From 8a955c845b380f22e084b375b6e5f288d04634b5 Mon Sep 17 00:00:00 2001
From: John Dennis <jdennis@redhat.com>
Date: Tue, 3 Apr 2018 20:37:45 -0400
Subject: [PATCH] Resolves: rhbz#1542126, rhbz#1556016 xmlsec removed SOAP
 support, reimplement missing xmlSecSoap* in Lasso

---
 lasso.spec       |   8 +-
 xmlSecSoap.patch | 265 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 272 insertions(+), 1 deletion(-)
 create mode 100644 xmlSecSoap.patch

diff --git a/lasso.spec b/lasso.spec
index e0b6a8f..3b35353 100644
--- a/lasso.spec
+++ b/lasso.spec
@@ -15,7 +15,7 @@
 Summary: Liberty Alliance Single Sign On
 Name: lasso
 Version: 2.5.1
-Release: 11%{?dist}
+Release: 12%{?dist}
 License: GPLv2+
 Group: System Environment/Libraries
 Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
@@ -23,6 +23,7 @@ Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz
 patch1: java_binding_lasso_log.patch
 patch2: cflags.patch
 patch3: validate_idp_list_test.patch
+patch4: xmlSecSoap.patch
 
 %if %{with_wsf}
 BuildRequires: cyrus-sasl-devel
@@ -119,6 +120,7 @@ library.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
+%patch4 -p1
 
 %build
 ./autogen.sh
@@ -231,6 +233,10 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name}
 %endif
 
