2004-07-22 18:45:50 +02:00
|
|
|
/* $Id$
|
|
|
|
|
*
|
|
|
|
|
* Lasso - A free implementation of the Liberty Alliance specifications.
|
|
|
|
|
*
|
2007-05-30 19:17:45 +02:00
|
|
|
* Copyright (C) 2004-2007 Entr'ouvert
|
2004-07-22 18:45:50 +02:00
|
|
|
* http://lasso.entrouvert.org
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-22 16:57:56 +01:00
|
|
|
* Authors: See AUTHORS file in top-level directory.
|
2004-07-22 18:45:50 +02:00
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-07-22 18:45:50 +02:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-07-22 18:45:50 +02:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
*/
|
|
|
|
|
|
2008-05-15 23:17:44 +02:00
|
|
|
/**
|
|
|
|
|
* SECTION:lecp
|
|
|
|
|
* @short_description: Liberty Enabled Client and Proxy Profile (ID-FF)
|
|
|
|
|
*
|
|
|
|
|
**/
|
|
|
|
|
|
2009-03-27 16:04:26 +01:00
|
|
|
#include "../xml/private.h"
|
2004-12-27 20:47:06 +01:00
|
|
|
#include <libxml/xpath.h>
|
|
|
|
|
#include <libxml/xpathInternals.h>
|
|
|
|
|
|
2009-08-26 17:14:32 +02:00
|
|
|
#include "lecp.h"
|
|
|
|
|
#include "profileprivate.h"
|
Remove use of xmlFreeDoc for lasso_release_doc
- bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c,
bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c,
lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c,
lasso/id-ff/logout.c, lasso/id-ff/name_registration.c,
lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c,
lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c,
lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c,
lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c,
lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c,
lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i:
Remove use of xmlFreeDoc. Use lasso_release_doc instead.
2008-11-04 02:58:49 +01:00
|
|
|
#include "../utils.h"
|
2004-07-22 18:45:50 +02:00
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
#include "../utils.h"
|
|
|
|
|
|
2004-07-22 18:45:50 +02:00
|
|
|
/*****************************************************************************/
|
|
|
|
|
/* public methods */
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
|
2005-01-21 11:51:24 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lasso_lecp_build_authn_request_envelope_msg:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
*
|
|
|
|
|
* Builds an enveloped authentication request message. Sets @msg_body to that
|
|
|
|
|
* message.
|
|
|
|
|
*
|
|
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
|
**/
|
2004-07-22 18:45:50 +02:00
|
|
|
gint
|
2004-08-04 16:36:29 +02:00
|
|
|
lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoProfile *profile;
|
|
|
|
|
gchar *assertionConsumerServiceURL;
|
2005-02-08 11:25:00 +01:00
|
|
|
xmlNode *msg;
|
2004-12-28 16:29:43 +01:00
|
|
|
xmlOutputBuffer *buf;
|
|
|
|
|
xmlCharEncodingHandler *handler;
|
2004-11-01 19:23:20 +01:00
|
|
|
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
profile = LASSO_PROFILE(lecp);
|
|
|
|
|
|
2004-12-26 17:50:37 +01:00
|
|
|
assertionConsumerServiceURL = lasso_provider_get_assertion_consumer_service_url(
|
|
|
|
|
LASSO_PROVIDER(profile->server), NULL);
|
2004-11-01 19:23:20 +01:00
|
|
|
if (assertionConsumerServiceURL == NULL) {
|
2004-12-14 22:41:57 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (profile->request == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_assign_new_gobject(lecp->authnRequestEnvelope, lasso_lib_authn_request_envelope_new_full(
|
2004-11-01 19:23:20 +01:00
|
|
|
LASSO_LIB_AUTHN_REQUEST(profile->request),
|
|
|
|
|
LASSO_PROVIDER(profile->server)->ProviderID,
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
assertionConsumerServiceURL));
