When generating metadata, strip leading and trailing content around the

certificate, as it will confuse XML parsers if it contains [<>&].


git-svn-id: https://modmellon.googlecode.com/svn/trunk@54 a716ebb1-153a-0410-b759-cfb97c6a1b53

1 files changed, 24 insertions, 3 deletions

diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index d4983b7..11952a1 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -83,7 +83,27 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r)
     char *url = am_get_endpoint_url(r);
     char *cert = "";
 
-    if (cfg->sp_cert_file)
+    if (cfg->sp_cert_file) {
+	char *sp_cert_file;
+        char *cp;
+        const char *begin = "-----BEGIN CERTIFICATE-----";
+        const char *end = "-----END CERTIFICATE-----";
+
+        /* 
+         * Try to remove leading and trailing garbage, as it can
+         * wreak havoc XML parser if it contains [<>&]
+         */
+	sp_cert_file = apr_pstrdup(p, cfg->sp_cert_file);
+
+        cp = strstr(sp_cert_file, begin);
+        if (cp != NULL) 
+            sp_cert_file = cp;
+
+        cp = strstr(sp_cert_file, end);
+        if (cp != NULL)
+            *(cp + strlen(end)) = '\0';
+        
+
         cert = apr_psprintf(p,
           "<KeyDescriptor use=\"signing\">"
             "<ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\">"
@@ -99,8 +119,9 @@ static char *am_generate_metadata(apr_pool_t *p, request_rec *r)
               "</ds:X509Data>"
             "</ds:KeyInfo>"
           "</KeyDescriptor>",
-          cfg->sp_cert_file,
-          cfg->sp_cert_file);
+          sp_cert_file,
+          sp_cert_file);
+    }
 
     return apr_psprintf(p,
       "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>"