Commit 193b980c authored by Gary Wong's avatar Gary Wong
Browse files

Fixes for GeniCredential::CreateFromSigned: eschew getElementsByTagName(),

which would erroneously ignore extraneous elements beyond the expected
first one, and could potentially return irrelevant elements from deeper
in the hierarchy than we want to look.
parent 09d25535
......@@ -323,6 +323,18 @@ sub GetSelfCredential($$)
return GeniCredential->CreateSigned($me, $me, $signer);
}
# Find an element (which must exist exactly once) within a node.
my $find = sub
{
my( $node, $name ) = @_;
my @cnodes = grep( $_->nodeName eq $name, $node->childNodes );
return undef unless scalar( @cnodes ) == 1;
return $cnodes[ 0 ];
}
#
# Create a credential object from a signed credential string.
#
......@@ -364,6 +376,8 @@ sub CreateFromSigned($$;$)
return undef;
}
my $root = $doc->documentElement();
my $credential_el = &$find( $root, "credential" );
return undef unless defined( $credential_el );
# Dig out the extensions
# now extensions is an xml element.
......@@ -371,7 +385,7 @@ sub CreateFromSigned($$;$)
$root)->get_nodelist;
# UUID of the credential.
my ($uuid_node) = $doc->getElementsByTagName("uuid");
my $uuid_node = &$find( $credential_el, "uuid" );
return undef
if (!defined($uuid_node));
my $this_uuid = $uuid_node->to_literal();
......@@ -382,7 +396,7 @@ sub CreateFromSigned($$;$)
}
# Expiration
my ($expires_node) = $doc->getElementsByTagName("expires");
my $expires_node = &$find( $credential_el, "expires" );
if (!defined($expires_node)) {
print STDERR "Credential is missing expires node\n";
return undef;
......@@ -402,7 +416,7 @@ sub CreateFromSigned($$;$)
$expires = POSIX::strftime("20%y-%m-%dT%H:%M:%S", localtime($when));
# Dig out the target certificate.
my ($cert_node) = $doc->getElementsByTagName("target_gid");
my $cert_node = &$find( $credential_el, "target_gid" );
return undef
if (!defined($cert_node));
my $target_certificate =
......@@ -426,7 +440,7 @@ sub CreateFromSigned($$;$)
}
# Dig out the owner certificate.
($cert_node) = $doc->getElementsByTagName("owner_gid");
$cert_node = &$find( $credential_el, "owner_gid" );
return undef
if (!defined($cert_node));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment