Moved signature template stuff into xml.c and use XmlSnippet for them; this
should insure proper validation against Liberty XML schemas and should help adding missing signature support to <Assertion>
This commit is contained in:
parent
cae2befb48
commit
1ecf9e1123
|
@ -64,3 +64,7 @@ SNIPPET_EXTENSION
|
|||
|
||||
(for <xs:element ref="Extension" minOccurs="0" maxOccurs="unbounded"/>)
|
||||
|
||||
SNIPPET_SIGNATURE
|
||||
|
||||
(for XMLDSig)
|
||||
|
||||
|
|
|
@ -40,6 +40,7 @@ typedef enum {
|
|||
SNIPPET_LIST_NODES,
|
||||
SNIPPET_LIST_CONTENT,
|
||||
SNIPPET_EXTENSION,
|
||||
SNIPPET_SIGNATURE,
|
||||
|
||||
/* transformers for content transformation */
|
||||
SNIPPET_STRING = 1 << 0, /* default, can be omitted */
|
||||
|
@ -64,6 +65,8 @@ struct _LassoNodeClassData
|
|||
struct QuerySnippet *query_snippets;
|
||||
char *node_name;
|
||||
xmlNs *ns;
|
||||
int sign_type_offset;
|
||||
int sign_method_offset;
|
||||
};
|
||||
|
||||
void lasso_node_class_set_nodename(LassoNodeClass *klass, char *name);
|
||||
|
|
|
@ -55,6 +55,8 @@
|
|||
/*****************************************************************************/
|
||||
|
||||
static struct XmlSnippet schema_snippets[] = {
|
||||
{ "Signature", SNIPPET_SIGNATURE,
|
||||
G_STRUCT_OFFSET(LassoSamlpRequestAbstract, RequestID) },
|
||||
{ "RequestID", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoSamlpRequestAbstract, RequestID) },
|
||||
{ "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER,
|
||||
G_STRUCT_OFFSET(LassoSamlpRequestAbstract, MajorVersion) },
|
||||
|
@ -65,52 +67,6 @@ static struct XmlSnippet schema_snippets[] = {
|
|||
{ NULL, 0, 0}
|
||||
};
|
||||
|
||||
static LassoNodeClass *parent_class = NULL;
|
||||
|
||||
static xmlNode*
|
||||
get_xmlNode(LassoNode *node)
|
||||
{
|
||||
xmlNode *xmlnode;
|
||||
LassoSamlpRequestAbstract *request = LASSO_SAMLP_REQUEST_ABSTRACT(node);
|
||||
|
||||
xmlnode = parent_class->get_xmlNode(node);
|
||||
|
||||
/* signature stuff */
|
||||
if (request->sign_type != LASSO_SIGNATURE_TYPE_NONE) {
|
||||
xmlNode *signature = NULL, *reference, *key_info;
|
||||
char *uri;
|
||||
|
||||
if (request->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
|
||||
signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
|
||||
xmlSecTransformRsaSha1Id, NULL);
|
||||
}
|
||||
if (request->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) {
|
||||
signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
|
||||
xmlSecTransformDsaSha1Id, NULL);
|
||||
}
|
||||
/* get out if signature == NULL ? */
|
||||
xmlAddChild(xmlnode, signature);
|
||||
|
||||
uri = g_strdup_printf("#%s", request->RequestID);
|
||||
reference = xmlSecTmplSignatureAddReference(signature,
|
||||
xmlSecTransformSha1Id, NULL, uri, NULL);
|
||||
g_free(uri);
|
||||
|
||||
/* add enveloped transform */
|
||||
xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId);
|
||||
/* add exclusive C14N transform */
|
||||
xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId);
|
||||
|
||||
/* add <dsig:KeyInfo/> */
|
||||
if (request->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) {
|
||||
key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL);
|
||||
xmlSecTmplKeyInfoAddX509Data(key_info);
|
||||
}
|
||||
}
|
||||
|
||||
return xmlnode;
|
||||
}
|
||||
|
||||
static char*
|
||||
get_sign_attr_name()
|
||||
{
|
||||
|
@ -138,13 +94,15 @@ class_init(LassoSamlpRequestAbstractClass *klass)
|
|||
{
|
||||
LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);
|
||||
|
||||
parent_class = g_type_class_peek_parent(klass);
|
||||
nclass->get_xmlNode = get_xmlNode;
|
||||
nclass->get_sign_attr_name = get_sign_attr_name;
|
||||
nclass->node_data = g_new0(LassoNodeClassData, 1);
|
||||
lasso_node_class_set_nodename(nclass, "RequestAbstract");
|
||||
lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX);
|
||||
lasso_node_class_add_snippets(nclass, schema_snippets);
|
||||
nclass->node_data->sign_type_offset = G_STRUCT_OFFSET(
|
||||
LassoSamlpRequestAbstract, sign_type);
|
||||
nclass->node_data->sign_method_offset = G_STRUCT_OFFSET(
|
||||
LassoSamlpRequestAbstract, sign_method);
|
||||
}
|
||||
|
||||
GType
|
||||
|
|
|
@ -57,6 +57,8 @@
|
|||
/*****************************************************************************/
|
||||
|
||||
static struct XmlSnippet schema_snippets[] = {
|
||||
{ "Signature", SNIPPET_SIGNATURE,
|
||||
G_STRUCT_OFFSET(LassoSamlpResponseAbstract, ResponseID) },
|
||||
{ "ResponseID", SNIPPET_ATTRIBUTE,
|
||||
G_STRUCT_OFFSET(LassoSamlpResponseAbstract, ResponseID) },
|
||||
{ "MajorVersion", SNIPPET_ATTRIBUTE | SNIPPET_INTEGER,
|
||||
|
@ -71,53 +73,6 @@ static struct XmlSnippet schema_snippets[] = {
|
|||
{ NULL, 0, 0}
|
||||
};
|
||||
|
||||
static LassoNodeClass *parent_class = NULL;
|
||||
|
||||
static xmlNode*
|
||||
get_xmlNode(LassoNode *node)
|
||||
{
|
||||
xmlNode *xmlnode;
|
||||
LassoSamlpResponseAbstract *response = LASSO_SAMLP_RESPONSE_ABSTRACT(node);
|
||||
|
||||
xmlnode = parent_class->get_xmlNode(node);
|
||||
|
||||
/* signature stuff */
|
||||
if (response->sign_type != LASSO_SIGNATURE_TYPE_NONE) {
|
||||
xmlNode *signature = NULL, *reference, *key_info;
|
||||
char *uri;
|
||||
|
||||
if (response->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
|
||||
signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
|
||||
xmlSecTransformRsaSha1Id, NULL);
|
||||
}
|
||||
if (response->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) {
|
||||
signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId,
|
||||
xmlSecTransformDsaSha1Id, NULL);
|
||||
}
|
||||
/* get out if signature == NULL ? */
|
||||
xmlAddChild(xmlnode, signature);
|
||||
|
||||
uri = g_strdup_printf("#%s", response->ResponseID);
|
||||
reference = xmlSecTmplSignatureAddReference(signature,
|
||||
xmlSecTransformSha1Id, NULL, uri, NULL);
|
||||
g_free(uri);
|
||||
|
||||
/* add enveloped transform */
|
||||
xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId);
|
||||
/* add exclusive C14N transform */
|
||||
xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId);
|
||||
|
||||
/* add <dsig:KeyInfo/> */
|
||||
if (response->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) {
|
||||
key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL);
|
||||
xmlSecTmplKeyInfoAddX509Data(key_info);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return xmlnode;
|
||||
}
|
||||
|
||||
static char*
|
||||
get_sign_attr_name()
|
||||
{
|
||||
|
@ -125,7 +80,6 @@ get_sign_attr_name()
|
|||
}
|
||||
|
||||
|
||||
|
||||
/*****************************************************************************/
|
||||
/* instance and class init functions */
|
||||
/*****************************************************************************/
|
||||
|
