Added a new argument 'err' (GError *) in 5 methods:
lasso_ds_signature_sign, lasso_node_add_signature, lasso_node_verify_signature, lasso_saml_assertion_set_signature, lasso_samlp_request_abstract_set_signature, lasso_samlp_response_abstract_set_signature for reporting always more errors.
This commit is contained in:
parent
0ecf1691ba
commit
b9db3340dd
|
@ -47,10 +47,13 @@ struct _LassoLoginPrivate
|
|||
/*****************************************************************************/
|
||||
|
||||
static gchar*
|
||||
lasso_login_get_assertion_nameIdentifier(LassoNode *assertion)
|
||||
lasso_login_get_assertion_nameIdentifier(LassoNode *assertion,
|
||||
GError **err)
|
||||
{
|
||||
xmlChar *ni, *idp_ni;
|
||||
|
||||
g_return_val_if_fail (err == NULL || *err == NULL, NULL);
|
||||
|
||||
ni = lasso_node_get_child_content(assertion, "NameIdentifier", NULL, NULL);
|
||||
idp_ni = lasso_node_get_child_content(assertion, "IDPProvidedNameIdentifier",
|
||||
NULL, NULL);
|
||||
|
@ -65,7 +68,9 @@ lasso_login_get_assertion_nameIdentifier(LassoNode *assertion)
|
|||
return (ni);
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_CRITICAL, "NameIdentifier value not found in AuthenticationStatement element.\n");
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_XML_ERROR_UNDEFINED,
|
||||
"NameIdentifier value not found in Assertion element.\n");
|
||||
return (NULL);
|
||||
}
|
||||
}
|
||||
|
@ -89,7 +94,7 @@ lasso_login_add_response_assertion(LassoLogin *login,
|
|||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_error_free(err);
|
||||
return(ret);
|
||||
return(-1);
|
||||
}
|
||||
|
||||
assertion = lasso_assertion_new(LASSO_PROFILE(login)->server->providerID,
|
||||
|
@ -105,16 +110,25 @@ lasso_login_add_response_assertion(LassoLogin *login,
|
|||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to build the AuthenticationStatement element of the Assertion.\n");
|
||||
lasso_node_destroy(assertion);
|
||||
return(-3);
|
||||
ret = -2;
|
||||
goto done;
|
||||
}
|
||||
/* store NameIdentifier */
|
||||
LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion);
|
||||
|
||||
/* store NameIdentifier */
|
||||
LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err);
|
||||
if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_error_free(err);
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* FIXME : How to know if the assertion must be signed or unsigned ? */
|
||||
ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
|
||||
LASSO_PROFILE(login)->server->signature_method,
|
||||
LASSO_PROFILE(login)->server->private_key,
|
||||
LASSO_PROFILE(login)->server->certificate);
|
||||
LASSO_PROFILE(login)->server->certificate,
|
||||
&err);
|
||||
if (ret == 0) {
|
||||
lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE(login)->response),
|
||||
assertion);
|
||||
|
@ -127,7 +141,13 @@ lasso_login_add_response_assertion(LassoLogin *login,
|
|||
LASSO_PROFILE(login)->remote_providerID,
|
||||
assertion);
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_error_free(err);
|
||||
}
|
||||
|
||||
done:
|
||||
lasso_node_destroy(authentication_statement);
|
||||
lasso_node_destroy(assertion);
|
||||
|
||||
|
@ -225,58 +245,63 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) {
|
|||
assertion = lasso_node_get_child(LASSO_PROFILE(login)->response,
|
||||
"Assertion",
|
||||
lassoLibHRef,
|
||||
NULL);
|
||||
&err);
|
||||
idp = lasso_server_get_provider(LASSO_PROFILE(login)->server,
|
||||
LASSO_PROFILE(login)->remote_providerID);
|
||||
|
||||
if (assertion != NULL) {
|
||||
/* verify signature */
|
||||
if (idp->ca_certificate != NULL) {
|
||||
signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate);
|
||||
signature_check = lasso_node_verify_signature(assertion, idp->ca_certificate, &err);
|
||||
if (signature_check < 0) {
|
||||
/* ret = -1 or -2 or -3 */
|
||||
ret = signature_check;
|
||||
goto done;
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_clear_error(&err);
|
||||
/* we continue */
|
||||
}
|
||||
}
|
||||
|
||||
/* store NameIdentifier */
|
||||
LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion);
|
||||
LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err);
|
||||
if (LASSO_PROFILE(login)->nameIdentifier == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "NameIdentifier element not found in Assertion.\n");
|
||||
ret = -4;
|
||||
goto done;
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_clear_error(&err);
|
||||
/* we continue */
|
||||
}
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_clear_error(&err);
|
||||
/* we continue */
|
||||
}
|
||||
|
||||
/* check StatusCode value */
|
||||
status = lasso_node_get_child(LASSO_PROFILE(login)->response,
|
||||
"Status", lassoSamlProtocolHRef, NULL);
|
||||
"Status", lassoSamlProtocolHRef, &err);
|
||||
if (status == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Status element not found in response.\n");
|
||||
ret = -9;
|
||||
goto done;
|
||||
}
|
||||
statusCode = lasso_node_get_child(status, "StatusCode", lassoSamlProtocolHRef, NULL);
|
||||
|
||||
statusCode = lasso_node_get_child(status, "StatusCode", lassoSamlProtocolHRef, &err);
|
||||
if (statusCode == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "StatusCode element not found in Status.\n");
|
||||
ret = -8;
|
||||
goto done;
|
||||
}
|
||||
statusCode_value = lasso_node_get_attr_value(statusCode, "Value", &err);
|
||||
if (err == NULL) {
|
||||
if (statusCode_value != NULL) {
|
||||
if (!xmlStrEqual(statusCode_value, lassoSamlStatusCodeSuccess)) {
|
||||
ret = -7;
|
||||
}
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_ERROR, err->message);
|
||||
ret = err->code;
|
||||
g_error_free(err);
|
||||
}
|
||||
|
||||
done:
|
||||
if (err != NULL) {
|
||||
if (err->code < 0) {
|
||||
message(G_LOG_LEVEL_CRITICAL, err->message);
|
||||
ret = err->code;
|
||||
g_clear_error(&err);
|
||||
}
|
||||
}
|
||||
xmlFree(statusCode_value);
|
||||
lasso_node_destroy(statusCode);
|
||||
lasso_node_destroy(status);
|
||||
|
@ -665,7 +690,8 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login,
|
|||
gchar *protocolProfile;
|
||||
xmlChar *md_authnRequestsSigned;
|
||||
gboolean must_verify_signature = FALSE;
|
||||
gint signature_status = 0;
|
||||
gint ret = 0;
|
||||
GError *err = NULL;
|
||||
|
||||
if (authn_request_method != lassoHttpMethodRedirect && \
|
||||
authn_request_method != lassoHttpMethodGet && \
|
||||
|
@ -744,26 +770,27 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login,
|
|||
case lassoHttpMethodGet:
|
||||
case lassoHttpMethodRedirect:
|
||||
debug("Query signature has been verified\n");
|
||||
signature_status = lasso_query_verify_signature(authn_request_msg,
|
||||
remote_provider->public_key,
|
||||
LASSO_PROFILE(login)->server->private_key);
|
||||
ret = lasso_query_verify_signature(authn_request_msg,
|
||||
remote_provider->public_key,
|
||||
LASSO_PROFILE(login)->server->private_key);
|
||||
break;
|
||||
case lassoHttpMethodPost:
|
||||
signature_status = lasso_node_verify_signature(LASSO_PROFILE(login)->request,
|
||||
remote_provider->ca_certificate);
|
||||
ret = lasso_node_verify_signature(LASSO_PROFILE(login)->request,
|
||||
remote_provider->ca_certificate,
|
||||
NULL);
|
||||
break;
|
||||
}
|
||||
|
||||
/* Modify StatusCode if signature is not OK */
|
||||
if (signature_status == 0 || signature_status == 2) {
|
||||
switch (signature_status) {
|
||||
case 0: /* Invalid Signature */
|
||||
if (ret == LASSO_DS_ERROR_INVALID_SIGNATURE || ret == LASSO_DS_ERROR_SIGNATURE_NOTFOUND) {
|
||||
switch (ret) {
|
||||
case LASSO_DS_ERROR_INVALID_SIGNATURE:
|
||||
lasso_profile_set_response_status(LASSO_PROFILE(login),
|
||||
lassoLibStatusCodeInvalidSignature);
|
||||
lassoLibStatusCodeInvalidSignature);
|
||||
break;
|
||||
case 2: /* Unsigned AuthnRequest */
|
||||
case LASSO_DS_ERROR_SIGNATURE_NOTFOUND: /* Unsigned AuthnRequest */
|
||||
lasso_profile_set_response_status(LASSO_PROFILE(login),
|
||||
lassoLibStatusCodeUnsignedAuthnRequest);
|
||||
lassoLibStatusCodeUnsignedAuthnRequest);
|
||||
break;
|
||||
}
|
||||
return (-2);
|
||||
|
@ -871,7 +898,7 @@ lasso_login_process_request_msg(LassoLogin *login,
|
|||
gchar *request_msg)
|
||||
{
|
||||
LASSO_PROFILE(login)->request = lasso_request_new_from_export(request_msg,
