From 1b192076db396f83bf1a6be4957299e9eff46833 Mon Sep 17 00:00:00 2001 From: m0gg Date: Wed, 29 Nov 2006 13:01:00 +0000 Subject: Message signature verification added --- TODO | 21 ++++++++++++--------- libcsoap/soap-xmlsec.c | 35 +++++++++++++++++++++++++++++++++-- 2 files changed, 45 insertions(+), 11 deletions(-) diff --git a/TODO b/TODO index 6dc8d10..5c34dfe 100644 --- a/TODO +++ b/TODO @@ -1,4 +1,4 @@ -$Id: TODO,v 1.6 2006/11/29 11:31:37 m0gg Exp $ +$Id: TODO,v 1.7 2006/11/29 13:01:00 m0gg Exp $ =============================================================================== Things to do _before_ 1.2 release: @@ -7,7 +7,7 @@ Things to do _before_ 1.2 release: nanohttp: --------- - Get rid of #ifdef HAVE_SSL in nanohttp-socket.c -- API documentation +- Improve API documentation - remove internal typedefs! - include neccessary headers in nanohttp-client.h and nanohttp-server.h if __NANOHTTP_INTERNAL isn't specified @@ -15,25 +15,24 @@ nanohttp: - cleanup circular module dependencies (e.g. hsocket <-> hssl) - improve error handling!!!! - optimize mime API -- cleanup/improve nanohttp request parsing +- cleanup/improve nanohttp request parsing (add GET http://fdqn/service) - Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2) -- Write README.ssl +- Elaborate README.ssl (more text and references to csoap API docs, OpenSSL) csoap: ------ - move service description documents from router to service (???) - Check portability to Win32/Linux/MaxOS (only tested on FreeBSD 6.2) - soap-nudp.c needs testing -- XML signature verification -- API documentation -- Add reference to http://www.w3.org/TR/SOAP-attachments +- Improve API documentation + - Add reference to http://www.w3.org/TR/SOAP-attachments - include neccessary headers in soap-client.h and soap-server.h if __CSOAP_INTERNAL isn't specified - correct handling of configure flag --with-xmlsec1 - Write README.xmlsec -Additional things to do: -======================== +Additional things that could be done: +===================================== nanohttp: --------- @@ -44,4 +43,8 @@ csoap: ------ - soap-nudp.c one thread per request (see soap_nudp_server_run) - soap-nudp message re-transmission +- http://www.ws-i.org/Profiles/BasicProfile-1.0.html conformance testing + create an automated testsuite (?) +- http://www.w3.org/Submission/WS-Enumeration/ + diff --git a/libcsoap/soap-xmlsec.c b/libcsoap/soap-xmlsec.c index 55c341b..14b1a4e 100644 --- a/libcsoap/soap-xmlsec.c +++ b/libcsoap/soap-xmlsec.c @@ -1,5 +1,5 @@ /****************************************************************** -* $Id: soap-xmlsec.c,v 1.5 2006/11/29 11:04:25 m0gg Exp $ +* $Id: soap-xmlsec.c,v 1.6 2006/11/29 13:01:00 m0gg Exp $ * * CSOAP Project: A SOAP client/server library in C * Copyright (C) 2003 Ferhat Ayaz @@ -865,7 +865,38 @@ herror_t soap_xmlsec_verify(struct SoapCtx *context) { if (!xmlStrcmp(walker->ns->href, "http://schemas.xmlsoap.org/soap/security/2000-12")) { - /* XXX do it */ + xmlNodePtr node; + xmlSecDSigCtxPtr dsigCtx; + + node = xmlSecFindNode(envelope->root, xmlSecNodeSignature, xmlSecDSigNs); + if (node == NULL) + { + log_error1("cannot find message signature"); + return herror_new("soap_xmlsec_verify", 0, "message signature wasn't found"); + } + + dsigCtx = xmlSecDSigCtxCreate(_soap_xmlsec_key_manager); + if (dsigCtx == NULL) + { + log_error1("cannot create signature context"); + return herror_new("soap_xmlsec_verify", 0, "cannot create signatur context"); + } + + if (xmlSecDSigCtxVerify(dsigCtx, node) < 0) + { + log_error1("xmlsecDSigCtxVerify failed"); + return herror_new("soap_xmlsec_verify", 0, "verification failed"); + } + + if (dsigCtx->status == xmlSecDSigStatusSucceeded) + { + return H_OK; + } + else + { + log_error1("signature invalid"); + return herror_new("soap_xmlsec_verify", 0, "signature invalid"); + } } else { -- cgit v1.1-32-gdbae