|
2004-11-01 19:23:20 +01:00
|
|
|
if (lecp->authnRequestEnvelope == NULL) {
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
2004-12-28 13:44:22 +01:00
|
|
|
LASSO_SAMLP_REQUEST_ABSTRACT(lecp->authnRequestEnvelope->AuthnRequest)->private_key_file =
|
|
|
|
|
LASSO_PROFILE(lecp)->server->private_key;
|
|
|
|
|
LASSO_SAMLP_REQUEST_ABSTRACT(lecp->authnRequestEnvelope->AuthnRequest)->certificate_file =
|
|
|
|
|
LASSO_PROFILE(lecp)->server->certificate;
|
2005-02-08 11:25:00 +01:00
|
|
|
msg = lasso_node_get_xmlNode(LASSO_NODE(lecp->authnRequestEnvelope), FALSE);
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2005-02-08 11:25:00 +01:00
|
|
|
/* msg is not SOAP but straight XML */
|
2004-12-27 20:47:06 +01:00
|
|
|
handler = xmlFindCharEncodingHandler("utf-8");
|
2008-09-12 17:06:58 +02:00
|
|
|
buf = xmlAllocOutputBuffer(handler);
|
2005-02-08 11:25:00 +01:00
|
|
|
xmlNodeDumpOutput(buf, NULL, msg, 0, 0, "utf-8");
|
2004-12-27 20:47:06 +01:00
|
|
|
xmlOutputBufferFlush(buf);
|
|
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_assign_string(profile->msg_body,
|
2005-07-31 00:36:54 +02:00
|
|
|
(char*)(buf->conv ? buf->conv->content : buf->buffer->content));
|
2004-12-27 20:47:06 +01:00
|
|
|
xmlOutputBufferClose(buf);
|
2005-02-08 11:25:00 +01:00
|
|
|
xmlFreeNode(msg);
|
2004-12-27 20:47:06 +01:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
if (profile->msg_body == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED;
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2004-09-20 17:52:03 +02:00
|
|
|
/**
|
|
|
|
|
* lasso_lecp_build_authn_request_msg:
|
2005-01-21 11:51:24 +01:00
|
|
|
* @lecp: a #LassoLecp
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-09-20 17:52:03 +02:00
|
|
|
* Builds an authentication request. The data for the sending of the request are
|
2005-01-21 11:51:24 +01:00
|
|
|
* stored in @msg_url and @msg_body (SOAP POST).
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-21 11:51:24 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
2004-09-20 17:52:03 +02:00
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
int
|
2004-12-14 11:20:07 +01:00
|
|
|
lasso_lecp_build_authn_request_msg(LassoLecp *lecp)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoProfile *profile;
|
|
|
|
|
LassoProvider *remote_provider;
|
|
|
|
|
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
profile = LASSO_PROFILE(lecp);
|
|
|
|
|
|
2006-01-23 16:30:00 +01:00
|
|
|
if (profile->remote_providerID == NULL) {
|
|
|
|
|
/* this means lasso_logout_init_request was not called before */
|
|
|
|
|
return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
|
|
|
|
|
}
|
|
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
remote_provider = g_hash_table_lookup(profile->server->providers,
|
|
|
|
|
profile->remote_providerID);
|
|
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_assign_new_string(profile->msg_url, lasso_provider_get_metadata_one(
|
|
|
|
|
remote_provider, "SingleSignOnServiceURL"));
|
2004-12-28 13:44:22 +01:00
|
|
|
/* msg_body has usally been set in
|
|
|
|
|
* lasso_lecp_process_authn_request_envelope_msg() */
|
2004-12-27 20:47:06 +01:00
|
|
|
if (profile->msg_body == NULL)
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
|
2004-12-27 20:47:06 +01:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
return 0;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2005-01-21 11:51:24 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lasso_lecp_build_authn_response_msg:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
*
|
|
|
|
|
* Builds the lecp authentication response message (base64). Sets @msg_body to
|
|
|
|
|
* that message.
