2004-10-27 11:49:13 +02:00
|
|
|
/* $Id$
|
|
|
|
*
|
|
|
|
* Lasso - A free implementation of the Liberty Alliance specifications.
|
|
|
|
*
|
2007-05-30 19:17:45 +02:00
|
|
|
* Copyright (C) 2004-2007 Entr'ouvert
|
2004-10-27 11:49:13 +02:00
|
|
|
* http://lasso.entrouvert.org
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2005-01-22 16:57:56 +01:00
|
|
|
* Authors: See AUTHORS file in top-level directory.
|
2004-10-27 11:49:13 +02:00
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
* (at your option) any later version.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-10-27 11:49:13 +02:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
2004-12-12 19:15:01 +01:00
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
2004-10-27 11:49:13 +02:00
|
|
|
* GNU General Public License for more details.
|
2008-09-12 17:06:58 +02:00
|
|
|
*
|
2004-10-27 11:49:13 +02:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
2004-12-12 19:15:01 +01:00
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
2004-10-27 11:49:13 +02:00
|
|
|
*/
|
|
|
|
|
2008-05-15 23:17:44 +02:00
|
|
|
/**
|
|
|
|
* SECTION:provider
|
|
|
|
* @short_description: Service or identity provider
|
|
|
|
*
|
2010-03-27 17:52:04 +01:00
|
|
|
* <para>The #LassoProvider object holds metadata about a provider. Metadata are sorted into descriptors,
|
|
|
|
* each descriptor being assigned a role. We refer you to <CiteTitle>Liberty Metadata Description
|
|
|
|
* and Discovery
|
|
|
|
Specification </CiteTitle> and <CiteTitle>Metadata for the OASIS Security Assertion Markup Language
|
|
|
|
(SAML) V2.0</CiteTitle>.</para>
|
|
|
|
|
|
|
|
<para>Roles are represented by the enumeration #LassoProviderRole, you can access descriptors
|
|
|
|
content using lasso_provider_get_metadata_list_by_role() and lasso_provider_get_metadata_by_role().
|
|
|
|
Descriptors resources are flattened inside a simple hashtable. For example to get the URL(s) for the
|
|
|
|
SAML 2.0 single logout response endpoint using binding HTTP-POST of the SP descriptor of a provider
|
|
|
|
called x, you would call:</para>
|
|
|
|
|
|
|
|
<programlisting>
|
|
|
|
GList *urls = lasso_provider_get_metadata_list_by_role(x, LASSO_PROVIDER_ROLE_SP, "SingleLogoutService HTTP-POST ResponseLocation");
|
|
|
|
</programlisting>
|
|
|
|
|
|
|
|
<para>A provider usually possess a default role stored in the #LassoProvider.role field, which is
|
|
|
|
initialized by the lasso_server_add_provider() method when registering a new remote provider to our
|
|
|
|
current provider. The methods lasso_provider_get_metadata() and lasso_provider_get_metadata_list()
|
|
|
|
use this default role to access descriptors.</para>
|
|
|
|
|
2008-05-15 23:17:44 +02:00
|
|
|
**/
|
|
|
|
|
2009-03-27 16:04:26 +01:00
|
|
|
#include "../xml/private.h"
|
2004-10-27 11:49:13 +02:00
|
|
|
#include <libxml/xpath.h>
|
|
|
|
#include <libxml/xpathInternals.h>
|
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
#include <xmlsec/base64.h>
|
2005-08-25 09:15:09 +02:00
|
|
|
#include <xmlsec/errors.h>
|
2004-10-27 11:49:13 +02:00
|
|
|
#include <xmlsec/xmldsig.h>
|
|
|
|
#include <xmlsec/xmltree.h>
|
2005-11-20 16:38:19 +01:00
|
|
|
#include <xmlsec/templates.h>
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2009-08-26 17:14:32 +02:00
|
|
|
#include "provider.h"
|
|
|
|
#include "providerprivate.h"
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2009-08-26 17:14:32 +02:00
|
|
|
#include "../saml-2.0/providerprivate.h"
|
2008-11-02 12:49:53 +01:00
|
|
|
#include <unistd.h>
|
2008-08-26 14:48:58 +02:00
|
|
|
#include "../utils.h"
|
2008-10-01 12:31:58 +02:00
|
|
|
#include "../debug.h"
|
2004-10-27 11:49:13 +02:00
|
|
|
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
static char *protocol_uris[LASSO_MD_PROTOCOL_TYPE_LAST] = {
|
2004-10-27 11:49:13 +02:00
|
|
|
"http://projectliberty.org/profiles/fedterm",
|
|
|
|
"http://projectliberty.org/profiles/nim",
|
|
|
|
"http://projectliberty.org/profiles/rni",
|
|
|
|
"http://projectliberty.org/profiles/slo",
|
|
|
|
NULL /* none for single sign on */
|
|
|
|
};
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
static char *protocol_md_nodename[LASSO_MD_PROTOCOL_TYPE_LAST] = {
|
2004-10-27 11:49:13 +02:00
|
|
|
"FederationTerminationNotificationProtocolProfile",
|
|
|
|
"NameIdentifierMappingProtocolProfile",
|
|
|
|
"RegisterNameIdentifierProtocolProfile",
|
|
|
|
"SingleLogoutProtocolProfile",
|
|
|
|
"SingleSignOnProtocolProfile"
|
|
|
|
};
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
static char *protocol_roles[LASSO_PROVIDER_ROLE_LAST] = {
|
2010-03-27 17:52:04 +01:00
|
|
|
NULL, "idp", "sp",
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
"authn-authority", "pdp", "attribute-authority"
|
|
|
|
};
|
|
|
|
char *protocol_methods[LASSO_HTTP_METHOD_LAST] = {
|
|
|
|
"", "", "", "",
|
|
|
|
"", "-http", "-soap"
|
|
|
|
};
|
2010-03-27 17:52:04 +01:00
|
|
|
|
|
|
|
static gboolean _lasso_provider_load_metadata_from_doc(LassoProvider *provider, xmlDoc *doc);
|
|
|
|
static int _lasso_provider_get_role_index(LassoProviderRole role);
|
|
|
|
void _lasso_provider_add_metadata_value_for_role(LassoProvider *provider,
|
|
|
|
LassoProviderRole role, const char *name, const char *value);
|
|
|
|
typedef int LassoProviderRoleIndex;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
/* public methods */
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
2004-12-24 11:04:37 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_assertion_consumer_service_url:
|
|
|
|
* @provider: a #LassoProvider
|
2010-02-04 01:02:12 +01:00
|
|
|
* @service_id:(allow-none): the AssertionConsumerServiceID, NULL for default
|
2004-12-24 11:04:37 +01:00
|
|
|
*
|
|
|
|
* Extracts the AssertionConsumerServiceURL from the provider metadata
|
|
|
|
* descriptor.
|
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(allow-none)(transfer full): the element value, NULL if the element was not found. This
|
2004-12-24 11:04:37 +01:00
|
|
|
* string must be freed by the caller.
