36
36
#include <xmlsec/templates.h>
37
37
#include <xmlsec/xmldsig.h>
38
38
#include <xmlsec/xmltree.h>
39
#include <xmlsec/errors.h>
40
#include <xmlsec/openssl/x509.h>
41
#include <xmlsec/openssl/crypto.h>
42
45
#include <lasso/xml/xml.h>
46
#include <lasso/xml/xml_enc.h>
47
#include <lasso/xml/saml-2.0/saml2_assertion.h>
49
LassoNode* lasso_assertion_encrypt(LassoSaml2Assertion *assertion);
45
52
* lasso_build_random_sequence:
150
157
type = LASSO_PEM_FILE_TYPE_PUB_KEY;
151
158
EVP_PKEY_free(pkey);
154
pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
156
type = LASSO_PEM_FILE_TYPE_PRIVATE_KEY;
160
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
162
type = LASSO_PEM_FILE_TYPE_CERT;
160
if (BIO_reset(bio) == 0) {
161
pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
163
type = LASSO_PEM_FILE_TYPE_PRIVATE_KEY;
166
if (BIO_reset(bio) == 0) {
167
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
169
type = LASSO_PEM_FILE_TYPE_CERT;
362
371
/* sign digest message */
363
372
status = RSA_sign(NID_sha1, (unsigned char*)digest, 20, sigret, &siglen, rsa);
366
else if (sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) {
374
} else if (sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) {
367
375
dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL);
368
376
if (dsa == NULL) {
402
411
return s_new_query;
415
lasso_assertion_encrypt(LassoSaml2Assertion *assertion)
417
LassoNode *encrypted_element = NULL;
422
xmlSecKey *encryption_public_key = NULL;
424
xmlSecKeyDataFormat key_formats[] = {
425
xmlSecKeyDataFormatDer,
426
xmlSecKeyDataFormatCertDer,
427
xmlSecKeyDataFormatPkcs8Der,
428
xmlSecKeyDataFormatCertPem,
429
xmlSecKeyDataFormatPkcs8Pem,
430
xmlSecKeyDataFormatPem,
431
xmlSecKeyDataFormatBinary,
435
if (assertion->encryption_activated == FALSE ||
436
assertion->encryption_public_key_str == NULL) {
440
b64_value = g_strdup(assertion->encryption_public_key_str);
441
length = strlen(b64_value);
442
value = g_malloc(length*4); /* enough place for decoding */
443
rc = xmlSecBase64Decode((xmlChar*)b64_value, value, length);
451
xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
452
for (i = 0; key_formats[i] && encryption_public_key == NULL; i++) {
453
encryption_public_key = xmlSecCryptoAppKeyLoadMemory(value, rc,
454
key_formats[i], NULL, NULL, NULL);
456
xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
458
/* Finally encrypt the assertion */
459
encrypted_element = LASSO_NODE(lasso_node_encrypt(LASSO_NODE(assertion),
460
encryption_public_key, assertion->encryption_sym_key_type));
465
return encrypted_element;
406
470
* lasso_query_verify_signature:
407
471
* @query: a query (an url-encoded message)
625
690
xmlnode->parent = NULL;
626
691
xmlDocSetRootElement(doc, xmlnode);
627
692
xmlSetTreeDoc(sign_tmpl, doc);
629
xmlAttr *id_attr = xmlHasProp(xmlnode, (xmlChar*)id_attr_name);
631
xmlAddID(NULL, doc, (xmlChar*)id_value, id_attr);
693
if (id_attr_name && id_value) {
694
id_attr = xmlHasProp(xmlnode, (xmlChar*)id_attr_name);
695
xmlAddID(NULL, doc, (xmlChar*)id_value, id_attr);
635
698
dsig_ctx = xmlSecDSigCtxCreate(NULL);
663
733
lasso_node_build_deflated_query(LassoNode *node)
665
735
/* actually deflated and b64'ed and url-escaped */
667
737
xmlOutputBufferPtr buf;
668
738
xmlCharEncodingHandlerPtr handler = NULL;
670
xmlChar *ret, *orig_ret, *b64_ret;
740
xmlChar *ret, *b64_ret;
676
message = lasso_node_get_xmlNode(node, FALSE);
742
unsigned long in_len;
746
xmlnode = lasso_node_get_xmlNode(node, FALSE);
678
748
handler = xmlFindCharEncodingHandler("utf-8");
679
749
buf = xmlAllocOutputBuffer(handler);
680
xmlNodeDumpOutput(buf, NULL, message, 0, 0, "utf-8");
750
xmlNodeDumpOutput(buf, NULL, xmlnode, 0, 0, "utf-8");
681
751
xmlOutputBufferFlush(buf);
682
752
buffer = buf->conv ? buf->conv->content : buf->buffer->content;
689
zstr.avail_in = strlen((char*)buffer);
690
buf_size = zstr.avail_in*2;
691
ret = orig_ret = g_malloc(buf_size);
754
xmlFreeNode(xmlnode);
757
in_len = strlen((char*)buffer);
758
ret = g_malloc(in_len * 2);
692
759
/* deflating should never increase the required size but we are
693
760
* more conservative than that. Twice the size should be
695
zstr.next_in = buffer;
699
z_err = deflateInit(&zstr, 6);
701
message(G_LOG_LEVEL_CRITICAL, "Failed to deflateInit");
763
stream.next_in = buffer;
764
stream.avail_in = in_len;
765
stream.next_out = ret;
766
stream.avail_out = in_len * 2;
768
stream.zalloc = NULL;
770
stream.opaque = NULL;
772
/* -MAX_WBITS to disable zib headers */
773
rc = deflateInit2(&stream, Z_DEFAULT_COMPRESSION,
774
Z_DEFLATED, -MAX_WBITS, 5, 0);
776
rc = deflate(&stream, Z_FINISH);
777
if (rc != Z_STREAM_END) {
783
rc = deflateEnd(&stream);
705
z_err = deflate(&zstr, Z_FINISH);
708
ret = g_realloc(ret, buf_size);
709
zstr.next_out = (xmlChar*) orig_ret-zstr.next_out+ret;
712
} while (z_err == Z_OK);
713
if (z_err != Z_STREAM_END) {
714
788
message(G_LOG_LEVEL_CRITICAL, "Failed to deflate");
718
b64_ret = xmlSecBase64Encode(ret, zstr.total_out, 0);
792
b64_ret = xmlSecBase64Encode(ret, stream.total_out, 0);
719
793
xmlOutputBufferClose(buf);
722
796
ret = xmlURIEscapeStr(b64_ret, NULL);
723
797
rret = g_strdup((char*)ret);