diff options
| author |  m0gg | 2006-11-29 13:01:00 +0000 |
|---|---|---|
| committer | m0gg | 2006-11-29 13:01:00 +0000 |
| commit | 1b192076db396f83bf1a6be4957299e9eff46833 (patch) | |
| tree | 23c158324de0cb9cff7e41c0a86ee7c30a98280e | |
| parent | e4c2e3a011191c232521a2d4e6e5f71f983208fa (diff) | |
| download | csoap-1b192076db396f83bf1a6be4957299e9eff46833.tar.gz csoap-1b192076db396f83bf1a6be4957299e9eff46833.tar.bz2 | |
Message signature verification added
| -rw-r--r-- | TODO | 21 | ||||
| -rw-r--r-- | libcsoap/soap-xmlsec.c | 35 |
2 files changed, 45 insertions, 11 deletions
@@ -1,4 +1,4 @@ -$Id: TODO,v 1.6 2006/11/29 11:31:37 m0gg Exp $
+$Id: TODO,v 1.7 2006/11/29 13:01:00 m0gg Exp $
===============================================================================
Things to do _before_ 1.2 release:
@@ -7,7 +7,7 @@ Things to do _before_ 1.2 release: nanohttp:
---------
- Get rid of #ifdef HAVE_SSL in nanohttp-socket.c
-- API documentation
+- Improve API documentation
- remove internal typedefs!
- include neccessary headers in nanohttp-client.h and nanohttp-server.h if
__NANOHTTP_INTERNAL isn't specified
@@ -15,25 +15,24 @@ nanohttp: - cleanup circular module dependencies (e.g. hsocket <-> hssl)
- improve error handling!!!!
- optimize mime API
-- cleanup/improve nanohttp request parsing
+- cleanup/improve nanohttp request parsing (add GET http://fdqn/service)
- Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2)
-- Write README.ssl
+- Elaborate README.ssl (more text and references to csoap API docs, OpenSSL)
csoap:
------
- move service description documents from router to service (???)
- Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2)
- soap-nudp.c needs testing
-- XML signature verification
-- API documentation
-- Add reference to http://www.w3.org/TR/SOAP-attachments
+- Improve API documentation
+ - Add reference to http://www.w3.org/TR/SOAP-attachments
- include neccessary headers in soap-client.h and soap-server.h if
__CSOAP_INTERNAL isn't specified
- correct handling of configure flag --with-xmlsec1
- Write README.xmlsec
-Additional things to do:
-========================
+Additional things that could be done:
+=====================================
nanohttp:
---------
@@ -44,4 +43,8 @@ csoap: ------
- soap-nudp.c one thread per request (see soap_nudp_server_run)
- soap-nudp message re-transmission
+- http://www.ws-i.org/Profiles/BasicProfile-1.0.html conformance testing
+ create an automated testsuite (?)
+- http://www.w3.org/Submission/WS-Enumeration/
+
diff --git a/libcsoap/soap-xmlsec.c b/libcsoap/soap-xmlsec.c index 55c341b..14b1a4e 100644 --- a/libcsoap/soap-xmlsec.c +++ b/libcsoap/soap-xmlsec.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: soap-xmlsec.c,v 1.5 2006/11/29 11:04:25 m0gg Exp $ +* $Id: soap-xmlsec.c,v 1.6 2006/11/29 13:01:00 m0gg Exp $ * * CSOAP Project: A SOAP client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -865,7 +865,38 @@ herror_t soap_xmlsec_verify(struct SoapCtx *context) { if (!xmlStrcmp(walker->ns->href, "http://schemas.xmlsoap.org/soap/security/2000-12")) { - /* XXX do it */ + xmlNodePtr node; + xmlSecDSigCtxPtr dsigCtx; + + node = xmlSecFindNode(envelope->root, xmlSecNodeSignature, xmlSecDSigNs); + if (node == NULL) + { + log_error1("cannot find message signature"); + return herror_new("soap_xmlsec_verify", 0, "message signature wasn't found"); + } + + dsigCtx = xmlSecDSigCtxCreate(_soap_xmlsec_key_manager); + if (dsigCtx == NULL) + { + log_error1("cannot create signature context"); + return herror_new("soap_xmlsec_verify", 0, "cannot create signatur context"); + } + + if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) + { + log_error1("xmlsecDSigCtxVerify failed"); + return herror_new("soap_xmlsec_verify", 0, "verification failed"); + } + + if (dsigCtx->status == xmlSecDSigStatusSucceeded) + { + return H_OK; + } + else + { + log_error1("signature invalid"); + return herror_new("soap_xmlsec_verify", 0, "signature invalid"); + } } else { |