); } diff --git a/lasso/xml/saml_assertion.h b/lasso/xml/saml_assertion.h index 4ee3e4d6..6f1a1d6c 100644 --- a/lasso/xml/saml_assertion.h +++ b/lasso/xml/saml_assertion.h @@ -93,8 +93,7 @@ LASSO_EXPORT void lasso_saml_assertion_set_minorVersion (LassoSamlAss LASSO_EXPORT gint lasso_saml_assertion_set_signature (LassoSamlAssertion *node, gint sign_method, const xmlChar *private_key_file, - const xmlChar *certificate_file, - GError **err); + const xmlChar *certificate_file); #ifdef __cplusplus } diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index 09b9d491..6644af1a 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -33,7 +33,6 @@ #include #include -#include struct _LassoNodePrivate { @@ -473,37 +472,51 @@ lasso_node_rename_prop(LassoNode *node, /** * lasso_node_verify_signature: * @node: a LassoNode - * @certificate_file: a certificate + * @public_key_file: the public key * @err: return location for an allocated GError, or NULL to ignore errors * * Verifys the node signature. * - * Return value: 1 if signature is valid, 0 if invalid. -1 if an error occurs. + * Return value: 1 if signature is valid, 0 if invalid or a negative value + * if an error occurs. **/ gint -lasso_node_verify_signature(LassoNode *node, - const gchar *certificate_file, - GError **err) +lasso_node_verify_signature(LassoNode *node, + const gchar *public_key_file) { LassoNodeClass *class; - if (err != NULL && *err != NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_ERR_CHECK_FAILED, - lasso_strerror(LASSO_PARAM_ERROR_ERR_CHECK_FAILED)); - g_return_val_if_fail (err == NULL || *err == NULL, - LASSO_PARAM_ERROR_ERR_CHECK_FAILED); - } - if (LASSO_IS_NODE(node) == FALSE) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ, - lasso_strerror(LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ)); - g_return_val_if_fail(LASSO_IS_NODE(node), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); - } + + g_return_val_if_fail(LASSO_IS_NODE(node), + LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); + /* don't check @public_key_file here, it's checked in impl method */ + + class = LASSO_NODE_GET_CLASS(node); + return (class->verify_signature(node, public_key_file)); +} + +/** + * lasso_node_verify_x509_signature: + * @node: a LassoNode + * @ca_certificate_file: the trusted certificate + * @err: return location for an allocated GError, or NULL to ignore errors + * + * Verifys the node signature with X509 certificate. + * + * Return value: 1 if signature is valid, 0 if invalid or a negative value + * if an error occurs. + **/ +gint +lasso_node_verify_x509_signature(LassoNode *node, + const gchar *ca_certificate_file) +{ + LassoNodeClass *class; + + g_return_val_if_fail(LASSO_IS_NODE(node), + LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); /* don't check @certificate_file here, it's checked in impl method */ class = LASSO_NODE_GET_CLASS(node); - return (class->verify_signature(node, certificate_file, err)); + return (class->verify_x509_signature(node, ca_certificate_file)); } /*****************************************************************************/ @@ -523,33 +536,35 @@ lasso_node_add_child(LassoNode *node, } static gint -lasso_node_add_signature(LassoNode *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file, - GError **err) +lasso_node_add_signature(LassoNode *node, + gint sign_method, + const xmlChar *private_key_file, + const xmlChar *certificate_file) { LassoNodeClass *class; - if (err != NULL && *err != NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_ERR_CHECK_FAILED, - lasso_strerror(LASSO_PARAM_ERROR_ERR_CHECK_FAILED)); - g_return_val_if_fail (err == NULL || *err == NULL, - LASSO_PARAM_ERROR_ERR_CHECK_FAILED); - } - if (LASSO_IS_NODE(node) == FALSE) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ, - lasso_strerror(LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ)); - g_return_val_if_fail(LASSO_IS_NODE(node), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); - } + + g_return_val_if_fail(LASSO_IS_NODE(node), + LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); /* don't check @private_key_file and @certificate_file here, it's checked in impl method */ class = LASSO_NODE_GET_CLASS(node); return (class->add_signature(node, sign_method, private_key_file, - certificate_file, err)); + certificate_file)); +} + +static gint +lasso_node_add_signature_tmpl(LassoNode *node, + lassoSignatureType sign_type, + lassoSignatureMethod sign_method) +{ + LassoNodeClass *class; + + g_return_val_if_fail(LASSO_IS_NODE(node), + LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); + + class = LASSO_NODE_GET_CLASS(node); + return (class->add_signature_tmpl(node, sign_type, sign_method)); } static gchar * @@ -654,6 +669,22 @@ lasso_node_set_xmlNode(LassoNode *node, class->set_xmlNode(node, libxml_node); } +static gint +lasso_node_sign_signature_tmpl(LassoNode *node, + const xmlChar *private_key_file, + const xmlChar *certificate_file) +{ + LassoNodeClass *class; + + g_return_val_if_fail(LASSO_IS_NODE(node), + LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ); + /* don't check @private_key_file and @certificate_file here, + it's checked in impl method */ + + class = LASSO_NODE_GET_CLASS(node); + class->sign_signature_tmpl(node, private_key_file, certificate_file); +} + /*****************************************************************************/ /* implementation methods */ /*****************************************************************************/ @@ -1102,39 +1133,128 @@ lasso_node_impl_rename_prop(LassoNode *node, } static gint -lasso_node_impl_verify_signature(LassoNode *node, - const gchar *certificate_file, - GError **err) +lasso_node_impl_verify_signature(LassoNode *node, + const gchar *public_key_file) { xmlDocPtr doc = NULL; - xmlNodePtr xmlNode_copy = NULL; + xmlNodePtr xmlNode = NULL; xmlNodePtr signature = NULL; - xmlSecKeysMngrPtr mngr = NULL; xmlSecDSigCtxPtr dsigCtx = NULL; + xmlIDPtr id; + xmlAttrPtr id_attr; + xmlChar *id_value; gint ret = 0; - if (certificate_file == NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_INVALID_VALUE, - lasso_strerror(LASSO_PARAM_ERROR_INVALID_VALUE)); - g_return_val_if_fail(certificate_file != NULL, -2); - } + g_return_val_if_fail(public_key_file != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); doc = xmlNewDoc("1.0"); + xmlNode = xmlCopyNode(lasso_node_get_xmlNode(node), 1); + xmlAddChild((xmlNodePtr)doc, xmlNode); - /* create a copy of the xmlNode (node->private->node) of @node */ - xmlNode_copy = xmlCopyNode(lasso_node_get_xmlNode(node), 1); + /* FIXME : register 'AssertionID' ID attribute manually */ + id_attr = lasso_node_get_attr(node, "AssertionID", NULL); + if (id_attr != NULL) { + id_value = xmlNodeListGetString(doc, id_attr->children, 1); + id = xmlAddID(NULL, doc, id_value, id_attr); + xmlFree(id_value); + } - /* we must associate the xmlNode with an xmlDoc !!! */ - xmlAddChild((xmlNodePtr)doc, xmlNode_copy); + /* find start node */ + signature = xmlSecFindNode(xmlNode, xmlSecNodeSignature, + xmlSecDSigNs); + if (signature == NULL) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_NOTFOUND), + node->private->node->name); + ret = LASSO_DS_ERROR_SIGNATURE_NOTFOUND; + goto done; + } + + /* create signature context */ + dsigCtx = xmlSecDSigCtxCreate(NULL); + if (dsigCtx == NULL) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED)); + ret = LASSO_DS_ERROR_CONTEXT_CREATION_FAILED; + goto done; + } + + /* load public key */ + dsigCtx->signKey = xmlSecCryptoAppKeyLoad(public_key_file, + xmlSecKeyDataFormatPem, + NULL, NULL, NULL); + if(dsigCtx->signKey == NULL) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED), + public_key_file); + ret = LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED; + goto done; + } + + /* verify signature */ + if (xmlSecDSigCtxVerify(dsigCtx, signature) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED), + node->private->node->name); + ret = LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED; + goto done; + } + + if (dsigCtx->status == xmlSecDSigStatusSucceeded) { + ret = 0; + } + else { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_INVALID_SIGNATURE), + node->private->node->name); + ret = LASSO_DS_ERROR_INVALID_SIGNATURE; + } + + done: + /* cleanup */ + if(dsigCtx != NULL) { + xmlSecDSigCtxDestroy(dsigCtx); + } + xmlFreeDoc(doc); + return (ret); +} + +static gint +lasso_node_impl_verify_x509_signature(LassoNode *node, + const gchar *ca_certificate_file) +{ + xmlDocPtr doc = NULL; + xmlNodePtr xmlNode = NULL; + xmlNodePtr signature = NULL; + xmlSecKeysMngrPtr mngr = NULL; + xmlSecDSigCtxPtr dsigCtx = NULL; + xmlIDPtr id; + xmlAttrPtr id_attr; + xmlChar *id_value; + gint ret = 0; + + g_return_val_if_fail(ca_certificate_file != NULL, + LASSO_PARAM_ERROR_INVALID_VALUE); + + doc = xmlNewDoc("1.0"); + xmlNode = xmlCopyNode(lasso_node_get_xmlNode(node), 1); + xmlAddChild((xmlNodePtr)doc, xmlNode); + + /* FIXME: register 'AssertionID' ID attribute manually */ + id_attr = lasso_node_get_attr(node, "AssertionID", NULL); + if (id_attr != NULL) { + id_value = xmlNodeListGetString(doc, id_attr->children, 1); + id = xmlAddID(NULL, doc, id_value, id_attr); + xmlFree(id_value); + } /* find start node */ - signature = xmlSecFindNode(xmlNode_copy, xmlSecNodeSignature, + signature = xmlSecFindNode(xmlNode, xmlSecNodeSignature, xmlSecDSigNs); if (signature == NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_SIGNATURE_NOTFOUND, - lasso_strerror(LASSO_DS_ERROR_SIGNATURE_NOTFOUND)); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_NOTFOUND), + node->private->node->name); ret = LASSO_DS_ERROR_SIGNATURE_NOTFOUND; goto done; } @@ -1142,29 +1262,26 @@ lasso_node_impl_verify_signature(LassoNode *node, /* create simple keys mngr */ mngr = xmlSecKeysMngrCreate(); if (mngr == NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED, - lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED)); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED)); ret = LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED; goto done; } if (xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED, - lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED)); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED)); ret = LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED; goto done; } /* load trusted cert */ - if (xmlSecCryptoAppKeysMngrCertLoad(mngr, certificate_file, + if (xmlSecCryptoAppKeysMngrCertLoad(mngr, ca_certificate_file, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED, - lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED), - certificate_file); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED), + ca_certificate_file); ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED; goto done; } @@ -1172,18 +1289,17 @@ lasso_node_impl_verify_signature(LassoNode *node, /* create signature context */ dsigCtx = xmlSecDSigCtxCreate(mngr); if (dsigCtx == NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_CONTEXT_CREATION_FAILED, - lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED)); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED)); ret = LASSO_DS_ERROR_CONTEXT_CREATION_FAILED; goto done; } /* verify signature */ if (xmlSecDSigCtxVerify(dsigCtx, signature) < 0) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED, - lasso_strerror(LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED)); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED), + node->private->node->name); ret = LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED; goto done; } @@ -1192,10 +1308,9 @@ lasso_node_impl_verify_signature(LassoNode *node, ret = 0; } else { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_DS_ERROR_INVALID_SIGNATURE, - lasso_strerror(LASSO_DS_ERROR_INVALID_SIGNATURE), - node->private->node->name); + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_INVALID_SIGNATURE), + node->private->node->name); ret = LASSO_DS_ERROR_INVALID_SIGNATURE; } @@ -1246,44 +1361,109 @@ lasso_node_impl_add_child(LassoNode *node, } static gint -lasso_node_impl_add_signature(LassoNode *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file, - GError **err) +lasso_node_impl_add_signature(LassoNode *node, + gint sign_method, + const xmlChar *private_key_file, + const xmlChar *certificate_file) { - LassoNode *signature = NULL; gint ret = 0; - GError *tmp_err = NULL; - /* don't chech private_key_file and certificate_file here - done in lasso_ds_signature_sign() */ + g_return_val_if_fail (private_key_file != NULL, + LASSO_PARAM_ERROR_INVALID_VALUE); + + if (certificate_file != NULL) { + ret = lasso_node_add_signature_tmpl(node, lassoSignatureTypeWithX509, sign_method); + } + else { + ret = lasso_node_add_signature_tmpl(node, lassoSignatureTypeSimple, sign_method); + } + if (ret == 0) { + ret = lasso_node_sign_signature_tmpl(node, private_key_file, certificate_file); + } + + return (ret); +} + +static gint +lasso_node_impl_add_signature_tmpl(LassoNode *node, + lassoSignatureType sign_type, + lassoSignatureMethod sign_method) +{ + LassoNode *sign_node; + xmlDocPtr doc; + xmlNodePtr signature, reference, key_info; + + g_return_val_if_fail(sign_method == lassoSignatureMethodRsaSha1 || \ + sign_method == lassoSignatureMethodDsaSha1, + LASSO_PARAM_ERROR_INVALID_VALUE); + + doc = xmlNewDoc("1.0"); + xmlAddChild((xmlNodePtr)doc, lasso_node_get_xmlNode(node)); switch (sign_method) { case lassoSignatureMethodRsaSha1: - signature = lasso_ds_signature_new(node, xmlSecTransformRsaSha1Id); + signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, + xmlSecTransformRsaSha1Id, NULL); break; case lassoSignatureMethodDsaSha1: - signature = lasso_ds_signature_new(node, xmlSecTransformDsaSha1Id); + signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, + xmlSecTransformDsaSha1Id, NULL); break; } - lasso_node_add_child(node, signature, TRUE); - ret = lasso_ds_signature_sign(LASSO_DS_SIGNATURE(signature), - private_key_file, - certificate_file, - &tmp_err); - lasso_node_destroy(signature); - if (ret < 0) { - ret = tmp_err->code; - g_propagate_error(err, tmp_err); + + if (signature == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to create signature template\n"); + return (LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED); + } + reference = xmlSecTmplSignatureAddReference(signature, + xmlSecTransformSha1Id, + NULL, NULL, NULL); + if (reference == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to add reference to signature template\n"); + xmlFreeNode(signature); + return (LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED); } - return (ret); + /* add enveloped transform */ + if (xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId) == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to add enveloped transform to reference\n"); + xmlFreeNode(signature); + return (LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED); + } + + /* add */ + key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); + if (key_info == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to add key info\n"); + xmlFreeNode(signature); + return (LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED); + } + + /* add */ + if (sign_type == lassoSignatureTypeWithX509) { + if (xmlSecTmplKeyInfoAddX509Data(key_info) == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to