Moved signature template stuff into xml.c and use XmlSnippet for them; this

should insure proper validation against Liberty XML schemas and should help adding missing signature support to <Assertion>
2004-12-19 15:24:19 +00:00 · 2004-12-19 15:24:19 +00:00 · 1ecf9e1123
parent cae2befb48
commit 1ecf9e1123
5 changed files with 81 additions and 98 deletions
--- a/docs/reference/snippet-types.rst
+++ b/docs/reference/snippet-types.rst
@ -64,3 +64,7 @@ SNIPPET_EXTENSION

  (for <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>)

+SNIPPET_SIGNATURE
+
+  (for XMLDSig)
+
--- a/lasso/xml/internals.h
+++ b/lasso/xml/internals.h
@ -40,6 +40,7 @@ typedef enum {
 	SNIPPET_LIST_NODES,
 	SNIPPET_LIST_CONTENT,
 	SNIPPET_EXTENSION,
+	SNIPPET_SIGNATURE,

 	/* transformers for content transformation */
 	SNIPPET_STRING  = 1 << 0, /* default, can be omitted */
@ -64,6 +65,8 @@ struct _LassoNodeClassData
 	struct QuerySnippet *query_snippets;
 	char *node_name;
 	xmlNs *ns;
+	int sign_type_offset;
+	int sign_method_offset;
 };

 void lasso_node_class_set_nodename(LassoNodeClass *klass, char *name);
--- a/lasso/xml/samlp_request_abstract.c
+++ b/lasso/xml/samlp_request_abstract.c
@ -55,6 +55,8 @@
 /*****************************************************************************/

 static struct XmlSnippet schema_snippets[] = {
+	{ "Signature", SNIPPET_SIGNATURE,
+		G_STRUCT_OFFSET(LassoSamlpRequestAbstract, RequestID) },
 	{ "RequestID", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlpRequestAbstract, RequestID) },
 	{ "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER,
 		G_STRUCT_OFFSET(LassoSamlpRequestAbstract, MajorVersion) },
@ -65,52 +67,6 @@ static struct XmlSnippet schema_snippets[] = {
 	{ NULL, 0, 0}
 };

-static LassoNodeClass *parent_class = NULL;
-
-static xmlNode*
-get_xmlNode(LassoNode *node)
-{ 
-	xmlNode *xmlnode;
-	LassoSamlpRequestAbstract *request = LASSO_SAMLP_REQUEST_ABSTRACT(node);
-
-	xmlnode = parent_class->get_xmlNode(node);
-
-	/* signature stuff */
-	if (request->sign_type != LASSO_SIGNATURE_TYPE_NONE) {
-		xmlNode *signature = NULL, *reference, *key_info;
-		char *uri;
-
-		if (request->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
-			signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
-					xmlSecTransformRsaSha1Id, NULL);
-		}
-		if (request->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) {
-			signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
-					xmlSecTransformDsaSha1Id, NULL);
-		}
-		/* get out if signature == NULL ? */
-		xmlAddChild(xmlnode, signature);
-
-		uri = g_strdup_printf("#%s", request->RequestID);
-		reference = xmlSecTmplSignatureAddReference(signature,
-				xmlSecTransformSha1Id, NULL, uri, NULL);
-		g_free(uri);
-
-		/* add enveloped transform */
-		xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId);
-		/* add exclusive C14N transform */
-		xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId);
-
-		/* add <dsig:KeyInfo/> */
-		if (request->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) {
-			key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL);
-			xmlSecTmplKeyInfoAddX509Data(key_info);
-		}
-	}
-
-	return xmlnode;
-} 
-
 static char*
 get_sign_attr_name()
 {
@ -138,13 +94,15 @@ class_init(LassoSamlpRequestAbstractClass *klass)
 {
 	LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);

-	parent_class = g_type_class_peek_parent(klass);
-	nclass->get_xmlNode = get_xmlNode;
 	nclass->get_sign_attr_name = get_sign_attr_name;
 	nclass->node_data = g_new0(LassoNodeClassData, 1);
 	lasso_node_class_set_nodename(nclass, "RequestAbstract");
 	lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX);
 	lasso_node_class_add_snippets(nclass, schema_snippets);
+	nclass->node_data->sign_type_offset = G_STRUCT_OFFSET(
+			LassoSamlpRequestAbstract, sign_type);
+	nclass->node_data->sign_method_offset = G_STRUCT_OFFSET(
+			LassoSamlpRequestAbstract, sign_method);
 }

 GType
--- a/lasso/xml/samlp_response_abstract.c
+++ b/lasso/xml/samlp_response_abstract.c
@ -57,6 +57,8 @@
 /*****************************************************************************/

 static struct XmlSnippet schema_snippets[] = {
+	{ "Signature", SNIPPET_SIGNATURE,
+		G_STRUCT_OFFSET(LassoSamlpResponseAbstract, ResponseID) },
 	{ "ResponseID", SNIPPET_ATTRIBUTE,
 		G_STRUCT_OFFSET(LassoSamlpResponseAbstract, ResponseID) },
 	{ "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER,
@ -71,53 +73,6 @@ static struct XmlSnippet schema_snippets[] = {
 	{ NULL, 0, 0}
 };

