summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar m0gg2006-11-29 13:01:00 +0000
committerGravatar m0gg2006-11-29 13:01:00 +0000
commit1b192076db396f83bf1a6be4957299e9eff46833 (patch)
tree23c158324de0cb9cff7e41c0a86ee7c30a98280e
parente4c2e3a011191c232521a2d4e6e5f71f983208fa (diff)
downloadcsoap-1b192076db396f83bf1a6be4957299e9eff46833.tar.gz
csoap-1b192076db396f83bf1a6be4957299e9eff46833.tar.bz2
Message signature verification added
-rw-r--r--TODO21
-rw-r--r--libcsoap/soap-xmlsec.c35
2 files changed, 45 insertions, 11 deletions
diff --git a/TODO b/TODO
index 6dc8d10..5c34dfe 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,4 @@
-$Id: TODO,v 1.6 2006/11/29 11:31:37 m0gg Exp $
+$Id: TODO,v 1.7 2006/11/29 13:01:00 m0gg Exp $
===============================================================================
Things to do _before_ 1.2 release:
@@ -7,7 +7,7 @@ Things to do _before_ 1.2 release:
nanohttp:
---------
- Get rid of #ifdef HAVE_SSL in nanohttp-socket.c
-- API documentation
+- Improve API documentation
- remove internal typedefs!
- include neccessary headers in nanohttp-client.h and nanohttp-server.h if
__NANOHTTP_INTERNAL isn't specified
@@ -15,25 +15,24 @@ nanohttp:
- cleanup circular module dependencies (e.g. hsocket <-> hssl)
- improve error handling!!!!
- optimize mime API
-- cleanup/improve nanohttp request parsing
+- cleanup/improve nanohttp request parsing (add GET http://fdqn/service)
- Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2)
-- Write README.ssl
+- Elaborate README.ssl (more text and references to csoap API docs, OpenSSL)
csoap:
------
- move service description documents from router to service (???)
- Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2)
- soap-nudp.c needs testing
-- XML signature verification
-- API documentation
-- Add reference to http://www.w3.org/TR/SOAP-attachments
+- Improve API documentation
+ - Add reference to http://www.w3.org/TR/SOAP-attachments
- include neccessary headers in soap-client.h and soap-server.h if
__CSOAP_INTERNAL isn't specified
- correct handling of configure flag --with-xmlsec1
- Write README.xmlsec
-Additional things to do:
-========================
+Additional things that could be done:
+=====================================
nanohttp:
---------
@@ -44,4 +43,8 @@ csoap:
------
- soap-nudp.c one thread per request (see soap_nudp_server_run)
- soap-nudp message re-transmission
+- http://www.ws-i.org/Profiles/BasicProfile-1.0.html conformance testing
+ create an automated testsuite (?)
+- http://www.w3.org/Submission/WS-Enumeration/
+
diff --git a/libcsoap/soap-xmlsec.c b/libcsoap/soap-xmlsec.c
index 55c341b..14b1a4e 100644
--- a/libcsoap/soap-xmlsec.c
+++ b/libcsoap/soap-xmlsec.c
@@ -1,5 +1,5 @@
/******************************************************************
-* $Id: soap-xmlsec.c,v 1.5 2006/11/29 11:04:25 m0gg Exp $
+* $Id: soap-xmlsec.c,v 1.6 2006/11/29 13:01:00 m0gg Exp $
*
* CSOAP Project: A SOAP client/server library in C
* Copyright (C) 2003 Ferhat Ayaz
@@ -865,7 +865,38 @@ herror_t soap_xmlsec_verify(struct SoapCtx *context)
{
if (!xmlStrcmp(walker->ns->href, "http://schemas.xmlsoap.org/soap/security/2000-12"))
{
- /* XXX do it */
+ xmlNodePtr node;
+ xmlSecDSigCtxPtr dsigCtx;
+
+ node = xmlSecFindNode(envelope->root, xmlSecNodeSignature, xmlSecDSigNs);
+ if (node == NULL)
+ {
+ log_error1("cannot find message signature");
+ return herror_new("soap_xmlsec_verify", 0, "message signature wasn't found");
+ }
+
+ dsigCtx = xmlSecDSigCtxCreate(_soap_xmlsec_key_manager);
+ if (dsigCtx == NULL)
+ {
+ log_error1("cannot create signature context");
+ return herror_new("soap_xmlsec_verify", 0, "cannot create signatur context");
+ }
+
+ if (xmlSecDSigCtxVerify(dsigCtx, node) < 0)
+ {
+ log_error1("xmlsecDSigCtxVerify failed");
+ return herror_new("soap_xmlsec_verify", 0, "verification failed");
+ }
+
+ if (dsigCtx->status == xmlSecDSigStatusSucceeded)
+ {
+ return H_OK;
+ }
+ else
+ {
+ log_error1("signature invalid");
+ return herror_new("soap_xmlsec_verify", 0, "signature invalid");
+ }
}
else
{