 %changelog
+* Wed Apr  4 2018 John Dennis <jdennis@redhat.com> - 2.5.1-12
+- Resolves: rhbz#1542126, rhbz#1556016
+- xmlsec removed SOAP support, reimplement missing xmlSecSoap* in Lasso
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
diff --git a/xmlSecSoap.patch b/xmlSecSoap.patch
new file mode 100644
index 0000000..b9b7f4b
--- /dev/null
+++ b/xmlSecSoap.patch
@@ -0,0 +1,265 @@
+commit bb8722b1c0e097bde8fd0a54190b13dd5bb8c0a8
+Author: John Dennis <jdennis@redhat.com>
+Date:   Tue Apr 3 19:49:31 2018 -0400
+
+    Replace xmlSecSoap functions with lasso implementations
+    
+    xmlsec has removed support for SOAP. The missing xmlSecSoap* functions
+    and their dependent utiliity functions were added to Lasso following
+    the model of the existing xmlSec implmentations.
+    
+    Note: Lasso tried to accommodate both SOAP 1.1 and SOAP 1.2 but SAML2
+    *only* uses SOAP 1.1 thus the SOAP 1.2 support was superfluous and
+    confused matters. Therefire the SOAP 1.2 support was removed.
+    
+    The following new functions were added to Lasso to support SOAP:
+    
+    * lasso_xml_next_element_node
+    * lasso_xml_get_node_ns_href
+    * lasso_xml_is_element_node
+    * lasso_xml_soap11_get_header
+    * lasso_xml_soap11_get_body
+    
+    The following is the mapping from the deprecated xmlSecSoap symbols
+    to the new Lasso symbols:
+    
+    xmlSecSoap11Ns -> LASSO_SOAP_ENV_HREF
+    xmlSecGetNextElementNode -> lasso_xml_next_element_node
+    xmlSecGetNodeNsHref -> lasso_xml_get_node_ns_href
+    xmlSecCheckNodeName -> lasso_xml_is_element_node
+    xmlSecSoap11GetHeader -> lasso_xml_soap11_get_header
+    xmlSecSoap11GetBody -> lasso_xml_soap11_get_body
+
+diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
+index 8cfe5a27..112dfeeb 100644
+--- a/lasso/id-wsf/wsf_profile.c
++++ b/lasso/id-wsf/wsf_profile.c
+@@ -29,7 +29,6 @@
+ #include <xmlsec/xmldsig.h>
+ #include <xmlsec/templates.h>
+ #include <xmlsec/crypto.h>
+-#include <xmlsec/soap.h>
+ 
+ #include "../utils.h"
+ 
+@@ -1369,7 +1368,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
+ 
+ 	/* Lookup all referenced node and their Ids */
+ 	envelope = xmlDocGetRootElement(doc);
+-	header = xmlSecSoap11GetHeader(envelope);
++	header = lasso_xml_soap11_get_header(envelope);
+ 
+ 	provider = xmlSecFindNode(header, (xmlChar*) "Provider",
+ 		(xmlChar*) LASSO_SOAP_BINDING_HREF);
+@@ -1377,7 +1376,7 @@ lasso_wsf_profile_add_saml_signature(LassoWsfProfile *wsf_profile, xmlDoc *doc)
+ 		(xmlChar*) LASSO_SOAP_BINDING_HREF);
+ 	interaction = xmlSecFindNode(header, (xmlChar*) "UserInteraction",
+ 		(xmlChar*) LASSO_IS_HREF);
+-	body = xmlSecSoap11GetBody(envelope);
++	body = lasso_xml_soap11_get_body(envelope);
+ 	xmlSecAddIDs(doc, envelope, ids);
+ 	goto_cleanup_if_fail_with_rc(header != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
+ 	goto_cleanup_if_fail_with_rc(provider != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
+diff --git a/lasso/xml/private.h b/lasso/xml/private.h
+index 6f7d911d..94acd0ed 100644
+--- a/lasso/xml/private.h
++++ b/lasso/xml/private.h
+@@ -265,8 +265,19 @@ xmlDocPtr lasso_xml_parse_memory(const char *buffer, int size);
+ 
+ xmlNode* lasso_xml_get_soap_content(xmlNode *root);
+ 
++xmlNodePtr lasso_xml_next_element_node(xmlNodePtr node);
++
++const xmlChar* lasso_xml_get_node_ns_href(const xmlNodePtr node);
++
++gboolean lasso_xml_is_element_node(const xmlNodePtr node,
++                                   const xmlChar *name, const xmlChar *ns);
++
+ gboolean lasso_xml_is_soap(xmlNode *root);
+ 
++xmlNodePtr lasso_xml_soap11_get_header(xmlNodePtr envelope_node);
++
++xmlNodePtr lasso_xml_soap11_get_body(xmlNodePtr envelope_node);
++
+ gboolean lasso_eval_xpath_expression(xmlXPathContextPtr xpath_ctx, const char *expression,
+ 		xmlXPathObjectPtr *xpath_object_ptr, int *xpath_error_code);
+ 
+diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
+index ade6d660..c6d4de4b 100644
+--- a/lasso/xml/tools.c
++++ b/lasso/xml/tools.c
+@@ -57,7 +57,6 @@
+ #include <xmlsec/errors.h>
+ #include <xmlsec/openssl/x509.h>
+ #include <xmlsec/openssl/crypto.h>
+-#include <xmlsec/soap.h>
+ 
+ #include <zlib.h>
+ 
+@@ -1666,30 +1665,156 @@ cleanup:
+ 	return rc;
+ }
+ 
++/**
++ * lasso_xml_next_element_node:
++ * @node:                the pointer to an XML node.
++ *
++ * Seraches for the next element node.
++ *
++ * Returns: the pointer to next element node or NULL if it is not found.
++ */
++xmlNodePtr
++lasso_xml_next_element_node(xmlNodePtr node)
++{
++
++    for (; node != NULL && node->type != XML_ELEMENT_NODE; node = node->next);
++    return node;
++}
++
++/**
++ * lasso_xml_get_node_ns_href:
++ * @node: the pointer to node.
++ *
++ * Get's node's namespace href.
++ *
++ * Returns: node's namespace href.
++ */
++const xmlChar*
++lasso_xml_get_node_ns_href(const xmlNodePtr node)
++{
++    xmlNsPtr ns;
++
++    if (node == NULL) {
++        return NULL;
++    }
++
++    /* do we have a namespace in the node? */
++    if (node->ns != NULL) {
++        return node->ns->href;
++    }
++
++    /* search for default namespace */
++    ns = xmlSearchNs(node->doc, node, NULL);
++    if (ns != NULL) {
++        return ns->href;
++    }
++
++    return NULL;
++}
++
++/**
++ * lasso_xml_is_element_node:
++ * @node: the pointer to an XML node.
++ * @name: the name,
++ * @ns:   the namespace href.
++ *
++ * Checks that the node has a given name and a given namespace href.
++ *
++ * Returns: true if the node matches false otherwise.
++ */
++gboolean
++lasso_xml_is_element_node(const xmlNodePtr node,
++                          const xmlChar *name, const xmlChar *ns)
++{
++    if (node == NULL) {
++        return FALSE;
++    }
++
++    return (node->type == XML_ELEMENT_NODE &&
++            xmlStrEqual(node->name, name) &&
++            xmlStrEqual(lasso_xml_get_node_ns_href(node), ns));
++}
++
+ gboolean
+ lasso_xml_is_soap(xmlNode *root)
+ {
+-	return xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns) ||
+-		xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
++    return lasso_xml_is_element_node(root, BAD_CAST "Envelope",
++                                     BAD_CAST LASSO_SOAP_ENV_HREF);
++}
++
++/**
++ * lasso_xml_soap11_get_header:
++ * @envelope_node: the pointer to <soap:Envelope> node.
++ *
++ * Gets pointer to the <soap:Header> node.
++ *
++ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
++ */
++xmlNodePtr
++lasso_xml_soap11_get_header(xmlNodePtr envelope_node)
++{
++    xmlNodePtr node;
++
++    if (envelope_node == NULL) {
++        return NULL;
++    }
++
++    /* optional Header node is first */
++    node = lasso_xml_next_element_node(envelope_node->children);
++    if (lasso_xml_is_element_node(node, BAD_CAST "Header",
++                                  BAD_CAST LASSO_SOAP_ENV_HREF)) {
++        return node;
++    }
++
++    return NULL;
++}
++
++/**
++ * lasso_xml_soap11_get_body:
++ * @envelope_node: the pointer to <soap:Envelope> node.
++ *
++ * Gets pointer to the <soap:Body> node.
++ *
++ * Returns: pointer to <soap:Body> node or NULL if an error occurs.
++ */
++xmlNodePtr
++lasso_xml_soap11_get_body(xmlNodePtr envelope_node)
++{
++    xmlNodePtr node;
++
++    if (envelope_node == NULL) {
++        return NULL;
++    }
++
++    /* optional Header node first */
++    node = lasso_xml_next_element_node(envelope_node->children);
++    if (lasso_xml_is_element_node(node, BAD_CAST "Header",
++                                  BAD_CAST LASSO_SOAP_ENV_HREF)) {
++        node = lasso_xml_next_element_node(node->next);
++    }
++
++    /* Body node is next */
++    if (!lasso_xml_is_element_node(node, BAD_CAST "Body",
++                                   BAD_CAST  LASSO_SOAP_ENV_HREF)) {
++        return NULL;
++    }
++
++    return node;
+ }
+ 
+ xmlNode*
+ lasso_xml_get_soap_content(xmlNode *root)
+ {
+ 	gboolean is_soap11 = FALSE;
+-	gboolean is_soap12 = FALSE;
+ 	xmlNode *content = NULL;
+ 
+-	is_soap11 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap11Ns);
+-	is_soap12 = xmlSecCheckNodeName(root, xmlSecNodeEnvelope, xmlSecSoap12Ns);
+-
+-	if (is_soap11 || is_soap12) {
++	is_soap11 = lasso_xml_is_element_node(root, BAD_CAST "Envelope",
++                                              BAD_CAST LASSO_SOAP_ENV_HREF);
++	if (is_soap11) {
+ 		xmlNode *body;
+ 
+ 		if (is_soap11) {
+-			body = xmlSecSoap11GetBody(root);
+-		} else {
+-			body = xmlSecSoap12GetBody(root);
++			body = lasso_xml_soap11_get_body(root);
+ 		}
+ 		if (body) {
+ 			content = xmlSecGetNextElementNode(body->children);