Author: dumindu Date: Fri Feb 1 04:41:12 2008 New Revision: 13221 Log:
Allowing the user to validate the certificates in self-issued case. This can be done using the validator or by the webapp itself. Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c trunk/solutions/identity/modules/mod-cspace/mod_cspace.h trunk/solutions/identity/modules/mod-cspace/process_request.c Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.c ============================================================================== --- trunk/solutions/identity/modules/mod-cspace/mod_cspace.c (original) +++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.c Fri Feb 1 04:41:12 2008 @@ -45,6 +45,10 @@ #define CARDSPACE_HEADER_PPID "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"; +void cspace_log_error(const char *msg, pc_log_level_t level, void *cb_ctx) +{ + ap_log_error(APLOG_MARK, level, 0, (server_rec *)cb_ctx, msg); +} /*static X509 *x509_create_with_buffer(unsigned char *input, int length); Modified: trunk/solutions/identity/modules/mod-cspace/mod_cspace.h ============================================================================== --- trunk/solutions/identity/modules/mod-cspace/mod_cspace.h (original) +++ trunk/solutions/identity/modules/mod-cspace/mod_cspace.h Fri Feb 1 04:41:12 2008 @@ -87,10 +87,6 @@ void *own_cfg); -static void cspace_log_error(const char *msg, pc_log_level_t level, - void *cb_ctx) -{ - ap_log_error(APLOG_MARK, level, 0, (server_rec *)cb_ctx, msg); -} +void cspace_log_error(const char *msg, pc_log_level_t level, void *cb_ctx); #endif /*_MOD_CSPACE_H_*/ Modified: trunk/solutions/identity/modules/mod-cspace/process_request.c ============================================================================== --- trunk/solutions/identity/modules/mod-cspace/process_request.c (original) +++ trunk/solutions/identity/modules/mod-cspace/process_request.c Fri Feb 1 04:41:12 2008 @@ -47,6 +47,16 @@ /* "/saml:Assertion/dsig:Signature/dsig:KeyInfo" */ #define XPATH_KEY_INFO XPATH_SIGNATURE "/" DSIG_PFX ":" KEY_INFO +/* "/saml:Assertion/dsig:Signature/dsig:KeyInfo/dsig:KeyValue/dsig:RSAKeyValue" */ +#define XPATH_RSA_KEY_VALUE XPATH_KEY_INFO "/" DSIG_PFX ":" KEY_VALUE "/" \ + DSIG_PFX ":" RSA_KEY_VALUE + +/* "/saml:Assertion/dsig:Signature/dsig:KeyInfo/dsig:KeyValue/dsig:RSAKeyValue/dsig:Modulus" */ +#define XPATH_MODULUS XPATH_RSA_KEY_VALUE "/" DSIG_PFX ":" MODULUS + +/* "/saml:Assertion/dsig:Signature/dsig:KeyInfo/dsig:KeyValue/dsig:RSAKeyValue/dsig:Exponent" */ +#define XPATH_EXPONENT XPATH_RSA_KEY_VALUE "/" DSIG_PFX ":" EXPONENT + /* "/saml:Assertion/dsig:Signature/dsig:KeyInfo/dsig:X509Data" */ #define XPATH_X509_DATA XPATH_KEY_INFO "/" DSIG_PFX ":" X509_DATA @@ -61,6 +71,7 @@ #define XPATH_ATTRIBUTE XPATH_ASSERTION "/" SAML_PFX ":" ATTRIBUTE_STATEMENT \ "/" SAML_PFX ":" ATTRIBUTE + #define XPATH_OBJ_SIZE(obj) ((obj) ? (((obj)->nodesetval) ? \ ((obj)->nodesetval->nodeNr) : 0) : 0) @@ -262,6 +273,14 @@ xmlXPathObject *attrs_obj = NULL; xmlNode *attr_node = NULL; xmlNode *text_node = NULL; + + xmlXPathObject *mod_obj = NULL; + xmlNode *mod_node = NULL; + xmlXPathObject *exp_obj = NULL; + xmlNode *exp_node = NULL; + + xmlXPathObject *assertion_obj = NULL; + xmlNode *assertion_node = NULL; xmlXPathObject *x509_obj = NULL; xmlNode *x509_node = NULL; @@ -270,6 +289,19 @@ char *attr_val = NULL; char *attr_ns = NULL; char *x509_data = NULL; + char *issuer = NULL; + char *modulus = NULL; + char *exponent = NULL; + char *mod_exp = NULL; + + assertion_obj = cspace_xpath_evaluate(doc, BAD_CAST XPATH_ASSERTION); + if (!assertion_obj) { + goto done; + } else { + assertion_node = XPATH_OBJ_TO_NODE(assertion_obj, 0); + issuer = (char *) xmlGetProp(assertion_node, BAD_CAST ISSUER); + } + attrs_obj = cspace_xpath_evaluate(doc, BAD_CAST XPATH_ATTRIBUTE); if (!attrs_obj) { @@ -299,6 +331,53 @@ } + /* if (self issued) res = SUCC & goto done; */ + if (strcmp(issuer, ISSUER_SELF) == 0) { + char *t = NULL; + + mod_obj = cspace_xpath_evaluate(doc, BAD_CAST XPATH_MODULUS); + if (!mod_obj) { + goto done; + } + mod_node = XPATH_OBJ_TO_NODE(mod_obj, 0); + mod_node = mod_node->children; + if (!mod_node) { /* Modulus not found */ + goto done; + } + modulus = (char *) mod_node->content; + + exp_obj = cspace_xpath_evaluate(doc, BAD_CAST XPATH_EXPONENT); + if (!exp_obj) { + goto done; + } + exp_node = XPATH_OBJ_TO_NODE(exp_obj, 0); + exp_node = exp_node->children; + if (!exp_node) { + goto done; + } + exponent = (char *) exp_node->content; + + mod_exp = pc_malloc(strlen(modulus) + strlen(exponent) + 2, ctx); + t = mod_exp; + + cspace_strcpy(t, modulus); + t += strlen(modulus); + *t = ','; + t++; + cspace_strcpy(t, exponent); + t += strlen(exponent); + *t = '\0'; + + (*ctx->set_header_fn)(NULL, + cspace_strdup(CARDSPACE_HEADER_CERTIFICATE, + ctx->allocator), + mod_exp, ctx->header_container, ctx->set_header_cb_ctx); + + /* TODO:DONE add the Exp & Mod to headers */ + res = SUCC; + goto done; + } + x509_obj = cspace_xpath_evaluate(doc, BAD_CAST XPATH_X509_CERT); if (!x509_obj) { goto done; @@ -311,8 +390,10 @@ ctx->allocator); } - (*ctx->set_header_fn)(NULL, cspace_strdup(CARDSPACE_HEADER_CERTIFICATE, - ctx->allocator), x509_data, ctx->header_container, + (*ctx->set_header_fn)(NULL, + cspace_strdup(CARDSPACE_HEADER_CERTIFICATE, + ctx->allocator), + x509_data, ctx->header_container, ctx->set_header_cb_ctx); res = SUCC; @@ -324,6 +405,9 @@ if (x509_obj) xmlXPathFreeObject(x509_obj); + if (assertion_obj) + xmlXPathFreeObject(assertion_obj); + return res; } _______________________________________________ Identity-dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