|
||||
lassoNodeExportTypeSoap);
|
||||
lassoNodeExportTypeSoap);
|
||||
LASSO_PROFILE(login)->request_type = lassoMessageTypeRequest;
|
||||
|
||||
login->assertionArtifact = lasso_node_get_child_content(LASSO_PROFILE(login)->request,
|
||||
|
@ -886,7 +913,7 @@ lasso_login_process_response_msg(LassoLogin *login,
|
|||
gchar *response_msg)
|
||||
{
|
||||
LASSO_PROFILE(login)->response = lasso_response_new_from_export(response_msg,
|
||||
lassoNodeExportTypeSoap);
|
||||
lassoNodeExportTypeSoap);
|
||||
LASSO_PROFILE(login)->response_type = lassoMessageTypeResponse;
|
||||
|
||||
return (lasso_login_process_response_status_and_assertion(login));
|
||||
|
|
|
@ -94,7 +94,8 @@ lasso_logout_build_request_msg(LassoLogout *logout)
|
|||
lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request),
|
||||
profile->server->signature_method,
|
||||
profile->server->private_key,
|
||||
profile->server->certificate);
|
||||
profile->server->certificate,
|
||||
NULL);
|
||||
|
||||
profile->msg_url = lasso_provider_get_soapEndpoint(provider);
|
||||
profile->msg_body = lasso_node_export_to_soap(profile->request);
|
||||
|
|
|
@ -75,7 +75,8 @@ lasso_register_name_identifier_build_request_msg(LassoRegisterNameIdentifier *re
|
|||
lasso_samlp_request_abstract_set_signature(LASSO_SAMLP_REQUEST_ABSTRACT(profile->request),
|
||||
profile->server->signature_method,
|
||||
profile->server->private_key,
|
||||
profile->server->certificate);
|
||||
profile->server->certificate,
|
||||
NULL);
|
||||
|
||||
profile->msg_url = lasso_provider_get_soapEndpoint(provider);
|
||||
profile->msg_body = lasso_node_export_to_soap(profile->request);
|
||||
|
|
|
@ -23,6 +23,8 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#include "errors.h"
|
||||
|
||||
#include <xmlsec/templates.h>
|
||||
#include <xmlsec/crypto.h>
|
||||
|
||||
|
@ -34,19 +36,24 @@ The schema fragment ():
|
|||
*/
|
||||
|
||||
gint
|
||||
lasso_ds_signature_sign(LassoDsSignature *node,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file)
|
||||
lasso_ds_signature_sign(LassoDsSignature *node,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
xmlNodePtr signature = LASSO_NODE_GET_CLASS(node)->get_xmlNode(LASSO_NODE(node));
|
||||
xmlSecDSigCtxPtr dsig_ctx;
|
||||
gint ret = 0;
|
||||
|
||||
g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
|
||||
|
||||
/* create signature context */
|
||||
dsig_ctx = xmlSecDSigCtxCreate(NULL);
|
||||
if(dsig_ctx == NULL) {
|
||||
debug("Failed to create signature context.\n");
|
||||
return(-1);
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_CONTEXT_CREATION_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED));
|
||||
return(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED);
|
||||
}
|
||||
|
||||
/* load private key, assuming that there is not password */
|
||||
|
@ -54,22 +61,31 @@ lasso_ds_signature_sign(LassoDsSignature *node,
|
|||
xmlSecKeyDataFormatPem,
|
||||
NULL, NULL, NULL);
|
||||
if(dsig_ctx->signKey == NULL) {
|
||||
ret = -2;
|
||||
debug("Failed to load private pem key from \"%s\"\n", private_key_file);
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED),
|
||||
private_key_file);
|
||||
ret = LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* load certificate and add to the key */
|
||||
if(xmlSecCryptoAppKeyCertLoad(dsig_ctx->signKey, certificate_file,
|
||||
xmlSecKeyDataFormatPem) < 0) {
|
||||
ret = -3;
|
||||
debug("Failed to load pem certificate \"%s\"\n", certificate_file);
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED),
|
||||
certificate_file);
|
||||
ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* sign the template */
|
||||
if(xmlSecDSigCtxSign(dsig_ctx, signature) < 0) {
|
||||
debug("Signature failed.\n");
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_SIGNATURE_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_SIGNATURE_FAILED));
|
||||
ret = LASSO_DS_ERROR_SIGNATURE_FAILED;
|
||||
}
|
||||
|
||||
done:
|
||||
|
@ -140,28 +156,28 @@ LassoNode* lasso_ds_signature_new(LassoNode *node,
|
|||
signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
|
||||
sign_method, NULL);
|
||||