@ -147,13 +101,15 @@ class_init(LassoSamlpResponseAbstractClass *klass)
|
|||
{
|
||||
LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);
|
||||
|
||||
parent_class = g_type_class_peek_parent(klass);
|
||||
nclass->get_xmlNode = get_xmlNode;
|
||||
nclass->get_sign_attr_name = get_sign_attr_name;
|
||||
nclass->node_data = g_new0(LassoNodeClassData, 1);
|
||||
lasso_node_class_set_nodename(nclass, "ResponseAbstract");
|
||||
lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX);
|
||||
lasso_node_class_add_snippets(nclass, schema_snippets);
|
||||
nclass->node_data->sign_type_offset = G_STRUCT_OFFSET(
|
||||
LassoSamlpResponseAbstract, sign_type);
|
||||
nclass->node_data->sign_method_offset = G_STRUCT_OFFSET(
|
||||
LassoSamlpResponseAbstract, sign_method);
|
||||
}
|
||||
|
||||
GType
|
||||
|
|
|
@ -692,6 +692,8 @@ lasso_node_dispose(GObject *object)
|
|||
case SNIPPET_ATTRIBUTE:
|
||||
g_free(*value);
|
||||
break;
|
||||
case SNIPPET_SIGNATURE:
|
||||
break; /* no real element here */
|
||||
default:
|
||||
fprintf(stderr, "%d\n", type);
|
||||
g_assert_not_reached();
|
||||
|
@ -1097,6 +1099,66 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode,
|
|||
elem = g_list_next(elem);
|
||||
}
|
||||
break;
|
||||
case SNIPPET_SIGNATURE:
|
||||
{
|
||||
LassoNodeClass *klass = LASSO_NODE_GET_CLASS(node);
|
||||
lassoSignatureType sign_type;
|
||||
lassoSignatureType sign_method;
|
||||
xmlNode *signature = NULL, *reference, *key_info;
|
||||
char *uri;
|
||||
char *id;
|
||||
|
||||
while (klass && LASSO_IS_NODE_CLASS(klass) && klass->node_data) {
|
||||
if (klass->node_data->sign_type_offset)
|
||||
break;
|
||||
klass = g_type_class_peek_parent(klass);
|
||||
}
|
||||
|
||||
if (klass->node_data->sign_type_offset == 0)
|
||||
break;
|
||||
|
||||
sign_type = G_STRUCT_MEMBER(
|
||||
lassoSignatureType, node,
|
||||
klass->node_data->sign_type_offset);
|
||||
sign_method = G_STRUCT_MEMBER(
|
||||
lassoSignatureType, node,
|
||||
klass->node_data->sign_method_offset);
|
||||
|
||||
if (sign_type == LASSO_SIGNATURE_TYPE_NONE)
|
||||
break;
|
||||
|
||||
if (sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
|
||||
signature = xmlSecTmplSignatureCreate(NULL,
|
||||
xmlSecTransformExclC14NId,
|
||||
xmlSecTransformRsaSha1Id, NULL);
|
||||
} else {
|
||||
signature = xmlSecTmplSignatureCreate(NULL,
|
||||
xmlSecTransformExclC14NId,
|
||||
xmlSecTransformDsaSha1Id, NULL);
|
||||
}
|
||||
/* XXX: get out if signature == NULL ? */
|
||||
xmlAddChild(xmlnode, signature);
|
||||
|
||||
id = G_STRUCT_MEMBER(char*, node, snippet->offset);
|
||||
uri = g_strdup_printf("#%s", id);
|
||||
reference = xmlSecTmplSignatureAddReference(signature,
|
||||
xmlSecTransformSha1Id, NULL, uri, NULL);
|
||||
g_free(uri);
|
||||
|
||||
/* add enveloped transform */
|
||||
xmlSecTmplReferenceAddTransform(reference,
|
||||
xmlSecTransformEnvelopedId);
|
||||
/* add exclusive C14N transform */
|
||||
xmlSecTmplReferenceAddTransform(reference,
|
||||
xmlSecTransformExclC14NId);
|
||||
|
||||
if (sign_type == LASSO_SIGNATURE_TYPE_WITHX509) {
|
||||
/* add <dsig:KeyInfo/> */
|
||||
key_info = xmlSecTmplSignatureEnsureKeyInfo(
|
||||
signature, NULL);
|
||||
xmlSecTmplKeyInfoAddX509Data(key_info);
|
||||
}
|
||||
} break;
|
||||
case SNIPPET_INTEGER:
|
||||
case SNIPPET_BOOLEAN:
|
||||
g_assert_not_reached();
|
||||
|
|
Loading…
Reference in New Issue