|
|
|
|
|
*
|
|
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
int
|
2004-09-30 19:12:23 +02:00
|
|
|
lasso_lecp_build_authn_response_msg(LassoLecp *lecp)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoProfile *profile;
|
|
|
|
|
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
profile = LASSO_PROFILE(lecp);
|
2007-01-05 14:40:07 +01:00
|
|
|
lasso_profile_clean_msg_info(profile);
|
|
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_assign_string(profile->msg_url, lecp->assertionConsumerServiceURL);
|
2004-11-01 19:23:20 +01:00
|
|
|
if (profile->msg_url == NULL) {
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_base64(LASSO_NODE(profile->response)));
|
2004-11-01 19:23:20 +01:00
|
|
|
if (profile->msg_body == NULL) {
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2005-01-21 11:51:24 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lasso_lecp_build_authn_response_envelope_msg:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
*
|
|
|
|
|
* Builds the enveloped LECP authentication response message (SOAP message).
|
|
|
|
|
* Sets @msg_body to that message.
|
|
|
|
|
*
|
|
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
|
**/
|
2004-07-22 18:45:50 +02:00
|
|
|
gint
|
2004-12-14 20:20:20 +01:00
|
|
|
lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoProfile *profile;
|
|
|
|
|
LassoProvider *provider;
|
2004-12-27 20:47:06 +01:00
|
|
|
gchar *assertionConsumerServiceURL;
|
2004-11-01 19:23:20 +01:00
|
|
|
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
profile = LASSO_PROFILE(lecp);
|
|
|
|
|
|
|
|
|
|
if (LASSO_IS_LIB_AUTHN_RESPONSE(profile->response) == FALSE) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_RESPONSE;
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID);
|
|
|
|
|
if (provider == NULL) {
|
2005-02-05 17:15:53 +01:00
|
|
|
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* build lib:AuthnResponse */
|
2004-12-14 20:20:20 +01:00
|
|
|
lasso_login_build_authn_response_msg(LASSO_LOGIN(lecp));
|
2004-11-01 19:23:20 +01:00
|
|
|
|
2004-12-26 17:50:37 +01:00
|
|
|
assertionConsumerServiceURL = lasso_provider_get_assertion_consumer_service_url(
|
|
|
|
|
provider, NULL);
|
2004-11-01 19:23:20 +01:00
|
|
|
if (assertionConsumerServiceURL == NULL) {
|
2004-12-14 22:41:57 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_release (LASSO_PROFILE(lecp)->msg_body);
|
|
|
|
|
lasso_release (LASSO_PROFILE(lecp)->msg_url);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
lasso_assign_new_gobject(lecp->authnResponseEnvelope, lasso_lib_authn_response_envelope_new(
|
2004-11-01 19:23:20 +01:00
|
|
|
LASSO_LIB_AUTHN_RESPONSE(profile->response),
|
ID-FF 1.2: Use new macros in logout, defederation and lecp
* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
2009-03-27 16:06:21 +01:00
|
|
|
assertionConsumerServiceURL));
|
2004-12-28 13:44:22 +01:00
|
|
|
LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse
|
|
|
|
|
)->private_key_file = profile->server->private_key;
|
|
|
|
|
LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse
|
|
|
|
|
)->certificate_file = profile->server->certificate;
|
|
|
|
|
profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(lecp->authnResponseEnvelope));
|
2004-11-01 19:23:20 +01:00
|
|
|
|
2004-12-28 13:44:22 +01:00
|
|
|
if (profile->msg_body == NULL) {
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2004-12-27 20:47:06 +01:00
|
|
|
/**
|
2004-12-14 11:20:07 +01:00
|
|
|
* lasso_lecp_init_authn_request:
|
2004-12-30 13:57:26 +01:00
|
|
|
* @lecp: a #LassoLecp
|
2004-12-27 20:47:06 +01:00
|
|
|
* @remote_providerID: the providerID of the identity provider. When NULL, the
|
2004-12-30 13:57:26 +01:00
|
|
|
* first known identity provider is used.
|
|
|
|
|
*
|
|
|
|
|
* Initializes a new lib:AuthnRequest.