if (signature == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to create signature template\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to create signature template\n");
|
||||
}
|
||||
reference = xmlSecTmplSignatureAddReference(signature,
|
||||
xmlSecTransformSha1Id,
|
||||
NULL, NULL, NULL);
|
||||
if (reference == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to add reference to signature template\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to add reference to signature template\n");
|
||||
}
|
||||
|
||||
/* add enveloped transform */
|
||||
if (xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId) == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to add enveloped transform to reference\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to add enveloped transform to reference\n");
|
||||
}
|
||||
|
||||
/* add <dsig:KeyInfo/> and <dsig:X509Data/> */
|
||||
key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL);
|
||||
if(key_info == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to add key info\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to add key info\n");
|
||||
}
|
||||
|
||||
if(xmlSecTmplKeyInfoAddX509Data(key_info) == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to add X509Data node\n");
|
||||
message(G_LOG_LEVEL_CRITICAL, "Failed to add X509Data node\n");
|
||||
}
|
||||
|
||||
LASSO_NODE_GET_CLASS(sign_node)->set_xmlNode(sign_node, signature);
|
||||
|
|
|
@ -57,9 +57,10 @@ LASSO_EXPORT GType lasso_ds_signature_get_type(void);
|
|||
LASSO_EXPORT LassoNode* lasso_ds_signature_new(LassoNode *node,
|
||||
xmlSecTransformId sign_method);
|
||||
|
||||
LASSO_EXPORT gint lasso_ds_signature_sign (LassoDsSignature *node,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file);
|
||||
LASSO_EXPORT gint lasso_ds_signature_sign (LassoDsSignature *node,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -24,10 +24,14 @@
|
|||
*/
|
||||
|
||||
#include "errors.h"
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
const char*
|
||||
lasso_strerror(int error_code)
|
||||
{
|
||||
char msg[256];
|
||||
|
||||
switch (error_code) {
|
||||
case LASSO_XML_ERROR_NODE_NOTFOUND:
|
||||
return "Unable to get '%s' child of '%s' element.\n";
|
||||
|
@ -37,7 +41,35 @@ lasso_strerror(int error_code)
|
|||
return "Unable to get '%s' attribute of '%s' element.\n";
|
||||
case LASSO_XML_ERROR_ATTR_VALUE_NOTFOUND:
|
||||
return "Unable to get '%s' attribute value of '%s' element.\n";
|
||||
|
||||
case LASSO_DS_ERROR_CONTEXT_CREATION_FAILED:
|
||||
return "Failed to create signature context.\n";
|
||||
case LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED:
|
||||
return "Failed to load public key %s.\n";
|
||||
case LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED:
|
||||
return "Failed to load private key %s.\n";
|
||||
case LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED:
|
||||
return "Failed to load certificate %s.\n";
|
||||
case LASSO_DS_ERROR_SIGNATURE_FAILED:
|
||||
return "Failed to sign the node.\n";
|
||||
case LASSO_DS_ERROR_SIGNATURE_NOTFOUND:
|
||||
return "Signature element not found in %s.\n";
|
||||
case LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED:
|
||||
return "Failed to create keys manager.\n";
|
||||
case LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED:
|
||||
return "Failed to initialize keys manager.\n";
|
||||
case LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED:
|
||||
return "Failed to verify signature of %s.\n";
|
||||
case LASSO_DS_ERROR_INVALID_SIGNATURE:
|
||||
return "The signature of %s is invalid.\n";
|
||||
|
||||
case LASSO_PARAM_ERROR_INVALID_OBJ_TYPE:
|
||||
return "The type of an object provided as parameter is invalid.\n";
|
||||
case LASSO_PARAM_ERROR_INVALID_VALUE:
|
||||
return "The value of a parameter is invalid.\n";
|
||||
|
||||
default:
|
||||
return "Undefined error code !!!\n";
|
||||
sprintf(msg, "Undefined error code %d !!!", error_code);
|
||||
return(strdup(msg));
|
||||
}
|
||||
}
|
||||
|
|
|
@ -28,4 +28,22 @@
|
|||
#define LASSO_XML_ERROR_ATTR_NOTFOUND -3
|
||||
#define LASSO_XML_ERROR_ATTR_VALUE_NOTFOUND -4
