Fix mess from 59c5fc9d6498a4aa15cd4e75a3a9d04ccb0316b1

2018-09-05 14:12:29 +02:00 · 2018-09-05 14:12:29 +02:00 · f637189b90
commit f637189b90
parent 75c226a1ef
1 changed files with 36 additions and 27 deletions
--- a/lib/TTLS/src/Config.cpp
+++ b/lib/TTLS/src/Config.cpp
@ -92,6 +92,7 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode

    HRESULT hr;

+    {
        // <ClientSideCredential>
        com_obj<IXMLDOMElement> pXmlElClientSideCredential;
        if (FAILED(hr = eapxml::create_element(pDoc, pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), bstr(L"ClientSideCredential"), namespace_eapmetadata, pXmlElClientSideCredential)))
@ -101,6 +102,7 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
        if (!m_anonymous_identity.empty())
            if (FAILED(hr = eapxml::put_element_value(pDoc, pXmlElClientSideCredential, bstr(L"AnonymousIdentity"), namespace_eapmetadata, bstr(m_anonymous_identity))))
                throw com_runtime_error(hr, __FUNCTION__ " Error creating <AnonymousIdentity> element.");
+    }

    // <InnerAuthenticationMethod>
    com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;
@ -121,6 +123,9 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
    // <InnerAuthenticationMethod>/...
    m_inner->save(pDoc, pXmlElInnerAuthenticationMethod);

+    {
+        com_obj<IXMLDOMNode> pXmlElClientSideCredential;
+        if (SUCCEEDED(hr = eapxml::select_node(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) {
            // Fix 1: Configured outer credentials in draft-winter-opsawg-eap-metadata has some bizarre presence/absence/blank logic for EAP-TTLS methods only.
            // To keep our code clean, we do some post-processing, to make draft compliant XML on output, while keeping things simple on the inside.
            if (m_use_cred && m_cred->empty()) {
@ -136,6 +141,8 @@ void eap::config_method_ttls::save(_In_ IXMLDOMDocument *pDoc, _In_ IXMLDOMNode
                hr = eapxml::create_element(pDoc, pXmlElClientSideCredential, bstr(L"eap-metadata:ClientCertificate"), bstr(L"ClientCertificate"), namespace_eapmetadata, pXmlElClientCertificate);
            }
        }
+    }
+}


 void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
@ -173,6 +180,7 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)

    m_anonymous_identity.clear();

+    {
        // <ClientSideCredential>
        com_obj<IXMLDOMElement> pXmlElClientSideCredential;
        if (SUCCEEDED(eapxml::select_element(pConfigRoot, bstr(L"eap-metadata:ClientSideCredential"), pXmlElClientSideCredential))) {
@ -182,6 +190,7 @@ void eap::config_method_ttls::load(_In_ IXMLDOMNode *pConfigRoot)
            eapxml::get_element_value(pXmlElClientSideCredential, bstr(L"eap-metadata:AnonymousIdentity"), m_anonymous_identity);
            m_module.log_config((xpathClientSideCredential + L"/AnonymousIdentity").c_str(), m_anonymous_identity.c_str());
        }
+    }

    // <InnerAuthenticationMethod>
    com_obj<IXMLDOMElement> pXmlElInnerAuthenticationMethod;