-static LassoNodeClass *parent_class = NULL;
-
-static xmlNode*
-get_xmlNode(LassoNode *node)
-{ 
-	xmlNode *xmlnode;
-	LassoSamlpResponseAbstract *response = LASSO_SAMLP_RESPONSE_ABSTRACT(node);
-
-	xmlnode = parent_class->get_xmlNode(node);
-
-	/* signature stuff */
-	if (response->sign_type != LASSO_SIGNATURE_TYPE_NONE) {
-		xmlNode *signature = NULL, *reference, *key_info;
-		char *uri;
-
-		if (response->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
-			signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
-					xmlSecTransformRsaSha1Id, NULL);
-		}
-		if (response->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) {
-			signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
-					xmlSecTransformDsaSha1Id, NULL);
-		}
-		/* get out if signature == NULL ? */
-		xmlAddChild(xmlnode, signature);
-
-		uri = g_strdup_printf("#%s", response->ResponseID);
-		reference = xmlSecTmplSignatureAddReference(signature,
-				xmlSecTransformSha1Id, NULL, uri, NULL);
-		g_free(uri);
-
-		/* add enveloped transform */
-		xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId);
-		/* add exclusive C14N transform */
-		xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId);
-
-		/* add <dsig:KeyInfo/> */
-		if (response->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) {
-			key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL);
-			xmlSecTmplKeyInfoAddX509Data(key_info);
-		}
-	}
-
-
-	return xmlnode;
-} 
-
 static char*
 get_sign_attr_name()
 {
@ -125,7 +80,6 @@ get_sign_attr_name()
 }


-
 /*****************************************************************************/
 /* instance and class init functions                                         */
 /*****************************************************************************/
@ -147,13 +101,15 @@ class_init(LassoSamlpResponseAbstractClass *klass)
 {
 	LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);

-	parent_class = g_type_class_peek_parent(klass);
-	nclass->get_xmlNode = get_xmlNode;
 	nclass->get_sign_attr_name = get_sign_attr_name;
 	nclass->node_data = g_new0(LassoNodeClassData, 1);
 	lasso_node_class_set_nodename(nclass, "ResponseAbstract");
 	lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX);
 	lasso_node_class_add_snippets(nclass, schema_snippets);
+	nclass->node_data->sign_type_offset = G_STRUCT_OFFSET(
+			LassoSamlpResponseAbstract, sign_type);
+	nclass->node_data->sign_method_offset = G_STRUCT_OFFSET(
+			LassoSamlpResponseAbstract, sign_method);
 }

 GType
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@ -692,6 +692,8 @@ lasso_node_dispose(GObject *object)
 				case SNIPPET_ATTRIBUTE:
 					g_free(*value);
 					break;
+				case SNIPPET_SIGNATURE:
+					break; /* no real element here */
 				default:
 					fprintf(stderr, "%d\n", type);
 					g_assert_not_reached();
@ -1097,6 +1099,66 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode,
 					elem = g_list_next(elem);
 				}
 				break;
+			case SNIPPET_SIGNATURE:
+			{
+				LassoNodeClass *klass = LASSO_NODE_GET_CLASS(node);
+				lassoSignatureType sign_type;
+				lassoSignatureType sign_method;
+				xmlNode *signature = NULL, *reference, *key_info;
+				char *uri;
+				char *id;
+
+				while (klass && LASSO_IS_NODE_CLASS(klass) && klass->node_data) {
+					if (klass->node_data->sign_type_offset)
+						break;
+					klass = g_type_class_peek_parent(klass);
+				}
+
+				if (klass->node_data->sign_type_offset == 0)
+					break;
+				
+				sign_type = G_STRUCT_MEMBER(
+						lassoSignatureType, node,
+						klass->node_data->sign_type_offset);
+				sign_method = G_STRUCT_MEMBER(
+						lassoSignatureType, node,
+						klass->node_data->sign_method_offset);
+
+				if (sign_type == LASSO_SIGNATURE_TYPE_NONE)
+					break;
+
+				if (sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
+					signature = xmlSecTmplSignatureCreate(NULL,
+							xmlSecTransformExclC14NId,
+							xmlSecTransformRsaSha1Id, NULL);
+				} else {
+					signature = xmlSecTmplSignatureCreate(NULL,
+							xmlSecTransformExclC14NId,
+							xmlSecTransformDsaSha1Id, NULL);
+				}
+				/* XXX: get out if signature == NULL ? */
+				xmlAddChild(xmlnode, signature);
+
+				id = G_STRUCT_MEMBER(char*, node, snippet->offset);
+				uri = g_strdup_printf("#%s", id);
+				reference = xmlSecTmplSignatureAddReference(signature,
+						xmlSecTransformSha1Id, NULL, uri, NULL);
+				g_free(uri);
+
+				/* add enveloped transform */
+				xmlSecTmplReferenceAddTransform(reference,
+						xmlSecTransformEnvelopedId);
+				/* add exclusive C14N transform */
+				xmlSecTmplReferenceAddTransform(reference,
+						xmlSecTransformExclC14NId);
+
+				if (sign_type == LASSO_SIGNATURE_TYPE_WITHX509) {
+					/* add <dsig:KeyInfo/> */
+					key_info = xmlSecTmplSignatureEnsureKeyInfo(
+							signature, NULL);
+					xmlSecTmplKeyInfoAddX509Data(key_info);
+				}
+			} break;
 			case SNIPPET_INTEGER:
 			case SNIPPET_BOOLEAN:
 				g_assert_not_reached();