|
||||
|
||||
#define LASSO_XML_ERROR_UNDEFINED -99
|
||||
|
||||
#define LASSO_DS_ERROR_CONTEXT_CREATION_FAILED -101
|
||||
#define LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED -102
|
||||
#define LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED -103
|
||||
#define LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED -104
|
||||
#define LASSO_DS_ERROR_SIGNATURE_FAILED -105
|
||||
#define LASSO_DS_ERROR_SIGNATURE_NOTFOUND -106
|
||||
#define LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED -107
|
||||
#define LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED -108
|
||||
#define LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED -109
|
||||
#define LASSO_DS_ERROR_INVALID_SIGNATURE -110
|
||||
|
||||
#define LASSO_PARAM_ERROR_INVALID_OBJ_TYPE -201
|
||||
#define LASSO_PARAM_ERROR_INVALID_VALUE -202
|
||||
|
||||
#define LASSO_ERR_ERROR_CHECK_FAILED -666
|
||||
|
||||
const char* lasso_strerror(int error_code);
|
||||
|
|
|
@ -23,6 +23,8 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#include "errors.h"
|
||||
|
||||
#include <lasso/xml/saml_assertion.h>
|
||||
|
||||
/*
|
||||
|
@ -245,18 +247,29 @@ lasso_saml_assertion_set_minorVersion(LassoSamlAssertion *node,
|
|||
}
|
||||
|
||||
gint
|
||||
lasso_saml_assertion_set_signature(LassoSamlAssertion *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file)
|
||||
lasso_saml_assertion_set_signature(LassoSamlAssertion *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
gint ret;
|
||||
GError *tmp_err = NULL;
|
||||
|
||||
g_assert(LASSO_IS_SAML_ASSERTION(node));
|
||||
g_assert(private_key_file != NULL);
|
||||
g_assert(certificate_file != NULL);
|
||||
g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
|
||||
|
||||
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
|
||||
return (class->add_signature(LASSO_NODE (node), sign_method,
|
||||
private_key_file, certificate_file));
|
||||
|
||||
ret = class->add_signature(LASSO_NODE (node), sign_method,
|
||||
private_key_file, certificate_file, &tmp_err);
|
||||
if (ret < 0) {
|
||||
g_propagate_error (err, tmp_err);
|
||||
}
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
|
|
@ -90,10 +90,11 @@ LASSO_EXPORT void lasso_saml_assertion_set_majorVersion (LassoSamlAss
|
|||
LASSO_EXPORT void lasso_saml_assertion_set_minorVersion (LassoSamlAssertion *node,
|
||||
const xmlChar *minorVersion);
|
||||
|
||||
LASSO_EXPORT gint lasso_saml_assertion_set_signature (LassoSamlAssertion *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file);
|
||||
LASSO_EXPORT gint lasso_saml_assertion_set_signature (LassoSamlAssertion *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -23,6 +23,8 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#include "errors.h"
|
||||
|
||||
#include <lasso/xml/samlp_request_abstract.h>
|
||||
|
||||
/*
|
||||
|
@ -111,19 +113,30 @@ lasso_samlp_request_abstract_set_requestID(LassoSamlpRequestAbstract *node,
|
|||
class->set_prop(LASSO_NODE (node), "RequestID", requestID);
|
||||
}
|
||||
|
||||
void
|
||||
lasso_samlp_request_abstract_set_signature(LassoSamlpRequestAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file)
|
||||
gint
|
||||
lasso_samlp_request_abstract_set_signature(LassoSamlpRequestAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
gint ret;
|
||||
GError *tmp_err = NULL;
|
||||
|
||||
g_assert(LASSO_IS_SAMLP_REQUEST_ABSTRACT(node));
|
||||
g_assert(private_key_file != NULL);
|
||||
g_assert(certificate_file != NULL);
|
||||
g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
|
||||
|
||||
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
|
||||
class->add_signature(LASSO_NODE (node), sign_method,
|
||||
private_key_file, certificate_file);
|
||||
|
||||
ret = class->add_signature(LASSO_NODE (node), sign_method,
|
||||
private_key_file, certificate_file, &tmp_err);
|
||||
if (ret < 0) {
|
||||
g_propagate_error (err, tmp_err);
|
||||
}
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
|
|
@ -70,10 +70,11 @@ LASSO_EXPORT void lasso_samlp_request_abstract_set_minorVersion (LassoSamlpRequ
|
|||
LASSO_EXPORT void lasso_samlp_request_abstract_set_requestID (LassoSamlpRequestAbstract *node,
