22
22
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25
#include <libxml/xpath.h>
26
#include <libxml/xpathInternals.h>
28
#include <xmlsec/xmltree.h>
29
#include <xmlsec/xmldsig.h>
30
#include <xmlsec/templates.h>
31
#include <xmlsec/crypto.h>
25
33
#include <lasso/id-wsf/wsf_profile.h>
26
34
#include <lasso/xml/disco_modify.h>
27
35
#include <lasso/xml/soap_fault.h>
51
56
GList *credentials;
59
gint lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile,
60
xmlDoc *doc, xmlSecKey *public_key);
61
static gboolean lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile);
62
static gboolean lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile);
63
static gint lasso_wsf_profile_verify_credential_signature(
64
LassoWsfProfile *profile, xmlDoc *doc, xmlNode *credential);
65
static gint lasso_wsf_profile_add_credential_signature(LassoWsfProfile *profile,
66
xmlDoc *doc, xmlNode *credential, LassoSignatureMethod sign_method);
67
static xmlSecKey* lasso_wsf_profile_get_public_key_from_credential(
68
LassoWsfProfile *profile, xmlNode *credential);
69
static gint lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile, xmlDoc *doc);
70
static gint lasso_wsf_profile_add_soap_signature(LassoWsfProfile *profile,
71
xmlDoc *doc, xmlNode *envelope_node, LassoSignatureMethod sign_method);
72
static int lasso_wsf_profile_ensure_soap_credentials_signature(
73
LassoWsfProfile *profile, xmlDoc *doc, xmlNode *soap_envelope);
74
static LassoDiscoDescription* lasso_wsf_profile_get_description_auto(
75
LassoDiscoServiceInstance *si, const gchar *security_mech_id);
54
77
/*****************************************************************************/
55
78
/* private methods */
56
79
/*****************************************************************************/
118
141
return profile->private_data->fault;
122
145
lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile)
125
148
gchar *security_mech_id;
127
if (!profile->private_data->description)
150
if (profile->private_data->description == NULL)
130
153
iter = profile->private_data->description->SecurityMechID;
132
155
security_mech_id = iter->data;
133
if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 || \
134
strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 || \
135
strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0) {
156
if (strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0 ||
157
strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 ||
158
strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0) {
161
iter = g_list_next(iter);
146
168
lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile)
149
171
gchar *security_mech_id;
151
if (!profile->private_data->description)
173
if (profile->private_data->description == NULL)
154
176
iter = profile->private_data->description->SecurityMechID;
156
178
security_mech_id = iter->data;
157
if (strcmp(security_mech_id, LASSO_SECURITY_MECH_X509) == 0 || \
158
strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_X509) == 0 || \
159
strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_X509) == 0) {
179
if (strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_X509) == 0 ||
180
strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_X509) == 0 ||
181
strcmp(security_mech_id, LASSO_SECURITY_MECH_X509) == 0) {
184
iter = g_list_next(iter);
172
193
if (!security_mech_id)
175
if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 || \
176
strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 || \
177
strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0)
196
if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 ||
197
strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 ||
198
strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0)
201
222
xmlSecDSigCtx *dsigCtx;
205
226
/* Retrieve provider id of credential signer . Issuer could be the right place */
206
issuer = xmlGetProp(credential, "Issuer");
209
lasso_provider = lasso_server_get_provider(profile->server, issuer);
227
issuer = xmlGetProp(credential, (xmlChar*)"Issuer");
228
if (issuer == NULL) {
229
return LASSO_PROFILE_ERROR_MISSING_ISSUER;
232
lasso_provider = lasso_server_get_provider(profile->server, (char*)issuer);
233
if (lasso_provider == NULL) {
234
return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND;
213
237
/* Set credential reference */
214
238
id_attr = xmlHasProp(credential, (xmlChar *)"AssertionID");
234
257
/* Case of simple public key signature type */
235
258
if (keys_mngr == NULL) {
236
if (lasso_provider != NULL)
237
dsigCtx->signKey = lasso_provider_get_public_key(lasso_provider);
238
else if (profile->private_data->public_key) {
259
if (lasso_provider != NULL) {
260
dsigCtx->signKey = xmlSecKeyDuplicate(
261
lasso_provider_get_public_key(lasso_provider));
262
} else if (profile->private_data->public_key) {
241
265
if (dsigCtx->signKey == NULL) {
263
287
/* Remove uneeded signature node */
264
288
xmlUnlinkNode(node);
271
295
lasso_wsf_profile_add_credential_signature(LassoWsfProfile *profile,
272
xmlDoc *doc, xmlNode *credential,
273
LassoSignatureMethod sign_method)
296
xmlDoc *doc, xmlNode *credential, LassoSignatureMethod sign_method)
275
xmlNode *signature = NULL, *sign_tmpl, *reference, *key_info, *t;
298
xmlNode *signature = NULL, *sign_tmpl, *reference, *key_info;
279
301
xmlAttr *id_attr;
311
333
/* Sign SOAP message */
312
334
sign_tmpl = xmlSecFindNode(credential, xmlSecNodeSignature, xmlSecDSigNs);
313
335
if (sign_tmpl == NULL)
336
return LASSO_DS_ERROR_SIGNATURE_TEMPLATE_NOT_FOUND;
316
338
dsigCtx = xmlSecDSigCtxCreate(NULL);
317
339
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(profile->server->private_key,
318
340
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
319
341
if (dsigCtx->signKey == NULL) {
320
342
xmlSecDSigCtxDestroy(dsigCtx);
343
return LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED;
323
345
if (profile->server->certificate != NULL && profile->server->certificate[0] != 0) {
324
346
if (xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, profile->server->certificate,
325
xmlSecKeyDataFormatPem) < 0) {
326
xmlSecDSigCtxDestroy(dsigCtx);
347
xmlSecKeyDataFormatPem) < 0) {
348
xmlSecDSigCtxDestroy(dsigCtx);
349
return LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED;
331
353
if (xmlSecDSigCtxSign(dsigCtx, sign_tmpl) < 0) {
332
354
xmlSecDSigCtxDestroy(dsigCtx);
355
return LASSO_DS_ERROR_SIGNATURE_FAILED;
335
357
xmlSecDSigCtxDestroy(dsigCtx);
341
363
lasso_wsf_profile_get_public_key_from_credential(LassoWsfProfile *profile, xmlNode *credential)
343
365
xmlNode *authentication_statement, *subject, *subject_confirmation, *key_info;
347
369
/* get AuthenticationStatement element */
348
370
authentication_statement = credential->children;
349
371
while (authentication_statement) {
350
if (authentication_statement->type == XML_ELEMENT_NODE && \
351
strcmp(authentication_statement->name, "AuthenticationStatement") == 0)
372
if (authentication_statement->type == XML_ELEMENT_NODE &&
373
strcmp((char*)authentication_statement->name,
374
"AuthenticationStatement") == 0)
353
376
authentication_statement = authentication_statement->next;
355
if (!authentication_statement) {
378
if (authentication_statement == NULL) {
359
382
/* get Subject element */
360
383
subject = authentication_statement->children;
361
384
while (subject) {
362
if (subject->type == XML_ELEMENT_NODE && strcmp(subject->name, "Subject") == 0)
385
if (subject->type == XML_ELEMENT_NODE &&
386
strcmp((char*)subject->name, "Subject") == 0)
364
388
subject = subject->next;
390
if (subject == NULL) {
370
394
/* get SubjectConfirmation */
371
395
subject_confirmation = subject->children;
372
396
while (subject_confirmation) {
373
if (subject_confirmation->type == XML_ELEMENT_NODE && \
374
strcmp(subject_confirmation->name, "SubjectConfirmation") == 0)
397
if (subject_confirmation->type == XML_ELEMENT_NODE &&
398
strcmp((char*)subject_confirmation->name, "SubjectConfirmation") == 0)
376
400
subject_confirmation = subject_confirmation->next;
378
if (!subject_confirmation) {
402
if (subject_confirmation == NULL) {
382
406
/* get KeyInfo */
383
407
key_info = subject_confirmation->children;
384
408
while (key_info) {
385
if (key_info->type == XML_ELEMENT_NODE && strcmp(key_info->name, "KeyInfo") == 0)
409
if (key_info->type == XML_ELEMENT_NODE &&
410
strcmp((char*)key_info->name, "KeyInfo") == 0)
387
412
key_info = key_info->next;
405
char *modulus_value, *exponent_value;
430
xmlChar *modulus_value, *exponent_value;
406
431
xmlNode *rsa_key_value, *xmlnode, *modulus, *exponent;
408
433
xmlnode = key_info->children;
409
434
while (xmlnode) {
410
if (strcmp(xmlnode->name, "KeyValue") == 0) {
435
if (strcmp((char*)xmlnode->name, "KeyValue") == 0) {
413
438
xmlnode = xmlnode->next;
415
440
rsa_key_value = xmlnode->children;
416
441
while (rsa_key_value) {
417
if (strcmp(rsa_key_value->name, "RsaKeyValue") == 0) {
442
if (strcmp((char*)rsa_key_value->name, "RsaKeyValue") == 0) {
420
445
rsa_key_value = rsa_key_value->next;
422
447
xmlnode = rsa_key_value->children;
423
448
while (xmlnode) {
424
if (strcmp(xmlnode->name, "Modulus") == 0)
449
if (strcmp((char*)xmlnode->name, "Modulus") == 0) {
425
450
modulus_value = xmlNodeGetContent(xmlnode);
426
else if (strcmp(xmlnode->name, "Exponent") == 0)
451
} else if (strcmp((char*)xmlnode->name, "Exponent") == 0) {
427
452
exponent_value = xmlNodeGetContent(xmlnode);
428
454
xmlnode = xmlnode->next;
431
doc = xmlSecCreateTree("KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
457
doc = xmlSecCreateTree((xmlChar*)"KeyInfo",
458
(xmlChar*)"http://www.w3.org/2000/09/xmldsig#");
432
459
key_info = xmlDocGetRootElement(doc);
434
xmlnode = xmlSecAddChild(key_info,
435
"KeyValue", "http://www.w3.org/2000/09/xmldsig#");
436
xmlnode = xmlSecAddChild(xmlnode,
437
"RSAKeyValue", "http://www.w3.org/2000/09/xmldsig#");
438
modulus = xmlSecAddChild(xmlnode,
439
"Modulus", "http://www.w3.org/2000/09/xmldsig#");
461
xmlnode = xmlSecAddChild(key_info, (xmlChar*)"KeyValue",
462
(xmlChar*)"http://www.w3.org/2000/09/xmldsig#");
463
xmlnode = xmlSecAddChild(xmlnode, (xmlChar*)"RSAKeyValue",
464
(xmlChar*)"http://www.w3.org/2000/09/xmldsig#");
465
modulus = xmlSecAddChild(xmlnode, (xmlChar*)"Modulus",
466
(xmlChar*)"http://www.w3.org/2000/09/xmldsig#");
440
467
xmlNodeSetContent(modulus, modulus_value);
442
exponent = xmlSecAddChild(xmlnode,
443
"Exponent", "http://www.w3.org/2000/09/xmldsig#");
469
exponent = xmlSecAddChild(xmlnode, (xmlChar*)"Exponent",
470
(xmlChar*)"http://www.w3.org/2000/09/xmldsig#");
444
471
xmlNodeSetContent(exponent, exponent_value);
447
474
xmlSecKeyInfoNodeRead(key_info, public_key, ctx);
448
/*xmlSecKeyDebugXmlDump(public_key, stdout);*/
450
476
return public_key;
454
480
lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile, xmlDoc *doc)
456
482
xmlXPathContext *xpathCtx = NULL;
457
483
xmlXPathObject *xpathObj;
458
484
xmlNode *credential;
459
485
xmlSecKey *public_key;
462
488
xpathCtx = xmlXPathNewContext(doc);
467
493
xpathObj = xmlXPathEvalExpression((xmlChar*)"//wsse:Security/saml:Assertion", xpathCtx);
469
495
/* FIXME: Need to consider more every credentials. */
470
if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr)
471
printf("OK ca a l'air bon ...\n");
496
if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) {
497
xmlXPathFreeContext(xpathCtx);
498
xmlXPathFreeObject(xpathObj);
499
return LASSO_PROFILE_ERROR_MISSING_ASSERTION;
476
503
credential = xpathObj->nodesetval->nodeTab[0];
477
505
res = lasso_wsf_profile_verify_credential_signature(profile, doc, credential);
478
if (res < 0) return res;
479
printf("credential signature is ok\n");
507
xmlXPathFreeContext(xpathCtx);
508
xmlXPathFreeObject(xpathObj);
481
512
public_key = lasso_wsf_profile_get_public_key_from_credential(profile, credential);
513
xmlXPathFreeContext(xpathCtx);
514
xmlXPathFreeObject(xpathObj);
485
printf("Xml sec public key found\n");
516
if (public_key == NULL) {
517
return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED;
487
520
res = lasso_wsf_profile_verify_x509_authentication(profile, doc, public_key);
521
xmlSecKeyDestroy(public_key);
490
printf("soap signature is ok\n");
496
lasso_wsf_profile_add_soap_signature(LassoWsfProfile *profile, xmlDoc *doc, xmlNode *envelope_node,
497
LassoSignatureMethod sign_method)
529
lasso_wsf_profile_add_soap_signature(LassoWsfProfile *profile,
530
xmlDoc *doc, xmlNode *envelope_node, LassoSignatureMethod sign_method)
499
532
xmlNode *signature = NULL, *sign_tmpl, *reference, *key_info, *t;
500
533
xmlNode *header = NULL, *provider = NULL, *correlation = NULL, *security = NULL;
502
535
xmlSecDSigCtx *dsigCtx;
506
538
xmlAttr *id_attr;
508
LassoSignatureType sign_type = LASSO_SIGNATURE_TYPE_WITHX509;
510
540
/* Get Correlation, Provider, Security, Body elements */
511
541
t = envelope_node->children;
513
if (strcmp((char *) t->name, "Header") == 0)
543
if (strcmp((char *) t->name, "Header") == 0) {
515
else if (strcmp((char *) t->name, "Body") == 0)
545
} else if (strcmp((char *) t->name, "Body") == 0) {
519
550
if (header == NULL)
551
return LASSO_SOAP_ERROR_MISSING_HEADER;
521
553
if (body == NULL)
554
return LASSO_SOAP_ERROR_MISSING_BODY;
524
556
t = header->children;
526
if (strcmp((char *) t->name, "Correlation") == 0)
558
if (strcmp((char *) t->name, "Correlation") == 0) {
528
else if (strcmp((char *) t->name, "Provider") == 0)
560
} else if (strcmp((char *) t->name, "Provider") == 0) {
530
else if (strcmp((char *) t->name, "Security") == 0)
562
} else if (strcmp((char *) t->name, "Security") == 0) {
534
567
if (correlation == NULL)
568
return LASSO_WSF_PROFILE_ERROR_MISSING_CORRELATION;
536
569
if (security == NULL)
570
return LASSO_WSF_PROFILE_ERROR_MISSING_SECURITY;
539
572
/* Add signature template */
540
573
if (sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) {
566
599
uri = g_strdup_printf("#%s", id);
567
600
reference = xmlSecTmplSignatureAddReference(signature, xmlSecTransformSha1Id,
568
601
NULL, (xmlChar *)uri, NULL);
570
603
xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId);
571
604
xmlSecTmplReferenceAddTransform(reference, xmlSecTransformExclC14NId);
572
605
id_attr = xmlHasProp(body, (xmlChar *)"id");
601
631
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
602
632
if (dsigCtx->signKey == NULL) {
603
633
xmlSecDSigCtxDestroy(dsigCtx);
634
return LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED;
606
636
if (profile->server->certificate != NULL && profile->server->certificate[0] != 0) {
607
637
if (xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, profile->server->certificate,
608
xmlSecKeyDataFormatPem) < 0) {
609
xmlSecDSigCtxDestroy(dsigCtx);
638
xmlSecKeyDataFormatPem) < 0) {
639
xmlSecDSigCtxDestroy(dsigCtx);
640
return LASSO_DS_ERROR_CERTIFICATE_LOAD_FAILED;
613
643
if (xmlSecDSigCtxSign(dsigCtx, sign_tmpl) < 0) {
614
644
xmlSecDSigCtxDestroy(dsigCtx);
645
return LASSO_DS_ERROR_SIGNATURE_FAILED;
617
647
xmlSecDSigCtxDestroy(dsigCtx);
644
674
if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) {
645
675
correlation = xpathObj->nodesetval->nodeTab[0];
677
if (correlation == NULL) {
678
xmlXPathFreeObject(xpathObj);
679
xmlXPathFreeContext(xpathCtx);
680
return LASSO_WSF_PROFILE_ERROR_MISSING_CORRELATION;
649
683
id_attr = xmlHasProp(correlation, (xmlChar *)"id");
650
684
id = xmlGetProp(correlation, (xmlChar *) "id");
651
685
xmlAddID(NULL, doc, id, id_attr);
688
xmlXPathFreeObject(xpathObj);
655
692
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
656
693
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body", xpathCtx);
657
694
if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) {
658
695
body = xpathObj->nodesetval->nodeTab[0];
698
xmlXPathFreeObject(xpathObj);
699
xmlXPathFreeContext(xpathCtx);
700
return LASSO_SOAP_ERROR_MISSING_BODY;
662
703
id_attr = xmlHasProp(body, (xmlChar *)"id");
663
704
id = xmlGetProp(body, (xmlChar *) "id");
664
705
xmlAddID(NULL, doc, id, id_attr);
708
xmlXPathFreeObject(xpathObj);
668
712
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"sb", (xmlChar*)LASSO_SOAP_BINDING_HREF);
669
713
xpathObj = xmlXPathEvalExpression((xmlChar*)"//sb:Provider", xpathCtx);
682
726
xmlFree(providerID);
729
xmlXPathFreeObject(xpathObj);
685
732
/* Verify signature */
686
//node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
688
//xpathObj =xmlXPathEvalExpression((xmlChar*)"/s:Envelope/s:Header/s:Security/ds:Signature",
691
734
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"ds", (xmlChar*)LASSO_DS_HREF);
692
735
xpathObj = xmlXPathEvalExpression((xmlChar*)"//ds:Signature", xpathCtx);
693
736
if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr) {
694
737
node = xpathObj->nodesetval->nodeTab[0];
740
xmlXPathFreeContext(xpathCtx);
741
xmlXPathFreeObject(xpathObj);
697
742
return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND;
699
745
/* Case of X509 signature type */
700
746
x509data = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeX509Data, xmlSecDSigNs);
702
748
keys_mngr = lasso_load_certs_from_pem_certs_chain_file(
703
749
lasso_provider->ca_cert_chain);
704
750
if (keys_mngr == NULL) {
751
xmlXPathFreeObject(xpathObj);
752
xmlXPathFreeContext(xpathCtx);
705
753
return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED;
708
else if (x509data != NULL) {
755
} else if (x509data != NULL) {
756
xmlXPathFreeObject(xpathObj);
757
xmlXPathFreeContext(xpathCtx);
709
758
return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED;
714
763
/* Case of simple public key signature type */
715
764
if (keys_mngr == NULL) {
716
765
if (lasso_provider != NULL) {
717
dsigCtx->signKey = lasso_provider_get_public_key(lasso_provider);
719
else if (public_key) {
720
dsigCtx->signKey = public_key;
766
dsigCtx->signKey = xmlSecKeyDuplicate(
767
lasso_provider_get_public_key(lasso_provider));
768
} else if (public_key) {
769
dsigCtx->signKey = xmlSecKeyDuplicate(public_key);
722
771
if (dsigCtx->signKey == NULL) {
723
772
xmlSecDSigCtxDestroy(dsigCtx);
773
xmlXPathFreeObject(xpathObj);
774
xmlXPathFreeContext(xpathCtx);
724
775
return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED;
728
if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
779
if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
729
780
xmlSecDSigCtxDestroy(dsigCtx);
731
782
xmlSecKeysMngrDestroy(keys_mngr);
783
xmlXPathFreeObject(xpathObj);
784
xmlXPathFreeContext(xpathCtx);
732
785
return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
788
xmlXPathFreeObject(xpathObj);
789
xmlXPathFreeContext(xpathCtx);
736
792
xmlSecKeysMngrDestroy(keys_mngr);
1035
1089
envelope = profile->soap_envelope_request;
1037
1091
/* FIXME: find a better way to add needed security element */
1038
if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||\
1039
lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
1092
if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||
1093
lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
1040
1094
security = lasso_wsse_security_new();
1041
1095
header = envelope->Header;
1042
1096
header->Other = g_list_append(header->Other, security);
1077
1129
credential list */
1078
1130
g_list_free(profile->private_data->credentials);
1133
xmlXPathFreeContext(xpathCtx);
1134
xmlXPathFreeObject(xpathObj);
1082
1139
/* FIXME: do we need to sign if SAML authentication or X509 authentication ? */
1083
1140
ret = lasso_wsf_profile_add_soap_signature(profile, doc, envelope_node,
1084
1141
LASSO_SIGNATURE_METHOD_RSA_SHA1);
1089
1148
if (lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
1090
1149
ret = lasso_wsf_profile_add_soap_signature(profile, doc, envelope_node,
1091
1150
LASSO_SIGNATURE_METHOD_RSA_SHA1);
1096
1157
/* Dump soap request */
1101
1162
profile->msg_body = g_strdup(
1102
1163
(char*)(buf->conv ? buf->conv->content : buf->buffer->content));
1103
1164
xmlOutputBufferClose(buf);
1109
1171
lasso_wsf_profile_ensure_soap_credentials_signature(LassoWsfProfile *profile,
1111
xmlNode *soap_envelope)
1172
xmlDoc *doc, xmlNode *soap_envelope)
1174
xmlXPathContext *xpathCtx = NULL;
1175
xmlXPathObject *xpathObj;
1114
xmlNode *credential;
1117
xmlXPathContext *xpathCtx = NULL;
1118
xmlXPathObject *xpathObj;
1120
1178
xpathCtx = xmlXPathNewContext(doc);
1155
1214
/* FIXME: find a better way to add needed security element */
1156
1215
envelope = profile->soap_envelope_response;
1157
if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||\
1158
lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
1216
if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||
1217
lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
1159
1218
security = lasso_wsse_security_new();
1160
1219
header = envelope->Header;
1161
1220
header->Other = g_list_append(header->Other, security);
1209
1269
si = lasso_server_get_service(profile->server, (char *) service_type);
1211
if (!security_mech_id) {
1271
if (security_mech_id == NULL) {
1213
1273
profile->private_data->description = LASSO_DISCO_DESCRIPTION(
1214
1274
si->Description->data);
1216
1276
profile->private_data->description = NULL;
1280
return LASSO_PROFILE_ERROR_MISSING_SERVICE_INSTANCE;
1221
1282
lasso_wsf_profile_get_description_auto(si, security_mech_id);
1223
1286
doc = xmlParseMemory(message, strlen(message));
1225
1288
/* Verify authentication mecanisms */
1226
1289
if (lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
1227
1290
res = lasso_wsf_profile_verify_x509_authentication(profile, doc, NULL);
1229
else if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE) {
1291
} else if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE) {
1230
1292
res = lasso_wsf_profile_verify_saml_authentication(profile, doc);
1233
1295
/* FIXME: Return a soap fault if authentication verification failed ? */
1235
1297
fault = lasso_soap_fault_new();
1236
fault->faultstring = "Invalid signature";
1298
fault->faultstring = g_strdup("Invalid signature");
1299
} else if (res < 0) {
1241
1304
/* FIXME: Remove Signature element if exists, it seg fault when a call to
1242
1305
lasso_node_new_from_xmlNode() */