diff --git a/src/crypto.rs b/src/crypto.rs index 5815d2c..5f235fd 100644 --- a/src/crypto.rs +++ b/src/crypto.rs @@ -1,14 +1,16 @@ use base64::{engine::general_purpose, Engine as _}; use std::collections::HashMap; use std::convert::TryInto; -use std::ffi::CString; -use std::str::FromStr; use thiserror::Error; #[cfg(feature = "xmlsec")] -use crate::xmlsec::{self, XmlSecKey, XmlSecKeyFormat, XmlSecSignatureContext}; +use crate::xmlsec::{self, XmlNode, XmlSecKey, XmlSecKeyFormat, XmlSecSignatureContext}; #[cfg(feature = "xmlsec")] use libxml::parser::Parser as XmlParser; +#[cfg(feature = "xmlsec")] +use std::ffi::CString; +#[cfg(feature = "xmlsec")] +use std::str::FromStr; #[cfg(feature = "xmlsec")] const XMLNS_XML_DSIG: &str = "http://www.w3.org/2000/09/xmldsig#"; @@ -146,7 +148,7 @@ fn collect_id_attributes(doc: &mut libxml::tree::Document) -> Result<(), Error> /// Finds and returns all `` elements in the subtree rooted at the given node. #[cfg(feature = "xmlsec")] -fn find_signature_nodes(node: &libxml::tree::Node) -> Vec { +fn find_signature_nodes(node: &XmlNode) -> Vec { let mut ret = Vec::new(); if let Some(ns) = &node.get_namespace() { @@ -166,7 +168,7 @@ fn find_signature_nodes(node: &libxml::tree::Node) -> Vec { /// Removes all signature-verified attributes ([`ATTRIB_SIGVER`] in the namespace [`XMLNS_SIGVER`]) /// from all elements in the subtree rooted at the given node. #[cfg(feature = "xmlsec")] -pub fn remove_signature_verified_attributes(node: &mut libxml::tree::Node) -> Result<(), Error> { +pub fn remove_signature_verified_attributes(node: &mut XmlNode) -> Result<(), Error> { node.remove_attribute_ns(ATTRIB_SIGVER, XMLNS_SIGVER) .map_err(|err| Error::XmlAttributeRemovalError { error: err })?; for mut child_elem in node.get_child_elements() { @@ -178,10 +180,10 @@ pub fn remove_signature_verified_attributes(node: &mut libxml::tree::Node) -> Re /// Obtains the first child element of the given node that has the given name and namespace. #[cfg(feature = "xmlsec")] fn get_first_child_name_ns( - node: &libxml::tree::Node, + node: &XmlNode, name: &str, ns: &str, -) -> Option { +) -> Option { let mut found_node = None; for child in node.get_child_elements() { if let Some(child_ns) = child.get_namespace() { @@ -203,10 +205,10 @@ fn get_first_child_name_ns( /// Searches the subtree rooted at the given node and returns the elements which match the given /// predicate. #[cfg(feature = "xmlsec")] -fn get_elements_by_predicate bool>( - elem: &libxml::tree::Node, +fn get_elements_by_predicate bool>( + elem: &XmlNode, mut pred: F, -) -> Vec { +) -> Vec { let mut nodes_to_visit = Vec::new(); let mut nodes = Vec::new(); nodes_to_visit.push(elem.clone()); @@ -223,7 +225,8 @@ fn get_elements_by_predicate bool>( /// Searches for and returns the element with the given value of the `ID` attribute from the subtree /// rooted at the given node. #[cfg(feature = "xmlsec")] -fn get_element_by_id(elem: &libxml::tree::Node, id: &str) -> Option { +#[allow(dead_code)] +fn get_element_by_id(elem: &XmlNode, id: &str) -> Option { let mut elems = get_elements_by_predicate(elem, |node| { node.get_attribute("ID") .map(|node_id| node_id == id) @@ -237,9 +240,9 @@ fn get_element_by_id(elem: &libxml::tree::Node, id: &str) -> Option Option { +) -> Option { let mut elems = get_elements_by_predicate(elem, |node| { let node_ptr = node.node_ptr() as *const _; node_ptr == ptr @@ -274,9 +277,9 @@ impl Drop for XPathObject { /// node. #[cfg(feature = "xmlsec")] fn get_signed_node( - signature_node: &libxml::tree::Node, + signature_node: &XmlNode, doc: &libxml::tree::Document, -) -> Option { +) -> Option { let object_elem_opt = get_first_child_name_ns(signature_node, "Object", XMLNS_XML_DSIG); if let Some(object_elem) = object_elem_opt { return Some(object_elem); @@ -346,11 +349,11 @@ fn get_signed_node( /// descendants). #[cfg(feature = "xmlsec")] fn place_signature_verified_attributes( - root_elem: libxml::tree::Node, + root_elem: XmlNode, doc: &libxml::tree::Document, ns: &libxml::tree::Namespace, ) { - let mut ptr_to_required_node: HashMap = HashMap::new(); + let mut ptr_to_required_node: HashMap = HashMap::new(); let mut signature_nodes = find_signature_nodes(&root_elem); for sig_node in signature_nodes.drain(..) { if let Some(sig_root_node) = get_signed_node(&sig_node, doc) { @@ -385,7 +388,7 @@ fn place_signature_verified_attributes( /// Remove all elements that do not contain a signature-verified attribute ([`ATTRIB_SIGVER`] in /// the namespace [`XMLNS_SIGVER`]). #[cfg(feature = "xmlsec")] -fn remove_unverified_elements(node: &mut libxml::tree::Node) { +fn remove_unverified_elements(node: &mut XmlNode) { // depth-first for mut child in node.get_child_elements() { remove_unverified_elements(&mut child); @@ -690,7 +693,7 @@ mod test { )); let response_instant = "2014-07-17T01:01:48Z".parse::>().unwrap(); - let max_issue_delay = Utc::now() - response_instant + chrono::Duration::seconds(60); + let max_issue_delay = Utc::now() - response_instant + chrono::Duration::try_seconds(60).unwrap(); let sp = ServiceProvider { metadata_url: Some("http://test_accept_signed_with_correct_key.test".into()), diff --git a/src/idp/tests.rs b/src/idp/tests.rs index 792a418..418af7c 100644 --- a/src/idp/tests.rs +++ b/src/idp/tests.rs @@ -262,7 +262,7 @@ fn test_accept_signed_with_correct_key_idp() { )); let response_instant = "2014-07-17T01:01:48Z".parse::>().unwrap(); - let max_issue_delay = Utc::now() - response_instant + chrono::Duration::seconds(60); + let max_issue_delay = Utc::now() - response_instant + chrono::Duration::try_seconds(60).unwrap(); let sp = ServiceProvider { metadata_url: Some("http://test_accept_signed_with_correct_key.test".into()), @@ -293,7 +293,7 @@ fn test_accept_signed_with_correct_key_idp_2() { )); let response_instant = "2014-07-17T01:01:48Z".parse::>().unwrap(); - let max_issue_delay = Utc::now() - response_instant + chrono::Duration::seconds(60); + let max_issue_delay = Utc::now() - response_instant + chrono::Duration::try_seconds(60).unwrap(); let sp = ServiceProvider { metadata_url: Some("http://test_accept_signed_with_correct_key.test".into()), diff --git a/src/schema/mod.rs b/src/schema/mod.rs index 5a30181..862bf62 100644 --- a/src/schema/mod.rs +++ b/src/schema/mod.rs @@ -672,9 +672,7 @@ impl LogoutResponse { #[cfg(test)] mod test { - use super::issuer::Issuer; - use super::{LogoutRequest, LogoutResponse, NameID, Status, StatusCode}; - use chrono::TimeZone; + use super::{LogoutRequest, LogoutResponse}; #[test] fn test_deserialize_serialize_logout_request() { diff --git a/src/service_provider/mod.rs b/src/service_provider/mod.rs index a237052..bbce7f9 100644 --- a/src/service_provider/mod.rs +++ b/src/service_provider/mod.rs @@ -135,8 +135,8 @@ impl Default for ServiceProvider { force_authn: false, allow_idp_initiated: false, contact_person: None, - max_issue_delay: Duration::seconds(90), - max_clock_skew: Duration::seconds(180), + max_issue_delay: Duration::try_seconds(90).unwrap(), + max_clock_skew: Duration::try_seconds(180).unwrap(), } } } @@ -146,7 +146,7 @@ impl ServiceProvider { let valid_duration = if let Some(duration) = self.metadata_valid_duration { Some(duration) } else { - Some(chrono::Duration::hours(48)) + Some(chrono::Duration::try_hours(48).unwrap()) }; let valid_until = valid_duration.map(|d| Utc::now() + d); diff --git a/src/xmlsec/xmldsig.rs b/src/xmlsec/xmldsig.rs index 645661f..1fe6b43 100644 --- a/src/xmlsec/xmldsig.rs +++ b/src/xmlsec/xmldsig.rs @@ -4,6 +4,7 @@ use crate::bindings; use super::XmlDocument; +use super::XmlNode; use super::XmlSecError; use super::XmlSecKey; use super::XmlSecResult; @@ -150,7 +151,7 @@ impl XmlSecSignatureContext { /// /// [xmlnode]: http://kwarc.github.io/rust-libxml/libxml/tree/document/struct.Node.html /// [inskey]: struct.XmlSecSignatureContext.html#method.insert_key - pub fn verify_node(&self, sig_node: &libxml::tree::Node) -> XmlSecResult { + pub fn verify_node(&self, sig_node: &XmlNode) -> XmlSecResult { self.key_is_set()?; if let Some(ns) = sig_node.get_namespace() { if ns.get_href() != "http://www.w3.org/2000/09/xmldsig#"