|
||||
const xmlChar *requestID);
|
||||
|
||||
LASSO_EXPORT void lasso_samlp_request_abstract_set_signature (LassoSamlpRequestAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file);
|
||||
LASSO_EXPORT gint lasso_samlp_request_abstract_set_signature (LassoSamlpRequestAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -23,6 +23,8 @@
|
|||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
|
||||
#include "errors.h"
|
||||
|
||||
#include <lasso/xml/samlp_response_abstract.h>
|
||||
|
||||
/*
|
||||
|
@ -126,19 +128,30 @@ lasso_samlp_response_abstract_set_responseID(LassoSamlpResponseAbstract *node,
|
|||
class->set_prop(LASSO_NODE (node), "ResponseID", responseID);
|
||||
}
|
||||
|
||||
void
|
||||
lasso_samlp_response_abstract_set_signature(LassoSamlpResponseAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file)
|
||||
gint
|
||||
lasso_samlp_response_abstract_set_signature(LassoSamlpResponseAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
gint ret;
|
||||
GError *tmp_err = NULL;
|
||||
|
||||
g_assert(LASSO_IS_SAMLP_RESPONSE_ABSTRACT(node));
|
||||
g_assert(private_key_file != NULL);
|
||||
g_assert(certificate_file != NULL);
|
||||
|
||||
g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
|
||||
|
||||
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
|
||||
class->add_signature(LASSO_NODE (node), sign_method,
|
||||
private_key_file, certificate_file);
|
||||
|
||||
ret = class->add_signature(LASSO_NODE (node), sign_method,
|
||||
private_key_file, certificate_file, &tmp_err);
|
||||
if (ret < 0) {
|
||||
g_propagate_error (err, tmp_err);
|
||||
}
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
|
|
@ -73,10 +73,11 @@ LASSO_EXPORT void lasso_samlp_response_abstract_set_recipient (LassoSamlpRes
|
|||
LASSO_EXPORT void lasso_samlp_response_abstract_set_responseID (LassoSamlpResponseAbstract *node,
|
||||
const xmlChar *responseID);
|
||||
|
||||
LASSO_EXPORT void lasso_samlp_response_abstract_set_signature (LassoSamlpResponseAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file);
|
||||
LASSO_EXPORT gint lasso_samlp_response_abstract_set_signature (LassoSamlpResponseAbstract *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -399,13 +399,14 @@ lasso_node_rename_prop(LassoNode *node,
|
|||
* Return value: 1 if signature is valid, 0 if invalid. -1 if an error occurs.
|
||||
**/
|
||||
gint
|
||||
lasso_node_verify_signature(LassoNode *node,
|
||||
const gchar *certificate_file)
|
||||
lasso_node_verify_signature(LassoNode *node,
|
||||
const gchar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
g_return_val_if_fail (LASSO_IS_NODE(node), -1);
|
||||
|
||||
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
|
||||
return (class->verify_signature(node, certificate_file));
|
||||
return (class->verify_signature(node, certificate_file, err));
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
|
@ -424,15 +425,17 @@ lasso_node_add_child(LassoNode *node,
|
|||
}
|
||||
|
||||
static gint
|
||||
lasso_node_add_signature(LassoNode *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file)
|
||||
lasso_node_add_signature(LassoNode *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
g_return_val_if_fail(LASSO_IS_NODE(node), -1);
|
||||
|
||||
LassoNodeClass *class = LASSO_NODE_GET_CLASS(node);
|
||||
return (class->add_signature(node, sign_method, private_key_file, certificate_file));
|
||||
return (class->add_signature(node, sign_method, private_key_file,
|
||||
certificate_file, err));
|
||||
}
|
||||
|
||||
static gchar *
|
||||
|
@ -968,18 +971,19 @@ lasso_node_impl_rename_prop(LassoNode *node,
|
|||
}
|
||||
|
||||
static gint
|
||||
lasso_node_impl_verify_signature(LassoNode *node,
|
||||
const gchar *certificate_file)
|
||||
lasso_node_impl_verify_signature(LassoNode *node,
|
||||
const gchar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
xmlDocPtr doc = xmlNewDoc("1.0");
|
||||
xmlNodePtr xmlNode_copy = NULL;
|
||||
xmlNodePtr signature = NULL;
|
||||
xmlSecKeysMngrPtr mngr = NULL;
|
||||
xmlSecDSigCtxPtr dsigCtx = NULL;
|
||||
gint ret = -3;
|
||||
gint ret = 0;
|
||||