|
|
|
|
**/
|
|
|
|
gchar*
|
2010-03-27 17:52:04 +01:00
|
|
|
lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, const char *service_id)
|
2004-12-24 11:04:37 +01:00
|
|
|
{
|
2010-03-27 17:52:04 +01:00
|
|
|
char *name = NULL;
|
|
|
|
char *assertion_consumer_service_url = NULL;
|
2004-12-24 11:04:37 +01:00
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
if (service_id == NULL)
|
|
|
|
service_id = provider->private_data->default_assertion_consumer;
|
|
|
|
name = g_strdup_printf("AssertionConsumerServiceURL %s", service_id);
|
|
|
|
assertion_consumer_service_url = lasso_provider_get_metadata_one_for_role(provider, LASSO_PROVIDER_ROLE_SP, name);
|
|
|
|
g_free(name);
|
2004-12-24 11:04:37 +01:00
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
return assertion_consumer_service_url;
|
|
|
|
}
|
2004-12-24 11:04:37 +01:00
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
static LassoProviderRoleIndex
|
|
|
|
_lasso_provider_get_role_index(LassoProviderRole role) {
|
|
|
|
switch (role) {
|
|
|
|
case LASSO_PROVIDER_ROLE_IDP:
|
|
|
|
return 1;
|
|
|
|
case LASSO_PROVIDER_ROLE_SP:
|
|
|
|
return 2;
|
|
|
|
case LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY:
|
|
|
|
return 3;
|
|
|
|
case LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY:
|
|
|
|
return 4;
|
|
|
|
case LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY:
|
|
|
|
return 5;
|
|
|
|
default:
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
2004-12-24 11:04:37 +01:00
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
void
|
|
|
|
_lasso_provider_add_metadata_value_for_role(LassoProvider *provider, LassoProviderRole role, const char *name, const char *value)
|
|
|
|
{
|
|
|
|
GList *l;
|
|
|
|
GHashTable *descriptor;
|
|
|
|
char *symbol;
|
|
|
|
LassoProviderRoleIndex role_index;
|
|
|
|
|
|
|
|
g_return_if_fail(LASSO_IS_PROVIDER(provider) && name && value);
|
|
|
|
role_index = _lasso_provider_get_role_index(role);
|
|
|
|
g_return_if_fail ( role_index);
|
|
|
|
descriptor = provider->private_data->Descriptors; /* default to SP */
|
|
|
|
g_return_if_fail (descriptor);
|
|
|
|
l = (GList*)lasso_provider_get_metadata_list_for_role(provider, role, name);
|
|
|
|
lasso_list_add_string(l, value);
|
|
|
|
symbol = g_strdup_printf("%s %s", protocol_roles[role_index], name);
|
|
|
|
g_hash_table_insert(descriptor, symbol, l);
|
2004-12-24 11:04:37 +01:00
|
|
|
}
|
|
|
|
|
2004-12-22 11:48:31 +01:00
|
|
|
/**
|
2010-03-27 17:52:04 +01:00
|
|
|
* lasso_provider_get_metadata_list_for_role:
|
2004-12-22 11:48:31 +01:00
|
|
|
* @provider: a #LassoProvider
|
2010-03-27 17:52:04 +01:00
|
|
|
* @role: a #LassoProviderRole value
|
2004-12-22 11:48:31 +01:00
|
|
|
* @name: the element name
|
|
|
|
*
|
2010-03-27 17:52:04 +01:00
|
|
|
* Extracts zero to many elements from the @provider descriptor for the given @role.
|
2004-12-22 11:48:31 +01:00
|
|
|
*
|
2010-03-27 17:52:04 +01:00
|
|
|
* Return value:(transfer none)(element-type string): a #GList with the elements. This GList is internally
|
|
|
|
* allocated and points to internally allocated strings. It must
|
|
|
|
* not be freed, modified or stored.
|
2004-12-22 11:48:31 +01:00
|
|
|
**/
|
2010-03-27 17:52:04 +01:00
|
|
|
GList*
|
|
|
|
lasso_provider_get_metadata_list_for_role(const LassoProvider *provider, LassoProviderRole role, const char *name)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
|
|
|
GList *l;
|
|
|
|
GHashTable *descriptor;
|
2010-03-27 17:52:04 +01:00
|
|
|
char *symbol;
|
|
|
|
LassoProviderRoleIndex role_index;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider) && name, NULL);
|
|
|
|
|
|
|
|
role_index = _lasso_provider_get_role_index(role);
|
|
|
|
if (! role_index)
|
|
|
|
return NULL;
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
|
|
|
|
descriptor = provider->private_data->Descriptors; /* default to SP */
|
2004-12-24 11:04:37 +01:00
|
|
|
if (descriptor == NULL)
|
|
|
|
return NULL;
|
2010-03-27 17:52:04 +01:00
|
|
|
|
|
|
|
symbol = g_strdup_printf("%s %s", protocol_roles[role_index], name);
|
|
|
|
l = g_hash_table_lookup(descriptor, symbol);
|
|
|
|
g_free(symbol);
|
|
|
|
|
|
|
|
return l;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_metadata_one_for_role:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
* @role: a #LassoProviderRole value
|
|
|
|
* @name: a metadata information name
|
|
|
|
*
|
|
|
|
* Return the given information extracted from the metadata of the given #LassoProvider for the
|
|
|
|
* given @role descriptor.
|
|
|
|
*
|
|
|
|
* Retun value: a newly allocated string or NULL. If non-NULL must be freed by the caller.
|
|
|
|
*/
|
|
|
|
char*
|
|
|
|
lasso_provider_get_metadata_one_for_role(LassoProvider *provider, LassoProviderRole role, const char *name)
|
|
|
|
{
|
|
|
|
const GList *l;
|
|
|
|
|
|
|
|
l = lasso_provider_get_metadata_list_for_role(provider, role, name);
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
if (l)
|
|
|
|
return g_strdup(l->data);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_metadata_one:
|
|
|
|
* @provider: a #LassoProvider
|
|
|
|
* @name: the element name
|
|
|
|
*
|
|
|
|
* Extracts the element @name from the provider metadata descriptor.
|
|
|
|
*
|
|
|
|
* Return value:(transfer full)(allow-none): the element value, NULL if the element was not found. This
|
|
|
|
* string must be freed by the caller.
|
|
|
|
**/
|
|
|
|
gchar*
|
|
|
|
lasso_provider_get_metadata_one(LassoProvider *provider, const char *name)
|
|
|
|
{
|
|
|
|
return lasso_provider_get_metadata_one_for_role(provider, provider->role, name);
|
|
|
|
}
|
2004-12-22 11:48:31 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_metadata_list:
|
|
|
|
* @provider: a #LassoProvider
|
|
|
|
* @name: the element name
|
|
|
|
*
|
|
|
|
* Extracts zero to many elements from the provider metadata descriptor.
|
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(transfer none)(element-type string): a #GList with the elements. This GList is internally
|
2004-12-22 11:48:31 +01:00
|
|
|
* allocated and points to internally allocated strings. It must
|
|
|
|
* not be freed, modified or stored.
|
|
|
|
**/
|
2010-03-27 17:52:04 +01:00
|
|
|
GList*
|
|
|
|
lasso_provider_get_metadata_list(LassoProvider *provider, const char *name)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
2010-03-27 17:52:04 +01:00
|
|
|
return lasso_provider_get_metadata_list_for_role(provider, provider->role, name);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2004-12-22 11:48:31 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_first_http_method:
|
2009-09-29 15:20:38 +02:00
|
|
|
* @provider: (transfer none): a #LassoProvider
|
2004-12-22 11:48:31 +01:00
|
|
|
* @remote_provider: a #LassoProvider depicting the remote provider
|
|
|
|
* @protocol_type: a Liberty profile
|
|
|
|
*
|
2004-12-31 19:33:23 +01:00
|
|
|
* Looks up and returns a #LassoHttpMethod appropriate for performing the
|
2004-12-22 11:48:31 +01:00
|
|
|
* @protocol_type between @provider and @remote_provider.