add X509Data node\n"); + xmlFreeNode(signature); + return (LASSO_DS_ERROR_SIGNATURE_TMPL_CREATION_FAILED); + } + } + + sign_node = lasso_node_new(); + lasso_node_set_xmlNode(sign_node, signature); + lasso_node_add_child(node, sign_node, TRUE); + lasso_node_destroy(sign_node); + + /* xmlUnlinkNode(lasso_node_get_xmlNode(node)); */ + /* xmlFreeDoc(doc); */ + + return (0); } -static void gdata_build_query_foreach_func(GQuark key_id, - gpointer data, - gpointer user_data) { +static void +gdata_build_query_foreach_func(GQuark key_id, + gpointer data, + gpointer user_data) +{ guint i; GString *str; GPtrArray *array; @@ -1531,6 +1711,73 @@ lasso_node_impl_set_xmlNode(LassoNode *node, node->private->node = libxml_node; } +gint +lasso_node_impl_sign_signature_tmpl(LassoNode *node, + const xmlChar *private_key_file, + const xmlChar *certificate_file) +{ + xmlDocPtr doc; + xmlNodePtr signature_tmpl; + xmlSecDSigCtxPtr dsig_ctx; + gint ret = 0; + + g_return_val_if_fail(private_key_file != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); + + doc = xmlNewDoc("1.0"); + xmlAddChild((xmlNodePtr)doc, lasso_node_get_xmlNode(node)); + signature_tmpl = xmlSecFindNode(lasso_node_get_xmlNode(node), + xmlSecNodeSignature, + xmlSecDSigNs); + + /* create signature context */ + dsig_ctx = xmlSecDSigCtxCreate(NULL); + if (dsig_ctx == NULL) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED)); + return(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED); + } + + /* load private key, assuming that there is not password */ + dsig_ctx->signKey = xmlSecCryptoAppKeyLoad(private_key_file, + xmlSecKeyDataFormatPem, + NULL, NULL, NULL); + if (dsig_ctx->signKey == NULL) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED), + private_key_file); + ret = LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED; + goto done; + } + + /* load certificate and add to the key */ + if (certificate_file != NULL) { + if (xmlSecCryptoAppKeyCertLoad(dsig_ctx->signKey, certificate_file, + xmlSecKeyDataFormatPem) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED), + certificate_file); + ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED; + goto done; + } + } + + /* sign the template */ + if (xmlSecDSigCtxSign(dsig_ctx, signature_tmpl) < 0) { + message(G_LOG_LEVEL_CRITICAL, + lasso_strerror(LASSO_DS_ERROR_SIGNATURE_FAILED), + node->private->node->name); + ret = LASSO_DS_ERROR_SIGNATURE_FAILED; + } + + done: + xmlSecDSigCtxDestroy(dsig_ctx); + /* FIXME */ + /* xmlUnlinkNode(lasso_node_get_xmlNode(node)); */ + /* xmlFreeDoc(doc); */ + + return (ret); +} + /*****************************************************************************/ /* overrided parent class methods */ /*****************************************************************************/ @@ -1593,36 +1840,39 @@ lasso_node_class_init(LassoNodeClass *class) parent_class = g_type_class_peek_parent(class); /* virtual public methods */ - class->copy = lasso_node_impl_copy; - class->destroy = lasso_node_impl_destroy; - class->dump = lasso_node_impl_dump; - class->export = lasso_node_impl_export; - class->export_to_base64 = lasso_node_impl_export_to_base64; - class->export_to_query = lasso_node_impl_export_to_query; - class->export_to_soap = lasso_node_impl_export_to_soap; - class->get_attr = lasso_node_impl_get_attr; - class->get_attr_value = lasso_node_impl_get_attr_value; - class->get_attrs = lasso_node_impl_get_attrs; - class->get_child = lasso_node_impl_get_child; - class->get_child_content = lasso_node_impl_get_child_content; - class->get_children = lasso_node_impl_get_children; - class->get_content = lasso_node_impl_get_content; - class->get_name = lasso_node_impl_get_name; - class->import = lasso_node_impl_import; - class->import_from_node = lasso_node_impl_import_from_node; - class->rename_prop = lasso_node_impl_rename_prop; - class->verify_signature = lasso_node_impl_verify_signature; + class->copy = lasso_node_impl_copy; + class->destroy = lasso_node_impl_destroy; + class->dump = lasso_node_impl_dump; + class->export = lasso_node_impl_export; + class->export_to_base64 = lasso_node_impl_export_to_base64; + class->export_to_query = lasso_node_impl_export_to_query; + class->export_to_soap = lasso_node_impl_export_to_soap; + class->get_attr = lasso_node_impl_get_attr; + class->get_attr_value = lasso_node_impl_get_attr_value; + class->get_attrs = lasso_node_impl_get_attrs; + class->get_child = lasso_node_impl_get_child; + class->get_child_content = lasso_node_impl_get_child_content; + class->get_children = lasso_node_impl_get_children; + class->get_content = lasso_node_impl_get_content; + class->get_name = lasso_node_impl_get_name; + class->import = lasso_node_impl_import; + class->import_from_node = lasso_node_impl_import_from_node; + class->rename_prop = lasso_node_impl_rename_prop; + class->verify_signature = lasso_node_impl_verify_signature; + class->verify_x509_signature = lasso_node_impl_verify_x509_signature; /* virtual private methods */ - class->add_child = lasso_node_impl_add_child; - class->add_signature = lasso_node_impl_add_signature; - class->build_query = lasso_node_impl_build_query; - class->get_xmlNode = lasso_node_impl_get_xmlNode; - class->new_child = lasso_node_impl_new_child; - class->serialize = lasso_node_impl_serialize; - class->set_name = lasso_node_impl_set_name; - class->set_ns = lasso_node_impl_set_ns; - class->set_prop = lasso_node_impl_set_prop; - class->set_xmlNode = lasso_node_impl_set_xmlNode; + class->add_child = lasso_node_impl_add_child; + class->add_signature = lasso_node_impl_add_signature; + class->add_signature_tmpl = lasso_node_impl_add_signature_tmpl; + class->build_query = lasso_node_impl_build_query; + class->get_xmlNode = lasso_node_impl_get_xmlNode; + class->new_child = lasso_node_impl_new_child; + class->serialize = lasso_node_impl_serialize; + class->set_name = lasso_node_impl_set_name; + class->set_ns = lasso_node_impl_set_ns; + class->set_prop = lasso_node_impl_set_prop; + class->set_xmlNode = lasso_node_impl_set_xmlNode; + class->sign_signature_tmpl = lasso_node_impl_sign_signature_tmpl; /* override parent class methods */ gobject_class->dispose = (void *)lasso_node_dispose; gobject_class->finalize = (void *)lasso_node_finalize; diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h index 87abf759..7df0cc4e 100644 --- a/lasso/xml/xml.h +++ b/lasso/xml/xml.h @@ -47,6 +47,12 @@ typedef enum { lassoNodeExportTypeSoap } lassoNodeExportType; +typedef enum { + lassoSignatureTypeNone = 0, + lassoSignatureTypeSimple, + lassoSignatureTypeWithX509 +} lassoSignatureType; + typedef struct _xmlAttr LassoAttr; typedef struct _LassoNode LassoNode; @@ -68,139 +74,147 @@ struct _LassoNodeClass { GObjectClass parent_class; /*< vtable >*/ /*< public >*/ - LassoNode* (* copy) (LassoNode *node); - void (* destroy) (LassoNode *node); - gchar* (* dump) (LassoNode *node, - const xmlChar *encoding, - int format); - gchar* (* export) (LassoNode *node); - gchar* (* export_to_base64) (LassoNode *node); - gchar* (* export_to_query) (LassoNode *node, - lassoSignatureMethod sign_method, - const gchar *private_key_file); - gchar* (* export_to_soap) (LassoNode *node); - LassoAttr* (* get_attr) (LassoNode *node, - const xmlChar *name, - GError **err); - xmlChar* (* get_attr_value) (LassoNode *node, - const xmlChar *name, - GError **err); - GPtrArray* (* get_attrs) (LassoNode *node); - LassoNode* (* get_child) (LassoNode *node, - const xmlChar *name, - const xmlChar *href, - GError **err); - xmlChar* (* get_child_content)(LassoNode *node, - const xmlChar *name, - const xmlChar *href, - GError **err); - GPtrArray* (* get_children) (LassoNode *node); - xmlChar* (* get_content) (LassoNode *node, - GError **err); - xmlChar* (* get_name) (LassoNode *node); - void (* import) (LassoNode *node, - const gchar *buffer); - void (* import_from_node) (LassoNode *node, - LassoNode *imported_node); - void (* rename_prop) (LassoNode *node, - const xmlChar *old_name, - const xmlChar *new_name); - gint (* verify_signature) (LassoNode *node, - const gchar *certificate_file, - GError **err); + LassoNode* (* copy) (LassoNode *node); + void (* destroy) (LassoNode *node); + gchar* (* dump) (LassoNode *node, + const xmlChar *encoding, + int format); + gchar* (* export) (LassoNode *node); + gchar* (* export_to_base64) (LassoNode *node); + gchar* (* export_to_query) (LassoNode *node, + lassoSignatureMethod sign_method, + const gchar *private_key_file); + gchar* (* export_to_soap) (LassoNode *node); + LassoAttr* (* get_attr) (LassoNode *node, + const xmlChar *name, + GError **err); + xmlChar* (* get_attr_value) (LassoNode *node, + const xmlChar *name, + GError **err); + GPtrArray* (* get_attrs) (LassoNode *node); + LassoNode* (* get_child) (LassoNode *node, + const xmlChar *name, + const xmlChar *href, + GError **err); + xmlChar* (* get_child_content) (LassoNode *node, + const xmlChar *name, + const xmlChar *href, + GError **err); + GPtrArray* (* get_children) (LassoNode *node); + xmlChar* (* get_content) (LassoNode *node, + GError **err); + xmlChar* (* get_name) (LassoNode *node); + void (* import) (LassoNode *node, + const gchar *buffer); + void (* import_from_node) (LassoNode *node, + LassoNode *imported_node); + void (* rename_prop) (LassoNode *node, + const xmlChar *old_name, + const xmlChar *new_name); + gint (* verify_signature) (LassoNode *node, + const gchar *public_key_file); + gint (* verify_x509_signature) (LassoNode *node, + const gchar *certificate_file); /*< private >*/ - void (* add_child) (LassoNode *node, - LassoNode *child, - gboolean unbounded); - gint (* add_signature) (LassoNode *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file, - GError **err); - gchar* (* build_query) (LassoNode *node); - xmlNodePtr (* get_xmlNode) (LassoNode *node); - void (* new_child) (LassoNode *node, - const xmlChar *name, - const xmlChar *content, - gboolean unbounded); - GData* (* serialize) (LassoNode *node, - GData *gd); - void (* set_name) (LassoNode *node, - const xmlChar *name); - void (* set_ns) (LassoNode *node, - const xmlChar *href, - const xmlChar *prefix); - void (* set_prop) (LassoNode *node, - const xmlChar *name, - const xmlChar *value); - void (* set_xmlNode) (LassoNode *node, - xmlNodePtr libxml_node); + void (* add_child) (LassoNode *node, + LassoNode *child, + gboolean unbounded); + gint (* add_signature) (LassoNode *node, + gint sign_method, + const xmlChar *private_key_file, + const xmlChar *certificate_file); + gint (* add_signature_tmpl) (LassoNode *node, + lassoSignatureType sign_type, + lassoSignatureMethod sign_method); + gchar* (* build_query) (LassoNode *node); + xmlNodePtr (* get_xmlNode) (LassoNode *node); + void (* new_child) (LassoNode *node, + const xmlChar *name, + const xmlChar *content, + gboolean unbounded); + GData* (* serialize) (LassoNode *node, + GData *gd); + void (* set_name) (LassoNode *node, + const xmlChar *name); + void (* set_ns) (LassoNode *node, + const xmlChar *href, + const xmlChar *prefix); + void (* set_prop) (LassoNode *node, + const xmlChar *name, + const xmlChar *value); + void (* set_xmlNode) (LassoNode *node, + xmlNodePtr libxml_node); + gint (* sign_signature_tmpl)(LassoNode *node, + const xmlChar *private_key_file, + const xmlChar *certificate_file); }; -LASSO_EXPORT GType lasso_node_get_type (void); +LASSO_EXPORT GType lasso_node_get_type (void); + +LASSO_EXPORT LassoNode* lasso_node_new (void); +LASSO_EXPORT LassoNode* lasso_node_new_from_dump (const gchar *buffer); +LASSO_EXPORT LassoNode* lasso_node_new_from_xmlNode (xmlNodePtr node); -LASSO_EXPORT LassoNode* lasso_node_new (void); -LASSO_EXPORT LassoNode* lasso_node_new_from_dump (const gchar *buffer); -LASSO_EXPORT LassoNode* lasso_node_new_from_xmlNode (xmlNodePtr node); +LASSO_EXPORT LassoNode* lasso_node_copy (LassoNode *node); -LASSO_EXPORT LassoNode* lasso_node_copy (LassoNode *node); +LASSO_EXPORT void lasso_node_destroy (LassoNode *node); -LASSO_EXPORT void lasso_node_destroy (LassoNode *node); +LASSO_EXPORT gchar* lasso_node_dump (LassoNode *node, + const xmlChar *encoding, + int format); -LASSO_EXPORT gchar* lasso_node_dump (LassoNode *node, - const xmlChar *encoding, - int format); +LASSO_EXPORT gchar* lasso_node_export (LassoNode *node); -LASSO_EXPORT gchar* lasso_node_export (LassoNode *node); +LASSO_EXPORT gchar* lasso_node_export_to_base64 (LassoNode *node); -LASSO_EXPORT gchar* lasso_node_export_to_base64 (LassoNode *node); +LASSO_EXPORT gchar* lasso_node_export_to_query (LassoNode *node, + lassoSignatureMethod sign_method, + const gchar *private_key_file); -LASSO_EXPORT gchar* lasso_node_export_to_query (LassoNode *node, - lassoSignatureMethod sign_method, - const gchar *private_key_file); +LASSO_EXPORT gchar* lasso_node_export_to_soap (LassoNode *node); -LASSO_EXPORT gchar* lasso_node_export_to_soap (LassoNode *node); +LASSO_EXPORT LassoAttr* lasso_node_get_attr (LassoNode *node, + const xmlChar *name, + GError **err); -LASSO_EXPORT LassoAttr* lasso_node_get_attr (LassoNode *node, - const xmlChar *name, - GError **err); +LASSO_EXPORT xmlChar* lasso_node_get_attr_value (LassoNode *node, + const xmlChar *name, + GError **err); -LASSO_EXPORT xmlChar* lasso_node_get_attr_value (LassoNode *node, - const xmlChar *name, - GError **err); +LASSO_EXPORT GPtrArray* lasso_node_get_attrs (LassoNode *node); -LASSO_EXPORT GPtrArray* lasso_node_get_attrs (LassoNode *node); +LASSO_EXPORT LassoNode* lasso_node_get_child (LassoNode *node, + const xmlChar *name, + const xmlChar *href, + GError **err); -LASSO_EXPORT LassoNode* lasso_node_get_child (LassoNode *node, - const xmlChar *name, - const xmlChar *href, - GError **err); +LASSO_EXPORT xmlChar * lasso_node_get_child_content (LassoNode *node, + const xmlChar *name, + const xmlChar *href, + GError **err); -LASSO_EXPORT xmlChar * lasso_node_get_child_content(LassoNode *node, - const xmlChar *name, - const xmlChar *href, - GError **err); +LASSO_EXPORT GPtrArray* lasso_node_get_children (LassoNode *node); -LASSO_EXPORT GPtrArray* lasso_node_get_children (LassoNode *node); +LASSO_EXPORT xmlChar* lasso_node_get_content (LassoNode *node, + GError **err); -LASSO_EXPORT xmlChar* lasso_node_get_content (LassoNode *node, - GError **err); +LASSO_EXPORT xmlChar* lasso_node_get_name (LassoNode *node); -LASSO_EXPORT xmlChar* lasso_node_get_name (LassoNode *node); +LASSO_EXPORT void lasso_node_import (LassoNode *node, + const gchar *buffer); -LASSO_EXPORT void lasso_node_import (LassoNode *node, - const gchar *buffer); +LASSO_EXPORT void lasso_node_import_from_node (LassoNode *node, + LassoNode *imported_node); -LASSO_EXPORT void lasso_node_import_from_node (LassoNode *node, - LassoNode *imported_node); +LASSO_EXPORT void lasso_node_rename_prop (LassoNode *node, + const xmlChar *old_name, + const xmlChar *new_name); -LASSO_EXPORT void lasso_node_rename_prop (LassoNode *node, - const xmlChar *old_name, - const xmlChar *new_name); +LASSO_EXPORT gint lasso_node_verify_signature (LassoNode *node, + const gchar *public_key_file); -LASSO_EXPORT gint lasso_node_verify_signature (LassoNode *node, - const gchar *certificate_file, - GError **err); +LASSO_EXPORT gint lasso_node_verify_x509_signature (LassoNode *node, + const gchar *certificate_file); #ifdef __cplusplus } -- cgit