|
||||
g_return_val_if_fail (LASSO_IS_NODE(node), -4);
|
||||
g_return_val_if_fail (certificate_file != NULL, -5);
|
||||
g_return_val_if_fail (LASSO_IS_NODE(node), LASSO_PARAM_ERROR_INVALID_OBJ_TYPE);
|
||||
g_return_val_if_fail (certificate_file != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||
|
||||
/* create a copy of the xmlNode (node->private->node) of @node */
|
||||
xmlNode_copy = xmlCopyNode(lasso_node_get_xmlNode(node), 1);
|
||||
|
@ -991,20 +995,28 @@ lasso_node_impl_verify_signature(LassoNode *node,
|
|||
signature = xmlSecFindNode(xmlNode_copy, xmlSecNodeSignature,
|
||||
xmlSecDSigNs);
|
||||
if (signature == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Signature element not found.\n");
|
||||
ret = -2;
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_SIGNATURE_NOTFOUND,
|
||||
lasso_strerror(LASSO_DS_ERROR_SIGNATURE_NOTFOUND));
|
||||
ret = LASSO_DS_ERROR_SIGNATURE_NOTFOUND;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* create simple keys mngr */
|
||||
mngr = xmlSecKeysMngrCreate();
|
||||
if (mngr == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to create keys manager.\n");
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED));
|
||||
ret = LASSO_DS_ERROR_KEYS_MNGR_CREATION_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to initialize keys manager.\n");
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED));
|
||||
ret = LASSO_DS_ERROR_KEYS_MNGR_INIT_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -1012,21 +1024,30 @@ lasso_node_impl_verify_signature(LassoNode *node,
|
|||
if (xmlSecCryptoAppKeysMngrCertLoad(mngr, certificate_file,
|
||||
xmlSecKeyDataFormatPem,
|
||||
xmlSecKeyDataTypeTrusted) < 0) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to load pem certificate from \"%s\".\n",
|
||||
certificate_file);
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED),
|
||||
certificate_file);
|
||||
ret = LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* create signature context */
|
||||
dsigCtx = xmlSecDSigCtxCreate(mngr);
|
||||
if (dsigCtx == NULL) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to create signature context.\n");
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_CONTEXT_CREATION_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_CONTEXT_CREATION_FAILED));
|
||||
ret = LASSO_DS_ERROR_CONTEXT_CREATION_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* verify signature */
|
||||
if (xmlSecDSigCtxVerify(dsigCtx, signature) < 0) {
|
||||
message(G_LOG_LEVEL_ERROR, "Failed to verify signature.\n");
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED,
|
||||
lasso_strerror(LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED));
|
||||
ret = LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
|
||||
goto done;
|
||||
}
|
||||
|
||||
|
@ -1034,8 +1055,11 @@ lasso_node_impl_verify_signature(LassoNode *node,
|
|||
ret = 0;
|
||||
}
|
||||
else {
|
||||
message(G_LOG_LEVEL_ERROR, "The signature of response is invalid.\n");
|
||||
ret = -1;
|
||||
g_set_error(err, g_quark_from_string("Lasso"),
|
||||
LASSO_DS_ERROR_INVALID_SIGNATURE,
|
||||
lasso_strerror(LASSO_DS_ERROR_INVALID_SIGNATURE),
|
||||
node->private->node->name);
|
||||
ret = LASSO_DS_ERROR_INVALID_SIGNATURE;
|
||||
}
|
||||
|
||||
done:
|
||||
|
@ -1058,7 +1082,7 @@ lasso_node_impl_add_child(LassoNode *node,
|
|||
gboolean unbounded)
|
||||
{
|
||||
xmlNodePtr old_child = NULL;
|
||||
const xmlChar *href = NULL;
|
||||
const xmlChar *href = NULL;
|
||||
|
||||
g_return_if_fail (LASSO_IS_NODE(node));
|
||||
g_return_if_fail (LASSO_IS_NODE(child));
|
||||
|
@ -1085,13 +1109,17 @@ lasso_node_impl_add_child(LassoNode *node,
|
|||
}
|
||||
|
||||
static gint
|
||||
lasso_node_impl_add_signature(LassoNode *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file)
|
||||
lasso_node_impl_add_signature(LassoNode *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err)
|
||||
{
|
||||
LassoNode *signature = NULL;
|
||||
gint ret = 0;
|
||||
GError *tmp_err = NULL;
|
||||
|
||||
g_return_val_if_fail (err == NULL || *err == NULL, LASSO_ERR_ERROR_CHECK_FAILED);
|
||||
|
||||
switch (sign_method) {
|
||||