|
|
|
|
*
|
2004-12-31 19:33:23 +01:00
|
|
|
* Return value: the #LassoHttpMethod
|
2004-12-22 11:48:31 +01:00
|
|
|
**/
|
2005-11-20 16:38:19 +01:00
|
|
|
LassoHttpMethod
|
|
|
|
lasso_provider_get_first_http_method(LassoProvider *provider,
|
2010-03-27 17:52:04 +01:00
|
|
|
LassoProvider *remote_provider, LassoMdProtocolType protocol_type)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
|
|
|
char *protocol_profile_prefix;
|
2009-09-29 15:20:40 +02:00
|
|
|
const GList *local_supported_profiles;
|
|
|
|
const GList *remote_supported_profiles;
|
|
|
|
const GList *t1, *t2 = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
gboolean found;
|
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), LASSO_HTTP_METHOD_NONE);
|
2005-11-20 16:38:19 +01:00
|
|
|
if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
|
|
|
|
return lasso_saml20_provider_get_first_http_method(
|
|
|
|
provider, remote_provider, protocol_type);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_SP)
|
|
|
|
provider->role = LASSO_PROVIDER_ROLE_IDP;
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP)
|
|
|
|
provider->role = LASSO_PROVIDER_ROLE_SP;
|
|
|
|
|
|
|
|
protocol_profile_prefix = g_strdup_printf("%s-%s",
|
|
|
|
protocol_uris[protocol_type], protocol_roles[provider->role]);
|
|
|
|
|
|
|
|
local_supported_profiles = lasso_provider_get_metadata_list(
|
|
|
|
provider, protocol_md_nodename[protocol_type]);
|
|
|
|
remote_supported_profiles = lasso_provider_get_metadata_list(
|
|
|
|
remote_provider, protocol_md_nodename[protocol_type]);
|
|
|
|
|
|
|
|
found = FALSE;
|
|
|
|
t1 = local_supported_profiles;
|
|
|
|
while (t1 && !found) {
|
|
|
|
if (g_str_has_prefix(t1->data, protocol_profile_prefix)) {
|
|
|
|
t2 = remote_supported_profiles;
|
|
|
|
while (t2 && !found) {
|
|
|
|
if (strcmp(t1->data, t2->data) == 0) {
|
|
|
|
found = TRUE;
|
|
|
|
break; /* avoid the g_list_next */
|
|
|
|
}
|
|
|
|
t2 = g_list_next(t2);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
t1 = g_list_next(t1);
|
|
|
|
}
|
|
|
|
g_free(protocol_profile_prefix);
|
|
|
|
|
|
|
|
if (found) {
|
|
|
|
if (g_str_has_suffix(t2->data, "http"))
|
|
|
|
return LASSO_HTTP_METHOD_REDIRECT;
|
Fix bugs found via coverity (thanks to Bhaskar Jain)
* lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in
lasso_idwsf2_data_service_process_query_response_soap_fault_msg.
* lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable
in get_xmlNode.
* lasso/saml-2.0/login.c:
in lasso_saml20_login_accept_sso check for ni and ni->Format
null-ness before dereferencing, remove idp_ni which is not used
anymore.
remote all use of federation->remote_nameIdentifier, SAML 2.0 only
need one NameID, and it will be local_nameIdentifier.
* lasso/xml/xml.c:
in lasso_node_traversal, check null-ness of node before dereferencing
it, add check for class null-ness also.
* lasso/id-ff/provider.c:
in lasso_provider_get_first_http_method, remove useless check for t2
null-ness -- if found is TRUE, t1 and t2 cannot be null.
* lasso/xml/tools.c:
in lasso_sign_node, add documentation, check for private_key_file and
xmlnode null-ness.
in lasso_get_public_key_from_private_key_file, add a cleanup phase,
check for cert variabl null-ness befor appending, count the number of
certificates added.
in lasso_query_verify_signature, check that URL unescaping and base64
decoding are succesfull before using the decoded strings.
* lasso/saml-2.0/name_id_management.c:
in lasso_name_id_management_validate_request, fix mis-handling of
federation, if federation does not match request name_id, return
UNKNOWN_PRINCIPAL.
2009-09-17 17:05:50 +02:00
|
|
|
if (g_str_has_suffix(t2->data, "soap"))
|
2004-10-27 11:49:13 +02:00
|
|
|
return LASSO_HTTP_METHOD_SOAP;
|
|
|
|
g_assert_not_reached();
|
|
|
|
}
|
|
|
|
|
|
|
|
return LASSO_HTTP_METHOD_NONE;
|
|
|
|
}
|
|
|
|
|
2004-12-22 11:48:31 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_accept_http_method:
|
|
|
|
* @provider: a #LassoProvider
|
|
|
|
* @remote_provider: a #LassoProvider depicting the remote provider
|
|
|
|
* @protocol_type: a Liberty profile type
|
|
|
|
* @http_method: an HTTP method
|
|
|
|
* @initiate_profile: whether @provider initiates the profile
|
|
|
|
*
|
|
|
|
* Gets if @http_method is an appropriate method for the @protocol_type profile
|
|
|
|
* between @provider and @remote_provider.
|
|
|
|
*
|
|
|
|
* Return value: %TRUE if it is appropriate
|
|
|
|
**/
|
2004-10-27 11:49:13 +02:00
|
|
|
gboolean
|
2010-03-27 17:52:04 +01:00
|
|
|
lasso_provider_accept_http_method(LassoProvider *provider, LassoProvider *remote_provider,
|
2004-12-31 19:33:23 +01:00
|
|
|
LassoMdProtocolType protocol_type, LassoHttpMethod http_method,
|
2004-10-27 11:49:13 +02:00
|
|
|
gboolean initiate_profile)
|
2008-09-12 17:06:58 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProviderRole initiating_role;
|
|
|
|
char *protocol_profile;
|
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE); /* Be conservative */
|
2005-11-21 19:51:52 +01:00
|
|
|
if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
|
|
|
|
return lasso_saml20_provider_accept_http_method(
|
|
|
|
provider, remote_provider, protocol_type,
|
|
|
|
http_method, initiate_profile);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
initiating_role = remote_provider->role;
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
|
|
|
|
provider->role = LASSO_PROVIDER_ROLE_IDP;
|
|
|
|
}
|
|
|
|
if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
|
|
|
|
provider->role = LASSO_PROVIDER_ROLE_SP;
|
|
|
|
}
|
|
|
|
if (initiate_profile)
|
|
|
|
initiating_role = provider->role;
|
|
|
|
|
|
|
|
protocol_profile = g_strdup_printf("%s-%s%s",
|
|
|
|
protocol_uris[protocol_type],
|
|
|
|
protocol_roles[initiating_role],
|
|
|
|
protocol_methods[http_method+1]);
|
|
|
|
|
2004-10-29 13:16:38 +02:00
|
|
|
if (lasso_provider_has_protocol_profile(provider,
|
2007-01-07 12:29:26 +01:00
|
|
|
protocol_type, protocol_profile) == FALSE) {
|
|
|
|
g_free(protocol_profile);
|
2004-10-27 11:49:13 +02:00
|
|
|
return FALSE;
|
2007-01-07 12:29:26 +01:00
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2004-10-29 13:16:38 +02:00
|
|
|
if (lasso_provider_has_protocol_profile(remote_provider,
|
2007-01-07 12:29:26 +01:00
|
|
|
protocol_type, protocol_profile) == FALSE) {
|
|
|
|
g_free(protocol_profile);
|
2004-10-27 11:49:13 +02:00
|
|
|
return FALSE;
|
2007-01-07 12:29:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
g_free(protocol_profile);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
return TRUE;
|
2004-10-29 13:16:38 +02:00
|
|
|
}
|
|
|
|
|
2004-12-22 11:48:31 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_has_protocol_profile:
|
|
|
|
* @provider: a #LassoProvider
|
|
|
|
* @protocol_type: a Liberty profile type
|
|
|
|
* @protocol_profile: a fully-qualified Liberty profile
|
|
|
|
*
|
|
|
|
* Gets if @provider supports @protocol_profile.
|
|
|
|
*
|
|
|
|
* Return value: %TRUE if it is supported
|
|
|
|
**/
|
2004-10-29 13:16:38 +02:00
|
|
|
gboolean
|
2010-03-27 17:52:04 +01:00
|
|
|
lasso_provider_has_protocol_profile(LassoProvider *provider,
|
2004-12-31 19:33:23 +01:00
|
|
|
LassoMdProtocolType protocol_type, const char *protocol_profile)
|
2004-10-29 13:16:38 +02:00
|
|
|
{
|
2009-09-29 15:20:40 +02:00
|
|
|
const GList *supported;
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE); /* Be conservative */
|
2004-10-29 13:16:38 +02:00
|
|
|
supported = lasso_provider_get_metadata_list(
|
|
|
|
provider, protocol_md_nodename[protocol_type]);
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2009-09-29 15:20:40 +02:00
|
|
|
if (g_list_find_custom((GList*)supported, protocol_profile, (GCompareFunc)strcmp) == NULL)
|
2004-10-29 13:16:38 +02:00
|
|
|
return FALSE;
|
|
|
|
return TRUE;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2004-12-21 21:57:45 +01:00
|
|
|
/**
|
2004-12-31 19:21:32 +01:00
|
|
|
* lasso_provider_get_base64_succinct_id:
|
2004-12-22 11:48:31 +01:00
|
|
|
* @provider: a #LassoProvider
|
2004-12-21 21:57:45 +01:00
|
|
|
*
|
2004-12-31 19:21:32 +01:00
|
|
|
* Computes and returns the base64-encoded provider succinct ID.