|
|
|
|
|
*
|
|
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
2004-12-27 20:47:06 +01:00
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
int
|
2004-12-14 11:20:07 +01:00
|
|
|
lasso_lecp_init_authn_request(LassoLecp *lecp, const char *remote_providerID)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
gint res;
|
2004-07-22 18:45:50 +02:00
|
|
|
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2004-07-22 18:45:50 +02:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
/* FIXME : BAD usage of http_method
|
|
|
|
|
using POST method so that the lib:AuthnRequest is initialize with
|
|
|
|
|
a signature template */
|
2004-12-14 11:20:07 +01:00
|
|
|
res = lasso_login_init_authn_request(LASSO_LOGIN(lecp), remote_providerID,
|
|
|
|
|
LASSO_HTTP_METHOD_POST);
|
2004-07-22 18:45:50 +02:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
return res;
|
2004-08-04 16:36:29 +02:00
|
|
|
}
|
2004-07-30 15:39:30 +02:00
|
|
|
|
2005-01-21 11:51:24 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lasso_lecp_process_authn_request_msg:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
* @authn_request_msg: the authentication request received
|
|
|
|
|
*
|
|
|
|
|
* Processes received authentication request, checks it is signed correctly,
|
|
|
|
|
* checks if requested protocol profile is supported, etc.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-21 11:51:24 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
int
|
|
|
|
|
lasso_lecp_process_authn_request_msg(LassoLecp *lecp, const char *authn_request_msg)
|
2004-08-04 16:36:29 +02:00
|
|
|
{
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(authn_request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
return lasso_login_process_authn_request_msg(LASSO_LOGIN(lecp), authn_request_msg);
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2005-01-21 11:51:24 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lasso_lecp_process_authn_request_envelope_msg:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
* @request_msg: the enveloped authentication request received
|
|
|
|
|
*
|
|
|
|
|
* Processes received enveloped authentication request, extracts the
|
|
|
|
|
* authentication request out of it.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-21 11:51:24 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
int
|
|
|
|
|
lasso_lecp_process_authn_request_envelope_msg(LassoLecp *lecp, const char *request_msg)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-12-27 20:47:06 +01:00
|
|
|
xmlDoc *doc;
|
|
|
|
|
xmlXPathContext *xpathCtx;
|
|
|
|
|
xmlXPathObject *xpathObj;
|
|
|
|
|
xmlNode *soap_envelope, *soap_body, *authn_request;
|
|
|
|
|
xmlOutputBuffer *buf;
|
|
|
|
|
xmlCharEncodingHandler *handler;
|
|
|
|
|
|
|
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-12-27 20:47:06 +01:00
|
|
|
|
|
|
|
|
doc = xmlParseMemory(request_msg, strlen(request_msg));
|
|
|
|
|
xpathCtx = xmlXPathNewContext(doc);
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"lib", (xmlChar*)LASSO_LIB_HREF);
|
2005-01-29 19:48:41 +01:00
|
|
|
/* TODO: will need to use another href for id-ff 1.1 support */
|
2005-07-31 00:36:54 +02:00
|
|
|
xpathObj = xmlXPathEvalExpression((xmlChar*)"//lib:AuthnRequest", xpathCtx);
|
2004-12-27 20:47:06 +01:00
|
|
|
|
2007-01-04 00:35:17 +01:00
|
|
|
if (xpathObj == NULL) {
|
|
|
|
|
xmlXPathFreeContext(xpathCtx);
|
2004-12-27 20:47:06 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
2007-01-04 00:35:17 +01:00
|
|
|
}
|
2004-11-01 19:23:20 +01:00
|
|
|
|
2004-12-27 20:47:06 +01:00
|
|
|
if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) {
|
2007-01-04 00:35:17 +01:00
|
|
|
xmlXPathFreeContext(xpathCtx);
|
2004-12-27 20:47:06 +01:00
|
|
|
xmlXPathFreeObject(xpathObj);
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
2004-12-27 20:47:06 +01:00
|
|
|
authn_request = xmlCopyNode(xpathObj->nodesetval->nodeTab[0], 1);
|
2007-01-04 00:35:17 +01:00
|
|
|
xmlXPathFreeContext(xpathCtx);
|
|
|
|
|
xmlXPathFreeObject(xpathObj);
|
Remove use of xmlFreeDoc for lasso_release_doc
- bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c,
bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c,
lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c,
lasso/id-ff/logout.c, lasso/id-ff/name_registration.c,
lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c,
lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c,
lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c,
lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c,
lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c,
lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i:
Remove use of xmlFreeDoc. Use lasso_release_doc instead.