case lassoSignatureMethodRsaSha1:
|
||||
|
@ -1104,8 +1132,13 @@ lasso_node_impl_add_signature(LassoNode *node,
|
|||
lasso_node_add_child(node, signature, TRUE);
|
||||
ret = lasso_ds_signature_sign(LASSO_DS_SIGNATURE(signature),
|
||||
private_key_file,
|
||||
certificate_file);
|
||||
certificate_file,
|
||||
&tmp_err);
|
||||
lasso_node_destroy(signature);
|
||||
if (ret < 0) {
|
||||
ret = tmp_err->code;
|
||||
g_propagate_error(err, tmp_err);
|
||||
}
|
||||
|
||||
return (ret);
|
||||
}
|
||||
|
@ -1192,7 +1225,7 @@ lasso_node_impl_new_child(LassoNode *node,
|
|||
{
|
||||
/* LassoNode *old_child = NULL; */
|
||||
xmlNodePtr old_child = NULL;
|
||||
const xmlChar *href = NULL;
|
||||
const xmlChar *href = NULL;
|
||||
|
||||
g_return_if_fail (LASSO_IS_NODE(node));
|
||||
g_return_if_fail (name != NULL);
|
||||
|
@ -1451,8 +1484,8 @@ lasso_node_class_init(LassoNodeClass *class)
|
|||
class->set_prop = lasso_node_impl_set_prop;
|
||||
class->set_xmlNode = lasso_node_impl_set_xmlNode;
|
||||
/* override parent class methods */
|
||||
gobject_class->dispose = lasso_node_dispose;
|
||||
gobject_class->finalize = lasso_node_finalize;
|
||||
gobject_class->dispose = (void *)lasso_node_dispose;
|
||||
gobject_class->finalize = (void *)lasso_node_finalize;
|
||||
}
|
||||
|
||||
GType lasso_node_get_type() {
|
||||
|
|
|
@ -106,15 +106,17 @@ struct _LassoNodeClass {
|
|||
const xmlChar *old_name,
|
||||
const xmlChar *new_name);
|
||||
gint (* verify_signature) (LassoNode *node,
|
||||
const gchar *certificate_file);
|
||||
const gchar *certificate_file,
|
||||
GError **err);
|
||||
/*< private >*/
|
||||
void (* add_child) (LassoNode *node,
|
||||
LassoNode *child,
|
||||
gboolean unbounded);
|
||||
gint (* add_signature) (LassoNode *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file);
|
||||
gint (* add_signature) (LassoNode *node,
|
||||
gint sign_method,
|
||||
const xmlChar *private_key_file,
|
||||
const xmlChar *certificate_file,
|
||||
GError **err);
|
||||
gchar* (* build_query) (LassoNode *node);
|
||||
xmlNodePtr (* get_xmlNode) (LassoNode *node);
|
||||
void (* new_child) (LassoNode *node,
|
||||
|
@ -192,12 +194,13 @@ LASSO_EXPORT void lasso_node_import (LassoNode *node,
|
|||
LASSO_EXPORT void lasso_node_import_from_node (LassoNode *node,
|
||||
LassoNode *imported_node);
|
||||
|
||||
LASSO_EXPORT void lasso_node_rename_prop (LassoNode *node,
|
||||
LASSO_EXPORT void lasso_node_rename_prop (LassoNode *node,
|
||||
const xmlChar *old_name,
|
||||
const xmlChar *new_name);
|
||||
|
||||
LASSO_EXPORT gint lasso_node_verify_signature (LassoNode *node,
|
||||
const gchar *certificate_file);
|
||||
LASSO_EXPORT gint lasso_node_verify_signature (LassoNode *node,
|
||||
const gchar *certificate_file,
|
||||
GError **err);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
@ -72,6 +72,7 @@ PyObject *saml_assertion_set_signature(PyObject *self, PyObject *args) {
|
|||
gint sign_method;
|
||||
const xmlChar *private_key_file;
|
||||
const xmlChar *certificate_file;
|
||||
int ret;
|
||||
|
||||
if (CheckArgs(args, "OISS:saml_assertion_set_signature")) {
|
||||
if(!PyArg_ParseTuple(args, (char *) "Oiss:saml_assertion_set_signature",
|
||||
|
@ -81,9 +82,12 @@ PyObject *saml_assertion_set_signature(PyObject *self, PyObject *args) {
|
|||
}
|
||||
else return NULL;
|
||||
|
||||
lasso_saml_assertion_set_signature(LassoSamlAssertion_get(node_obj),
|
||||
sign_method,
|
||||
private_key_file, certificate_file);
|
||||
ret = lasso_saml_assertion_set_signature(LassoSamlAssertion_get(node_obj),
|
||||
sign_method,
|
||||
private_key_file, certificate_file,
|
||||
NULL);
|
||||
/* FIXME generate an exception here */
|
||||
|
||||
Py_INCREF(Py_None);
|
||||
return (Py_None);
|
||||
}
|
||||
|
|
|
@ -207,7 +207,8 @@ PyObject *node_verify_signature(PyObject *self, PyObject *args) {
|
|||
else return NULL;
|
||||
|
||||
ret = lasso_node_verify_signature(LassoNode_get(node_obj),
|
||||
certificate_file);
|
||||
certificate_file, NULL);
|
||||
/* FIXME generate an exception here */
|
||||
|
||||
return (int_wrap(ret));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue