/**
@fn const char* soap_wsse_get_Username(struct soap *soap)
@brief Returns UsernameToken/username string or wsse:FailedAuthentication fault.
@param soap context
@return UsernameToken/username string or NULL with wsse:FailedAuthentication fault error set
@see soap_wsse_verify_Password
The returned username should be used to lookup the user's password in a
dictionary or database for server-side authentication with
soap_wsse_verify_Password.
*/
const char*
soap_wsse_get_Username(struct soap *soap)
{ _wsse__UsernameToken *token = soap_wsse_UsernameToken(soap, NULL);
DBGFUN("soap_wsse_get_Username");
if (token)
return token->Username;
soap_wsse_fault(soap, wsse__FailedAuthentication, "Username authentication required");
return NULL;
}
/* Check WS-Security properties of a message */
static int chk_security(struct soap *soap)
{
X509 *cert = soap_wsse_get_KeyInfo_SecurityTokenReferenceX509(soap);
char buf[1024];
if (!cert)
return soap_wsse_fault(soap, wsse__SecurityTokenUnavailable, NULL);
/* Certificate must be known to us */
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
if (!strstr(buf, srv_subject) && !strstr(buf, clt_subject))
{
fprintf(stderr, "Warning: certificate from %s is unknown\n", buf);
strncat(buf, ": unrecognized subject name", sizeof(buf)-strlen(buf)-1);
buf[sizeof(buf)-1] = '\0';
return soap_wsse_fault(soap, wsse__InvalidSecurityToken, buf);
}
/* Valid timestamp required */
if (soap_wsse_verify_Timestamp(soap))
{
soap_wsse_delete_Security(soap);
return soap->error;
}
/* Body must be signed */
if (soap_wsse_verify_body(soap))
{
soap_wsse_delete_Security(soap);
return soap->error;
}
soap_wsse_delete_Security(soap);
return SOAP_OK;
}
/**
@fn int soap_wsse_verify_Password(struct soap *soap, const char *password)
@brief Verifies the supplied password or sets wsse:FailedAuthentication fault.
@param soap context
@param[in] password string to verify against
@return SOAP_OK (authorized) or SOAP_FAULT with wsse:FailedAuthentication fault
The verification supports both clear-text password verification only.
@note
This release supports the use of at most one UsernameToken in the header.
*/
int
soap_wsse_verify_Password(struct soap *soap, const char *password)
{ _wsse__UsernameToken *token = soap_wsse_UsernameToken(soap, NULL);
DBGFUN("soap_wsse_verify_Password");
/* if we have a UsernameToken with a Password, check it */
if (token && token->Password)
{ /* password digest or text? */
if (token->Password->Type
&& !strcmp(token->Password->Type, wsse_PasswordTextURI))
{ /* check password text */
if (!strcmp(token->Password->__item, password))
return SOAP_OK;
}
}
return soap_wsse_fault(soap, wsse__FailedAuthentication, NULL);
}