2008-11-04 02:58:49 +01:00
|
|
|
lasso_release_doc(doc);
|
2007-01-04 00:35:17 +01:00
|
|
|
xpathCtx = NULL;
|
|
|
|
|
xpathObj = NULL;
|
|
|
|
|
doc = NULL;
|
2004-12-27 20:47:06 +01:00
|
|
|
|
2005-07-31 00:36:54 +02:00
|
|
|
soap_envelope = xmlNewNode(NULL, (xmlChar*)"Envelope");
|
|
|
|
|
xmlSetNs(soap_envelope, xmlNewNs(soap_envelope,
|
|
|
|
|
(xmlChar*)LASSO_SOAP_ENV_HREF, (xmlChar*)LASSO_SOAP_ENV_PREFIX));
|
2004-12-27 20:47:06 +01:00
|
|
|
|
2005-07-31 00:36:54 +02:00
|
|
|
soap_body = xmlNewTextChild(soap_envelope, NULL, (xmlChar*)"Body", NULL);
|
2004-12-27 20:47:06 +01:00
|
|
|
xmlAddChild(soap_body, authn_request);
|
|
|
|
|
|
|
|
|
|
handler = xmlFindCharEncodingHandler("utf-8");
|
|
|
|
|
buf = xmlAllocOutputBuffer(handler);
|
|
|
|
|
xmlNodeDumpOutput(buf, NULL, soap_envelope, 0, 0, "utf-8");
|
|
|
|
|
xmlOutputBufferFlush(buf);
|
2005-07-31 00:36:54 +02:00
|
|
|
LASSO_PROFILE(lecp)->msg_body = g_strdup( (char*)(
|
|
|
|
|
buf->conv ? buf->conv->content : buf->buffer->content));
|
2004-12-27 20:47:06 +01:00
|
|
|
xmlOutputBufferClose(buf);
|
|
|
|
|
xmlFreeNode(soap_envelope);
|
|
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
return 0;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2005-01-21 11:51:24 +01:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* lasso_lecp_process_authn_response_envelope_msg:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
* @response_msg: the enveloped authentication response received
|
|
|
|
|
*
|
|
|
|
|
* Processes received enveloped authentication response, extracts the
|
|
|
|
|
* authentication response out of it and stores it in @response.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-21 11:51:24 +01:00
|
|
|
* Return value: 0 on success; or a negative value otherwise.
|
|
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
int
|
|
|
|
|
lasso_lecp_process_authn_response_envelope_msg(LassoLecp *lecp, const char *response_msg)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoProfile *profile;
|
|
|
|
|
LassoMessageFormat format;
|
|
|
|
|
|
2006-12-28 18:46:32 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2006-12-28 00:50:15 +01:00
|
|
|
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
2004-11-01 19:23:20 +01:00
|
|
|
|
|
|
|
|
profile = LASSO_PROFILE(lecp);
|
|
|
|
|
|
|
|
|
|
lecp->authnResponseEnvelope = lasso_lib_authn_response_envelope_new(NULL, NULL);
|
|
|
|
|
format = lasso_node_init_from_message(LASSO_NODE(lecp->authnResponseEnvelope),
|
|
|
|
|
response_msg);
|
2004-11-22 14:13:16 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) {
|
2004-12-15 11:07:09 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
profile->response = g_object_ref(lecp->authnResponseEnvelope->AuthnResponse);
|
|
|
|
|
if (profile->response == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_PROFILE_ERROR_MISSING_RESPONSE;
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lecp->assertionConsumerServiceURL = g_strdup(
|
|
|
|
|
lecp->authnResponseEnvelope->AssertionConsumerServiceURL);
|
|
|
|
|
if (lecp->assertionConsumerServiceURL == NULL){
|
2004-12-16 15:04:43 +01:00
|
|
|
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
|
2004-11-01 19:23:20 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2004-12-30 16:12:12 +01:00
|
|
|
/**
|
|
|
|
|
* lasso_lecp_destroy:
|
|
|
|
|
* @lecp: a #LassoLecp
|
|
|
|
|
*
|
|
|
|
|
* Destroys a #LassoLecp object
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-12-30 16:12:12 +01:00
|
|
|
**/
|
2004-08-04 16:36:29 +02:00
|
|
|
void
|
|
|
|
|
lasso_lecp_destroy(LassoLecp *lecp)
|
|
|
|
|
{
|
2006-12-28 18:46:32 +01:00
|
|
|
lasso_node_destroy(LASSO_NODE(lecp));
|
2004-08-04 16:36:29 +02:00
|
|
|
}
|
|
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
/*****************************************************************************/
|
|
|
|
|
/* private methods */
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
|
|
|
|
|
static LassoNodeClass *parent_class = NULL;
|
2004-08-04 16:36:29 +02:00
|
|
|
|
2004-07-22 18:45:50 +02:00
|
|
|
/*****************************************************************************/
|
2004-12-10 10:55:27 +01:00
|
|
|
/* overridden parent class methods */
|
2004-07-22 18:45:50 +02:00
|
|
|
/*****************************************************************************/
|
|
|
|
|
|
|
|
|
|
static void
|
2004-11-01 19:23:20 +01:00
|
|
|
finalize(GObject *object)
|
2008-09-12 17:06:58 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
G_OBJECT_CLASS(parent_class)->finalize(object);
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
/* instance and class init functions */
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
|
|
|
|
|
static void
|
2004-11-01 19:23:20 +01:00
|
|
|
instance_init(LassoLecp *lecp)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
lecp->authnRequestEnvelope = NULL;
|
|
|
|
|
lecp->authnResponseEnvelope = NULL;
|
|
|
|
|
lecp->assertionConsumerServiceURL = NULL;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2004-11-01 19:23:20 +01:00
|
|
|
class_init(LassoLecpClass *klass)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
parent_class = g_type_class_peek_parent(klass);
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
G_OBJECT_CLASS(klass)->finalize = finalize;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
GType
|
|
|
|
|
lasso_lecp_get_type()
|
|
|
|
|
{
|
|
|
|
|
static GType this_type = 0;
|
|
|
|
|
|
|
|
|
|
if (!this_type) {
|
|
|
|
|
static const GTypeInfo this_info = {
|
|
|
|
|
sizeof (LassoLecpClass),
|
|
|
|
|
NULL,
|
|
|
|
|
NULL,
|
|
|
|
|
(GClassInitFunc) class_init,
|
|
|
|
|
NULL,
|
|
|
|
|
NULL,
|
|
|
|
|
sizeof(LassoLecp),
|
|
|
|
|
0,
|
|
|
|
|
(GInstanceInitFunc) instance_init,
|
2009-01-24 10:33:40 +01:00
|
|
|
NULL
|
2004-11-01 19:23:20 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
this_type = g_type_register_static(LASSO_TYPE_LOGIN,
|
|
|
|
|
"LassoLecp", &this_info, 0);
|
|
|
|
|
}
|
|
|
|
|
return this_type;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
|
|
|
|
|
2004-12-30 16:12:12 +01:00
|
|
|
/**
|
|
|
|
|
* lasso_lecp_new
|
|
|
|
|
* @server: the #LassoServer
|
|
|
|
|
*
|
|
|
|
|
* Creates a new #LassoLecp.
|
|
|
|
|
*
|
|
|
|
|
* Return value: a newly created #LassoLecp object; or NULL if an error
|
|
|
|
|
* occured
|
|
|
|
|
**/
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoLecp*
|
2004-08-04 09:41:49 +02:00
|
|
|
lasso_lecp_new(LassoServer *server)
|
2004-07-22 18:45:50 +02:00
|
|
|
{
|
2004-11-01 19:23:20 +01:00
|
|
|
LassoLecp *lecp;
|
2004-07-22 18:45:50 +02:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
lecp = g_object_new(LASSO_TYPE_LECP, NULL);
|
2004-12-30 17:47:35 +01:00
|
|
|
LASSO_PROFILE(lecp)->server = g_object_ref(server);
|
2004-08-04 09:41:49 +02:00
|
|
|
|
2004-11-01 19:23:20 +01:00
|
|
|
return lecp;
|
2004-07-22 18:45:50 +02:00
|
|
|
}
|
