From f637189b9087c4323ee82f9af9d09cf90b69c26b Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Wed, 5 Sep 2018 14:12:29 +0200 Subject: [PATCH] Fix mess from 59c5fc9d6498a4aa15cd4e75a3a9d04ccb0316b1 --- lib/TTLS/src/Config.cpp | 63 +++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 27 deletions(-) diff --git a/lib/TTLS/src/Config.cpp b/lib/TTLS/src/Config.cpp index dd96744..aed2a6d 100644 --- a/lib/TTLS/src/Config.cpp +++ b/lib/TTLS/src/Config.cpp @@ -92,15 +92,17 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode HRESULT hr; - // - com_obj pXmlElClientSideCredential; - if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) - throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); + { + // + com_obj pXmlElClientSideCredential; + if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential))) + throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); - // / - if (!m_anonymous_identity.empty()) - if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), namespace_eapmetadata, bstr(m_anonymous_identity)))) - throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); + // / + if (!m_anonymous_identity.empty()) + if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), namespace_eapmetadata, bstr(m_anonymous_identity)))) + throw com_runtime_error(hr, __FUNCTION__ " Error creating element."); + } // com_obj pXmlElInnerAuthenticationMethod; @@ -121,19 +123,24 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode // /... m_inner->save(pDoc, pXmlElInnerAuthenticationMethod); - // Fix 1: Configured outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only. - // To keep our code clean, we do some post-processing, to make draft compliant XML on output, while keeping things simple on the inside. - if (m_use_cred && m_cred->empty()) { - // For empty configured client certificate must not be present. - com_obj pXmlElClientCertificate; - if (SUCCEEDED(hr = eapxml::select_node(pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), pXmlElClientCertificate))) { - com_obj pXmlElClientCertificateOld; - hr = pXmlElClientSideCredential->removeChild(pXmlElClientCertificate, &pXmlElClientCertificateOld); + { + com_obj pXmlElClientSideCredential; + if (SUCCEEDED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { + // Fix 1: Configured outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only. + // To keep our code clean, we do some post-processing, to make draft compliant XML on output, while keeping things simple on the inside. + if (m_use_cred && m_cred->empty()) { + // For empty configured client certificate must not be present. + com_obj pXmlElClientCertificate; + if (SUCCEEDED(hr = eapxml::select_node(pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), pXmlElClientCertificate))) { + com_obj pXmlElClientCertificateOld; + hr = pXmlElClientSideCredential->removeChild(pXmlElClientCertificate, &pXmlElClientCertificateOld); + } + } else if (!m_use_cred) { + // When not using configured client certificate (user must supply one), add empty . + com_obj pXmlElClientCertificate; + hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate); + } } - } else if (!m_use_cred) { - // When not using configured client certificate (user must supply one), add empty . - com_obj pXmlElClientCertificate; - hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate); } } @@ -173,14 +180,16 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot) m_anonymous_identity.clear(); - // - com_obj pXmlElClientSideCredential; - if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { - wstring xpathClientSideCredential(xpath + L"/ClientSideCredential"); + { + // + com_obj pXmlElClientSideCredential; + if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) { + wstring xpathClientSideCredential(xpath + L"/ClientSideCredential"); - // - eapxml::get_element_value(pXmlElClientSideCredential, bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity); - m_module.log_config((xpathClientSideCredential + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str()); + // + eapxml::get_element_value(pXmlElClientSideCredential, bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity); + m_module.log_config((xpathClientSideCredential + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str()); + } } //