|
2004-12-22 11:48:31 +01:00
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(transfer full)(allow-none): the provider succinct ID. This string must be freed by the
|
2004-12-22 11:48:31 +01:00
|
|
|
* caller.
|
|
|
|
**/
|
2004-12-21 21:57:45 +01:00
|
|
|
char*
|
2009-09-29 15:20:38 +02:00
|
|
|
lasso_provider_get_base64_succinct_id(const LassoProvider *provider)
|
2004-12-21 21:57:45 +01:00
|
|
|
{
|
2010-02-17 11:14:59 +01:00
|
|
|
char *succinct_id, *base64_succinct_id, *ret;
|
2004-12-21 21:57:45 +01:00
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
2004-12-31 19:21:32 +01:00
|
|
|
succinct_id = lasso_sha1(provider->ProviderID);
|
2005-07-31 00:36:54 +02:00
|
|
|
base64_succinct_id = (char*)xmlSecBase64Encode((xmlChar*)succinct_id, 20, 0);
|
2005-02-08 19:47:07 +01:00
|
|
|
xmlFree(succinct_id);
|
2010-02-17 11:14:59 +01:00
|
|
|
ret = g_strdup(base64_succinct_id);
|
|
|
|
xmlFree(base64_succinct_id);
|
|
|
|
return ret;
|
2004-12-21 21:57:45 +01:00
|
|
|
}
|
|
|
|
|
2005-04-20 15:35:52 +02:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_organization
|
|
|
|
* @provider: a #LassoProvider
|
|
|
|
*
|
2005-05-18 12:27:22 +02:00
|
|
|
* Returns the provider metadata <Organization> XML node.
|
2005-04-20 15:35:52 +02:00
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(transfer full)(allow-none): the <Organization/> node (libxml2 xmlNode*); or NULL if it is
|
2005-04-20 15:35:52 +02:00
|
|
|
* not found. This xmlnode must be freed by the caller.
|
|
|
|
**/
|
|
|
|
xmlNode*
|
2009-09-29 15:20:38 +02:00
|
|
|
lasso_provider_get_organization(const LassoProvider *provider)
|
2005-04-20 15:35:52 +02:00
|
|
|
{
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
2005-04-20 15:35:52 +02:00
|
|
|
if (provider->private_data->organization) {
|
|
|
|
return xmlCopyNode(provider->private_data->organization, 1);
|
|
|
|
} else {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
/*****************************************************************************/
|
2008-08-05 16:53:29 +02:00
|
|
|
/* private methods */
|
2004-10-27 11:49:13 +02:00
|
|
|
/*****************************************************************************/
|
|
|
|
|
2005-01-12 10:12:52 +01:00
|
|
|
static struct XmlSnippet schema_snippets[] = {
|
2009-01-24 10:33:40 +01:00
|
|
|
{ "PublicKeyFilePath", SNIPPET_CONTENT, G_STRUCT_OFFSET(LassoProvider, public_key), NULL, NULL, NULL},
|
|
|
|
{ "CaCertChainFilePath", SNIPPET_CONTENT, G_STRUCT_OFFSET(LassoProvider, ca_cert_chain), NULL, NULL, NULL},
|
|
|
|
{ "MetadataFilePath", SNIPPET_CONTENT, G_STRUCT_OFFSET(LassoProvider, metadata_filename), NULL, NULL, NULL},
|
|
|
|
{ "ProviderID", SNIPPET_ATTRIBUTE, G_STRUCT_OFFSET(LassoProvider, ProviderID), NULL, NULL, NULL},
|
|
|
|
{NULL, 0, 0, NULL, NULL, NULL}
|
2005-01-12 10:12:52 +01:00
|
|
|
};
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
static LassoNodeClass *parent_class = NULL;
|
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_public_key:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the public key associated with this provider.
|
|
|
|
*
|
|
|
|
* Return value: an #xmlSecKey object.
|
|
|
|
*/
|
2005-09-26 17:02:52 +02:00
|
|
|
xmlSecKey*
|
2010-01-04 10:14:01 +01:00
|
|
|
lasso_provider_get_public_key(const LassoProvider *provider)
|
2005-09-26 17:02:52 +02:00
|
|
|
{
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
2007-01-05 13:41:10 +01:00
|
|
|
return provider->private_data->public_key;
|
2005-09-26 17:02:52 +02:00
|
|
|
}
|
|
|
|
|
2010-01-04 10:14:01 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_encryption_public_key:
|
|
|
|
* @provider: a #LassoProvider object.
|
|
|
|
*
|
|
|
|
* Return the #xmlSecKey public key to use for encrypting content target at @provider.
|
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(transfer none)(allow-none): an #xmlSecKey object, or NULL if no key is known or @provider is not a
|
2010-01-04 10:14:01 +01:00
|
|
|
* #LassoProvider.
|
|
|
|
*/
|
|
|
|
xmlSecKey*
|
|
|
|
lasso_provider_get_encryption_public_key(const LassoProvider *provider)
|
|
|
|
{
|
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
|
|
|
|
|
|
|
if (provider->private_data->encryption_public_key) {
|
|
|
|
return provider->private_data->encryption_public_key;
|
|
|
|
}
|
|
|
|
return lasso_provider_get_public_key(provider);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
static void
|
2010-03-27 17:52:04 +01:00
|
|
|
_lasso_provider_load_endpoint_type(LassoProvider *provider, xmlNode *endpoint,
|
|
|
|
LassoProviderRole role)
|
|
|
|
{
|
|
|
|
char *name = (char*)endpoint->name;
|
|
|
|
xmlChar *value = NULL;
|
|
|
|
|
|
|
|
if (strcmp(name, "AssertionConsumerServiceURL") == 0) {
|
|
|
|
char *isDefault = (char*)xmlGetProp(endpoint, (xmlChar*)"isDefault");
|
|
|
|
char *id = (char*)xmlGetProp(endpoint, (xmlChar*)"id");
|
|
|
|
name = g_strdup_printf("%s %s", name, id);
|
|
|
|
if (isDefault) {
|
|
|
|
if (strcmp(isDefault, "true") == 0 || strcmp(isDefault, "1") == 0)
|
|
|
|
lasso_assign_string(provider->private_data->default_assertion_consumer,
|
|
|
|
id);
|
|
|
|
xmlFree(isDefault);
|
|
|
|
}
|
|
|
|
xmlFree(id);
|
|
|
|
} else {
|
|
|
|
name = g_strdup_printf("%s", (char*)name);
|
|
|
|
}
|
|
|
|
value = xmlNodeGetContent(endpoint);
|
|
|
|
_lasso_provider_add_metadata_value_for_role(provider, role, name, (char*)value);
|
|
|
|
lasso_release_string(name);
|
|
|
|
xmlFree(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
_lasso_provider_load_descriptor(LassoProvider *provider, xmlNode *xmlnode, LassoProviderRole role)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
|
|
|
xmlNode *t;
|
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
t = xmlSecGetNextElementNode(xmlnode->children);
|
2004-10-27 11:49:13 +02:00
|
|
|
while (t) {
|
2010-03-27 17:52:04 +01:00
|
|
|
if (xmlSecCheckNodeName(t,
|
|
|
|
BAD_CAST "KeyDescriptor",
|
|
|
|
BAD_CAST LASSO_METADATA_HREF)) {
|
|
|
|
_lasso_provider_load_key_descriptor(provider, t);
|
2004-12-24 11:04:37 +01:00
|
|
|
} else {
|
2010-03-27 17:52:04 +01:00
|
|
|
_lasso_provider_load_endpoint_type(provider, t, role);
|
2004-12-24 11:04:37 +01:00
|
|
|
}
|
2010-03-27 17:52:04 +01:00
|
|
|
t = xmlSecGetNextElementNode(t->next);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static xmlNode*
|
2004-12-19 21:34:22 +01:00
|
|
|
get_xmlNode(LassoNode *node, gboolean lasso_dump)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
2004-12-24 11:04:37 +01:00
|
|
|
xmlNode *xmlnode;
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProvider *provider = LASSO_PROVIDER(node);
|
2010-03-27 17:52:04 +01:00
|
|
|
char *roles[LASSO_PROVIDER_ROLE_LAST] = {
|
|
|
|
"None",
|
|
|
|
"SP",
|
|
|
|
"IdP",
|
|
|
|
"AuthnAuthority",
|
|
|
|
"PDP",
|
|
|
|
"AttributeAuthority"
|
|
|
|
};
|
|
|
|
char *encryption_mode[] = {
|
|
|
|
"None",
|
|
|
|
"NameId",
|
|
|
|
"Assertion",
|
|
|
|
"Both"
|
|
|
|
};
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-01-12 10:12:52 +01:00
|
|
|
xmlnode = parent_class->get_xmlNode(node, lasso_dump);
|
2007-06-12 16:14:57 +02:00
|
|
|
|
|
|
|
/* Save provider role */
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlSetProp(xmlnode, (xmlChar*)"ProviderDumpVersion", (xmlChar*)"2");
|
2007-06-12 16:14:57 +02:00
|
|
|
if (provider->role) {
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlSetProp(xmlnode, (xmlChar*)"ProviderRole", (xmlChar*)roles[provider->role]);
|
2007-06-12 16:14:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Save encryption mode */
|
2007-06-12 16:10:34 +02:00
|
|
|
xmlSetProp(xmlnode, (xmlChar*)"EncryptionMode",
|
|
|
|
(xmlChar*)encryption_mode[provider->private_data->encryption_mode]);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
return xmlnode;
|
|
|
|
}
|
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
void
|
|
|
|
_lasso_provider_load_key_descriptor(LassoProvider *provider, xmlNode *key_descriptor)
|
|
|
|
{
|
|
|
|
LassoProviderPrivate *private_data;
|
|
|
|
xmlChar *use;
|
|
|
|
|
|
|
|
g_return_if_fail(LASSO_IS_PROVIDER(provider));
|
|
|
|
g_return_if_fail(provider->private_data);
|
|
|
|
|
|
|
|
private_data = provider->private_data;
|
|
|
|
use = xmlGetProp(key_descriptor, (xmlChar*)"use");
|
|
|
|
if (use == NULL || g_strcmp0((char*)use, "signing") == 0) {
|
|
|
|
lasso_assign_xml_node(private_data->signing_key_descriptor, key_descriptor);
|
|
|
|
}
|
|
|
|
if (use == NULL || strcmp((char*)use, "encryption") == 0) {
|
|
|
|
lasso_assign_xml_node(private_data->encryption_key_descriptor, key_descriptor);
|
|
|
|
}
|
|
|
|
lasso_release_xml_string(use);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2004-11-09 10:08:47 +01:00
|
|
|
static int
|
2004-10-27 11:49:13 +02:00
|
|
|
init_from_xml(LassoNode *node, xmlNode *xmlnode)
|
|
|
|
{
|
|
|
|
LassoProvider *provider = LASSO_PROVIDER(node);
|
2010-03-27 17:52:04 +01:00
|
|
|
static char * const roles[LASSO_PROVIDER_ROLE_LAST] = {
|
|
|
|
"None",
|
|
|
|
"SP",
|
|
|
|
"IdP",
|
|
|
|
"AuthnAuthority",
|
|
|
|
"PDP",
|
|
|
|
"AttributeAuthority"
|
|
|
|
};
|
2004-10-27 11:49:13 +02:00
|
|
|
xmlChar *s;
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
int i;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-01-12 10:12:52 +01:00
|
|
|
parent_class->init_from_xml(node, xmlnode);
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2007-06-12 16:14:57 +02:00
|
|
|
if (xmlnode == NULL) {
|
2006-12-28 11:19:46 +01:00
|
|
|
return LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED;
|
2007-06-12 16:14:57 +02:00
|
|
|
}
|
2004-11-09 10:08:47 +01:00
|
|
|
|
2007-06-12 16:14:57 +02:00
|
|
|
/* Load provider role */
|
2005-07-31 00:36:54 +02:00
|
|
|
s = xmlGetProp(xmlnode, (xmlChar*)"ProviderRole");
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
provider->role = LASSO_PROVIDER_ROLE_NONE;
|
2010-03-27 17:52:04 +01:00
|
|
|
if (s) {
|
|
|
|
i = LASSO_PROVIDER_ROLE_NONE;
|
|
|
|
while (i < LASSO_PROVIDER_ROLE_LAST) {
|
|
|
|
if (strcmp((char*)s, roles[i]) == 0) {
|
|
|
|
provider->role = i;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
i++;
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
}
|
2010-03-27 17:52:04 +01:00
|
|
|
lasso_release_xml_string(s);
|
2007-06-12 16:14:57 +02:00
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2007-06-12 16:14:57 +02:00
|
|
|
/* Load encryption mode */
|
2007-06-12 16:10:34 +02:00
|
|
|
s = xmlGetProp(xmlnode, (xmlChar*)"EncryptionMode");
|
|
|
|
if (s != NULL && strcmp((char*)s, "NameId") == 0) {
|
|
|
|
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NAMEID;
|
|
|
|
} else if (s != NULL && strcmp((char*)s, "Assertion") == 0) {
|
|
|
|
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_ASSERTION;
|
|
|
|
} else if (s != NULL && strcmp((char*)s, "Both") == 0) {
|
|
|
|
provider->private_data->encryption_mode =
|
|
|
|
LASSO_ENCRYPTION_MODE_NAMEID | LASSO_ENCRYPTION_MODE_ASSERTION;
|
|
|
|
}
|
|
|
|
if (s != NULL) {
|
|
|
|
xmlFree(s);
|
|
|
|
}
|
|
|
|
|
2007-06-12 16:14:57 +02:00
|
|
|
/* Load metadata */
|
|
|
|
if (provider->metadata_filename) {
|
2008-11-02 12:49:58 +01:00
|
|
|
if (! lasso_provider_load_metadata(provider, provider->metadata_filename)) {
|
2010-02-04 01:02:22 +01:00
|
|
|
if (! lasso_provider_load_metadata_from_buffer(provider, provider->metadata_filename)) {
|
|
|
|
message(G_LOG_LEVEL_WARNING, "Metadata unrecoverable from dump");
|
|
|
|
return 1;
|
|
|
|
}
|
2008-11-02 12:49:58 +01:00
|
|
|
}
|
2007-06-12 16:14:57 +02:00
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2007-06-12 16:14:57 +02:00
|
|
|
/* Load signing and encryption public keys */
|
2007-06-12 16:10:34 +02:00
|
|
|
lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_SIGNING);
|
|
|
|
lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_ENCRYPTION);
|
|
|
|
|
2004-11-09 10:08:47 +01:00
|
|
|
return 0;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2010-03-27 17:52:04 +01:00
|
|
|
static void*
|
|
|
|
_lasso_provider_get_pdata_thing(LassoProvider *provider, ptrdiff_t offset)
|
|
|
|
{
|
|
|
|
LassoProviderPrivate *pdata;
|
|
|
|
|
|
|
|
lasso_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
|
|
|
pdata = provider->private_data;
|
|
|
|
if (pdata)
|
|
|
|
return G_STRUCT_MEMBER_P(pdata, offset);
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_idp_supported_attributes:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* If the provider supports the IDP SSO role, then return the list of Attribute definition that this
|
|
|
|
* provider declared supporting.
|
|
|
|
*
|
|
|
|
* Return value:(transfer none)(element-type LassoNode): a list of #LassoSaml2Attribute or #LassoSamlAttribute
|
|
|
|
*/
|
|
|
|
GList*
|
|
|
|
lasso_provider_get_idp_supported_attributes(LassoProvider *provider)
|
|
|
|
{
|
|
|
|
return _lasso_provider_get_pdata_thing(provider, G_STRUCT_OFFSET(LassoProviderPrivate,
|
|
|
|
attributes));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_valid_until:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the time after which the metadata for this provider will become invalid. This is an
|
|
|
|
* ISO-8601 formatted string.
|
|
|
|
*
|
|
|
|
* Return value:(transfer none): an internally allocated string, you can copy it but not store it.
|
|
|
|
*/
|
|
|
|
char*
|
|
|
|
lasso_provider_get_valid_until(LassoProvider *provider)
|
|
|
|
{
|
|
|
|
return _lasso_provider_get_pdata_thing(provider,
|
|
|
|
G_STRUCT_OFFSET(LassoProviderPrivate, valid_until));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_cache_duration:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the time during which the metadata for this provider can be kept.
|
|
|
|
*
|
|
|
|
* Return value:(transfer none): an internally allocated string, you can copy it but not store it.
|
|
|
|
*/
|
|
|
|
char*
|
|
|
|
lasso_provider_get_cache_duration(LassoProvider *provider)
|
|
|
|
{
|
|
|
|
return _lasso_provider_get_pdata_thing(provider,
|
|
|
|
G_STRUCT_OFFSET(LassoProviderPrivate, cache_duration));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
/*****************************************************************************/
|
2008-08-05 16:53:29 +02:00
|
|
|
/* overridden parent class methods */
|
2004-10-27 11:49:13 +02:00
|
|
|
/*****************************************************************************/
|
|
|
|
|
2004-12-31 13:43:19 +01:00
|
|
|
static void
|
2008-09-12 15:57:22 +02:00
|
|
|
free_list_strings(G_GNUC_UNUSED gchar *key, GList *list, G_GNUC_UNUSED gpointer data)
|
2004-12-31 13:43:19 +01:00
|
|
|
{
|
2009-03-27 16:06:29 +01:00
|
|
|
g_list_foreach(list, (GFunc)g_free, NULL);
|
2004-12-31 13:43:19 +01:00
|
|
|
g_list_free(list);
|
|
|
|
}
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
static void
|
|
|
|
dispose(GObject *object)
|
|
|
|
{
|
|
|
|
LassoProvider *provider = LASSO_PROVIDER(object);
|
|
|
|
|
2004-11-22 17:10:41 +01:00
|
|
|
if (provider->private_data->dispose_has_run) {
|
2004-10-27 11:49:13 +02:00
|
|
|
return;
|
|
|
|
}
|
2004-11-22 17:10:41 +01:00
|
|
|
provider->private_data->dispose_has_run = TRUE;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
if (provider->private_data->Descriptors) {
|
|
|
|
g_hash_table_foreach(provider->private_data->Descriptors,
|
2004-12-31 13:43:19 +01:00
|
|
|
(GHFunc)free_list_strings, NULL);
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
g_hash_table_destroy(provider->private_data->Descriptors);
|
2004-12-31 13:43:19 +01:00
|
|
|
}
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
provider->private_data->Descriptors = NULL;
|
2004-12-31 13:43:19 +01:00
|
|
|
|
2005-04-20 15:35:52 +02:00
|
|
|
if (provider->private_data->organization) {
|
|
|
|
xmlFreeNode(provider->private_data->organization);
|
|
|
|
provider->private_data->organization = NULL;
|
|
|
|
}
|
|
|
|
|
2005-04-25 12:43:48 +02:00
|
|
|
if (provider->private_data->default_assertion_consumer) {
|
2004-12-31 13:43:19 +01:00
|
|
|
g_free(provider->private_data->default_assertion_consumer);
|
2005-04-25 12:43:48 +02:00
|
|
|
provider->private_data->default_assertion_consumer = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (provider->private_data->public_key) {
|
|
|
|
xmlSecKeyDestroy(provider->private_data->public_key);
|
|
|
|
provider->private_data->public_key = NULL;
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-05-25 11:44:03 +02:00
|
|
|
if (provider->private_data->signing_key_descriptor) {
|
|
|
|
xmlFreeNode(provider->private_data->signing_key_descriptor);
|
|
|
|
provider->private_data->signing_key_descriptor = NULL;
|
|
|
|
}
|
|
|
|
|
2006-11-08 18:16:31 +01:00
|
|
|
if (provider->private_data->encryption_key_descriptor) {
|
|
|
|
xmlFreeNode(provider->private_data->encryption_key_descriptor);
|
|
|
|
provider->private_data->encryption_key_descriptor = NULL;
|
|
|
|
}
|
|
|
|
|
2006-11-30 19:11:59 +01:00
|
|
|
if (provider->private_data->encryption_public_key_str) {
|
2008-08-05 16:53:29 +02:00
|
|
|
g_free(provider->private_data->encryption_public_key_str);
|
|
|
|
provider->private_data->encryption_public_key_str = NULL;
|
2006-11-30 19:11:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (provider->private_data->encryption_public_key) {
|
2008-08-05 16:53:29 +02:00
|
|
|
xmlSecKeyDestroy(provider->private_data->encryption_public_key);
|
2007-01-07 14:07:00 +01:00
|
|
|
provider->private_data->encryption_public_key = NULL;
|
2006-11-30 19:11:59 +01:00
|
|
|
}
|
|
|
|
|
2006-12-01 20:25:56 +01:00
|
|
|
g_free(provider->private_data->affiliation_id);
|
|
|
|
provider->private_data->affiliation_id = NULL;
|
|
|
|
g_free(provider->private_data->affiliation_owner_id);
|
|
|
|
provider->private_data->affiliation_owner_id = NULL;
|
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
G_OBJECT_CLASS(parent_class)->dispose(G_OBJECT(provider));
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
finalize(GObject *object)
|
|
|
|
{
|
|
|
|
LassoProvider *provider = LASSO_PROVIDER(object);
|
|
|
|
|
2004-11-22 17:10:41 +01:00
|
|
|
g_free(provider->private_data);
|
2004-12-31 13:43:19 +01:00
|
|
|
provider->private_data = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
G_OBJECT_CLASS(parent_class)->finalize(G_OBJECT(provider));
|
|
|
|
}
|
|
|
|
|
|
|
|
/*****************************************************************************/
|
|
|
|
/* instance and class init functions */
|
|
|
|
/*****************************************************************************/
|
|
|
|
|
2004-12-31 13:43:19 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
static void
|
|
|
|
instance_init(LassoProvider *provider)
|
|
|
|
{
|
|
|
|
provider->role = LASSO_PROVIDER_ROLE_NONE;
|
2004-12-24 11:04:37 +01:00
|
|
|
provider->ProviderID = NULL;
|
|
|
|
provider->metadata_filename = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
provider->public_key = NULL;
|
|
|
|
provider->ca_cert_chain = NULL;
|
2009-09-29 15:20:36 +02:00
|
|
|
provider->private_data = g_new0(LassoProviderPrivate, 1);
|
2004-12-24 11:04:37 +01:00
|
|
|
provider->private_data->dispose_has_run = FALSE;
|
|
|
|
provider->private_data->default_assertion_consumer = NULL;
|
2006-12-01 20:25:56 +01:00
|
|
|
provider->private_data->affiliation_id = NULL;
|
2006-11-19 21:07:46 +01:00
|
|
|
provider->private_data->affiliation_owner_id = NULL;
|
2005-04-20 15:35:52 +02:00
|
|
|
provider->private_data->organization = NULL;
|
2005-04-25 12:43:48 +02:00
|
|
|
provider->private_data->public_key = NULL;
|
2005-05-25 13:09:40 +02:00
|
|
|
provider->private_data->signing_key_descriptor = NULL;
|
2006-11-08 18:16:31 +01:00
|
|
|
provider->private_data->encryption_key_descriptor = NULL;
|
2006-11-30 19:11:59 +01:00
|
|
|
provider->private_data->encryption_public_key_str = NULL;
|
|
|
|
provider->private_data->encryption_public_key = NULL;
|
|
|
|
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
|
2008-09-23 11:13:09 +02:00
|
|
|
provider->private_data->encryption_sym_key_type = LASSO_ENCRYPTION_SYM_KEY_TYPE_AES_128;
|
2004-12-31 13:43:19 +01:00
|
|
|
|
|
|
|
/* no value_destroy_func since it shouldn't destroy the GList on insert */
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
provider->private_data->Descriptors = g_hash_table_new_full(
|
2004-10-27 11:49:13 +02:00
|
|
|
g_str_hash, g_str_equal, g_free, NULL);
|
SAML 2.0: add support for attribute, authentication and authorization authorities metadata
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
2010-03-27 17:51:43 +01:00
|
|
|
provider->private_data->attributes = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
class_init(LassoProviderClass *klass)
|
|
|
|
{
|
2005-01-12 10:12:52 +01:00
|
|
|
LassoNodeClass *nclass = LASSO_NODE_CLASS(klass);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-01-12 10:12:52 +01:00
|
|
|
parent_class = g_type_class_peek_parent(klass);
|
|
|
|
nclass->node_data = g_new0(LassoNodeClassData, 1);
|
|
|
|
lasso_node_class_set_nodename(nclass, "Provider");
|
|
|
|
lasso_node_class_set_ns(nclass, LASSO_LASSO_HREF, LASSO_LASSO_PREFIX);
|
|
|
|
lasso_node_class_add_snippets(nclass, schema_snippets);
|
|
|
|
nclass->get_xmlNode = get_xmlNode;
|
|
|
|
nclass->init_from_xml = init_from_xml;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
G_OBJECT_CLASS(klass)->dispose = dispose;
|
|
|
|
G_OBJECT_CLASS(klass)->finalize = finalize;
|
|
|
|
}
|
|
|
|
|
|
|
|
GType
|
|
|
|
lasso_provider_get_type()
|
|
|
|
{
|
|
|
|
static GType this_type = 0;
|
|
|
|
|
|
|
|
if (!this_type) {
|
|
|
|
static const GTypeInfo this_info = {
|
|
|
|
sizeof (LassoProviderClass),
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
(GClassInitFunc) class_init,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
sizeof(LassoProvider),
|
|
|
|
0,
|
|
|
|
(GInstanceInitFunc) instance_init,
|
2009-01-24 10:33:40 +01:00
|
|
|
NULL
|
2004-10-27 11:49:13 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
this_type = g_type_register_static(LASSO_TYPE_NODE,
|
|
|
|
"LassoProvider", &this_info, 0);
|
|
|
|
}
|
|
|
|
return this_type;
|
|
|
|
}
|
|
|
|
|
2010-02-17 11:14:59 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_protocol_conformance:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the protocol conformance of the given provider, it should allow to switch behaviour of SP
|
|
|
|
* and IdP code toward a specific protocol. See also #LassoProtocolConformance.
|
|
|
|
*
|
|
|
|
* Return value: a value in the #LassoProtocolConformance enumeration.
|
|
|
|
*/
|
2005-11-20 16:38:19 +01:00
|
|
|
LassoProtocolConformance
|
2009-09-29 15:20:38 +02:00
|
|
|
lasso_provider_get_protocol_conformance(const LassoProvider *provider)
|
2005-01-28 14:29:14 +01:00
|
|
|
{
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), LASSO_PROTOCOL_NONE);
|
2005-01-28 14:29:14 +01:00
|
|
|
return provider->private_data->conformance;
|
|
|
|
}
|
|
|
|
|
2008-08-26 14:48:58 +02:00
|
|
|
gboolean
|
2010-02-04 01:02:22 +01:00
|
|
|
_lasso_provider_load_metadata_from_buffer(LassoProvider *provider, const gchar *metadata, int length)
|
2008-08-26 14:48:58 +02:00
|
|
|
{
|
|
|
|
xmlDoc *doc;
|
2008-11-05 12:23:26 +01:00
|
|
|
gboolean rc = TRUE;
|
2008-08-26 14:48:58 +02:00
|
|
|
|
2010-02-04 01:02:22 +01:00
|
|
|
lasso_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE);
|
|
|
|
if (length == -1) {
|
|
|
|
length = strlen(metadata);
|
|
|
|
}
|
|
|
|
doc = lasso_xml_parse_memory(metadata, length);
|
2008-11-05 12:23:29 +01:00
|
|
|
if (doc == NULL) {
|
|
|
|
return FALSE;
|
|
|
|
}
|
2010-03-27 17:52:04 +01:00
|
|
|
goto_cleanup_if_fail_with_rc (_lasso_provider_load_metadata_from_doc(provider, doc), FALSE);
|
2008-11-04 02:58:53 +01:00
|
|
|
lasso_assign_string(provider->metadata_filename, metadata);
|
2009-04-23 01:49:29 +02:00
|
|
|
cleanup:
|
2008-08-26 14:48:58 +02:00
|
|
|
lasso_release_doc(doc);
|
2008-11-04 02:58:53 +01:00
|
|
|
return rc;
|
2010-02-04 01:02:22 +01:00
|
|
|
}
|
2008-08-26 14:48:58 +02:00
|
|
|
|
2010-02-04 01:02:22 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_load_metadata_from_buffer:
|
|
|
|
* @provider: a #LassProvider object
|
|
|
|
* @metadata: a char* string containing a metadata XML file.
|
|
|
|
*
|
|
|
|
* Load metadata into this provider object using the given string buffer.
|
|
|
|
*
|
|
|
|
* Return value: TRUE if successfull, FALSE otherwise.
|
|
|
|
**/
|
|
|
|
gboolean
|
|
|
|
lasso_provider_load_metadata_from_buffer(LassoProvider *provider, const gchar *metadata)
|
|
|
|
{
|
|
|
|
return _lasso_provider_load_metadata_from_buffer(provider, metadata, -1);
|
2008-08-26 14:48:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_load_metadata:
|
|
|
|
* @provider: a #LassProvider object
|
2008-09-17 14:40:12 +02:00
|
|
|
* @path: the path to a SAML 2.0 of ID-FF 1.2 metadata file.
|
2008-08-26 14:48:58 +02:00
|
|
|
*
|
2008-09-17 14:40:12 +02:00
|
|
|
* Load metadata into this provider object by reading them from the given file.
|
2008-08-26 14:48:58 +02:00
|
|
|
*
|
|
|
|
* Return value: TRUE if successfull, FALSE otherwise.
|
2008-09-17 15:14:12 +02:00
|
|
|
**/
|
2004-10-27 11:49:13 +02:00
|
|
|
gboolean
|
2008-08-26 14:48:58 +02:00
|
|
|
lasso_provider_load_metadata(LassoProvider *provider, const gchar *path)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
2010-02-04 01:02:22 +01:00
|
|
|
char *file_content;
|
|
|
|
size_t file_length;
|
|
|
|
|
|
|
|
if (g_file_get_contents(path, &file_content, &file_length, NULL)) {
|
|
|
|
gboolean ret;
|
|
|
|
ret = _lasso_provider_load_metadata_from_buffer(provider, file_content, file_length);
|
|
|
|
lasso_release(file_content);
|
|
|
|
return ret;
|
2008-11-02 12:49:53 +01:00
|
|
|
}
|
2010-02-04 01:02:22 +01:00
|
|
|
return FALSE;
|
2008-08-26 14:48:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean
|
2010-03-27 17:52:04 +01:00
|
|
|
_lasso_provider_load_metadata_from_doc(LassoProvider *provider, xmlDoc *doc)
|
2008-08-26 14:48:58 +02:00
|
|
|
{
|
2004-10-27 11:49:13 +02:00
|
|
|
xmlXPathContext *xpathCtx;
|
|
|
|
xmlXPathObject *xpathObj;
|
|
|
|
xmlNode *node;
|
2004-12-06 17:25:44 +01:00
|
|
|
const char *xpath_idp = "/md:EntityDescriptor/md:IDPDescriptor";
|
|
|
|
const char *xpath_sp = "/md:EntityDescriptor/md:SPDescriptor";
|
2005-04-20 15:35:52 +02:00
|
|
|
const char *xpath_organization = "/md:EntityDescriptor/md:Organization";
|
2009-04-30 16:58:20 +02:00
|
|
|
xmlChar *providerID = NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE);
|
2008-09-17 15:14:12 +02:00
|
|
|
if (doc == NULL) {
|
2004-11-29 19:48:27 +01:00
|
|
|
return FALSE;
|
2008-09-17 15:14:12 +02:00
|
|
|
}
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2005-11-20 16:38:19 +01:00
|
|
|
node = xmlDocGetRootElement(doc);
|
2007-01-06 23:50:59 +01:00
|
|
|
if (node == NULL || node->ns == NULL) {
|
2008-11-05 12:23:29 +01:00
|
|
|
message (G_LOG_LEVEL_CRITICAL, "lasso_provider_load_metadata_from_doc: no root element");
|
2005-11-20 16:38:19 +01:00
|
|
|
return FALSE;
|
2007-01-06 23:50:59 +01:00
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-11-20 16:38:19 +01:00
|
|
|
|
2006-11-15 19:58:26 +01:00
|
|
|
if (strcmp((char*)node->ns->href, LASSO_SAML2_METADATA_HREF) == 0) {
|
2007-01-06 23:50:59 +01:00
|
|
|
gboolean result;
|
2005-11-20 16:38:19 +01:00
|
|
|
provider->private_data->conformance = LASSO_PROTOCOL_SAML_2_0;
|
2007-01-06 23:50:59 +01:00
|
|
|
result = lasso_saml20_provider_load_metadata(provider, node);
|
|
|
|
return result;
|
2005-11-20 16:38:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
provider->private_data->conformance = LASSO_PROTOCOL_LIBERTY_1_2;
|
2004-12-24 11:04:37 +01:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
xpathCtx = xmlXPathNewContext(doc);
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"md", (xmlChar*)LASSO_METADATA_HREF);
|
|
|
|
xpathObj = xmlXPathEvalExpression((xmlChar*)"/md:EntityDescriptor", xpathCtx);
|
2004-12-06 17:15:57 +01:00
|
|
|
/* if empty: not a ID-FF 1.2 metadata file -> bails out */
|
2004-10-27 11:49:13 +02:00
|
|
|
if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) {
|
2004-11-29 19:48:27 +01:00
|
|
|
xmlXPathFreeObject(xpathObj);
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"md11",
|
|
|
|
(xmlChar*)"http://projectliberty.org/schemas/core/2002/12");
|
2004-12-06 17:15:57 +01:00
|
|
|
xpathObj = xmlXPathEvalExpression(
|
2005-07-31 00:36:54 +02:00
|
|
|
(xmlChar*)"/md11:SPDescriptor|/md11:IDPDescriptor", xpathCtx);
|
2004-12-06 17:15:57 +01:00
|
|
|
if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) {
|
2008-11-05 12:23:29 +01:00
|
|
|
message (G_LOG_LEVEL_CRITICAL, "lasso_saml20_provider_load_metadata_from_doc: no md12:EntityDescriptor or md11:SPDesriptor or md11:IDPDescriptor");
|
2004-12-06 17:15:57 +01:00
|
|
|
xmlXPathFreeObject(xpathObj);
|
|
|
|
xmlXPathFreeContext(xpathCtx);
|
|
|
|
return FALSE;
|
|
|
|
}
|
2005-11-20 16:38:19 +01:00
|
|
|
provider->private_data->conformance = LASSO_PROTOCOL_LIBERTY_1_1;
|
2005-01-28 14:02:18 +01:00
|
|
|
xpath_idp = "/md11:IDPDescriptor";
|
|
|
|
xpath_sp = "/md11:SPDescriptor";
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
node = xpathObj->nodesetval->nodeTab[0];
|
2009-04-30 16:58:20 +02:00
|
|
|
providerID = xmlGetProp(node, (xmlChar*)"providerID");
|
|
|
|
lasso_assign_string(provider->ProviderID, (char*)providerID);
|
|
|
|
lasso_release_xml_string(providerID);
|
2007-01-04 00:35:17 +01:00
|
|
|
xmlXPathFreeObject(xpathObj);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2005-07-31 00:36:54 +02:00
|
|
|
xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_idp, xpathCtx);
|
2004-12-06 17:15:57 +01:00
|
|
|
if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) {
|
2010-03-27 17:52:04 +01:00
|
|
|
_lasso_provider_load_descriptor(provider, xpathObj->nodesetval->nodeTab[0],
|
|
|
|
LASSO_PROVIDER_ROLE_IDP);
|
2005-11-20 16:38:19 +01:00
|
|
|
if (provider->private_data->conformance < LASSO_PROTOCOL_LIBERTY_1_2) {
|
2004-12-06 17:15:57 +01:00
|
|
|
/* lookup ProviderID */
|
|
|
|
node = xpathObj->nodesetval->nodeTab[0]->children;
|
|
|
|
while (node) {
|
2005-07-31 00:36:54 +02:00
|
|
|
if (strcmp((char*)node->name, "ProviderID") == 0) {
|
2009-04-30 16:58:20 +02:00
|
|
|
providerID = xmlNodeGetContent(node);
|
|
|
|
lasso_assign_string(provider->ProviderID, (char*)providerID);
|
|
|
|
lasso_release_xml_string(providerID);
|
2004-12-06 17:15:57 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
node = node->next;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
xmlXPathFreeObject(xpathObj);
|
2004-11-29 19:48:27 +01:00
|
|
|
|
2005-07-31 00:36:54 +02:00
|
|
|
xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_sp, xpathCtx);
|
2004-12-06 17:15:57 +01:00
|
|
|
if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) {
|
2010-03-27 17:52:04 +01:00
|
|
|
_lasso_provider_load_descriptor(provider, xpathObj->nodesetval->nodeTab[0],
|
|
|
|
LASSO_PROVIDER_ROLE_SP);
|
2005-11-20 16:38:19 +01:00
|
|
|
if (provider->private_data->conformance < LASSO_PROTOCOL_LIBERTY_1_2) {
|
2004-12-06 17:15:57 +01:00
|
|
|
/* lookup ProviderID */
|
|
|
|
node = xpathObj->nodesetval->nodeTab[0]->children;
|
|
|
|
while (node) {
|
2005-07-31 00:36:54 +02:00
|
|
|
if (strcmp((char*)node->name, "ProviderID") == 0) {
|
2009-04-30 16:58:20 +02:00
|
|
|
providerID = xmlNodeGetContent(node);
|
|
|
|
lasso_assign_string(provider->ProviderID, (char*)providerID);
|
|
|
|
lasso_release_xml_string(providerID);
|
2004-12-06 17:15:57 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
node = node->next;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
xmlXPathFreeObject(xpathObj);
|
2005-04-20 15:35:52 +02:00
|
|
|
|
2005-07-31 00:36:54 +02:00
|
|
|
xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_organization, xpathCtx);
|
2005-04-20 15:35:52 +02:00
|
|
|
if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) {
|
2009-03-27 16:06:29 +01:00
|
|
|
lasso_assign_xml_node(provider->private_data->organization,
|
|
|
|
xpathObj->nodesetval->nodeTab[0]);
|
2005-04-20 15:35:52 +02:00
|
|
|
}
|
|
|
|
xmlXPathFreeObject(xpathObj);
|
2004-10-27 11:49:13 +02:00
|
|
|
|
|
|
|
xmlXPathFreeContext(xpathCtx);
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2009-01-26 17:42:19 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_new_helper:
|
2004-12-22 11:48:31 +01:00
|
|
|
*
|
2008-08-26 14:48:58 +02:00
|
|
|
* Helper function for the two other constructors, lasso_provider_new and lasso_provider_new_from_buffer.
|
|
|
|
* Help to factorize common code.
|
2004-12-22 11:48:31 +01:00
|
|
|
*/
|
2008-08-26 14:48:58 +02:00
|
|
|
static LassoProvider*
|
2010-03-27 17:52:04 +01:00
|
|
|
_lasso_provider_new_helper(LassoProviderRole role, const char *metadata,
|
|
|
|
const char *public_key, const char *ca_cert_chain, gboolean (*loader)(
|
|
|
|
LassoProvider *provider, const gchar *metadata))
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
|
|
|
LassoProvider *provider;
|
|
|
|
|
|
|
|
provider = LASSO_PROVIDER(g_object_new(LASSO_TYPE_PROVIDER, NULL));
|
|
|
|
provider->role = role;
|
2008-08-26 14:48:58 +02:00
|
|
|
if (loader(provider, metadata) == FALSE) {
|
2010-02-04 01:02:22 +01:00
|
|
|
if (loader == lasso_provider_load_metadata) {
|
|
|
|
message(G_LOG_LEVEL_WARNING, "Cannot load metadata from %s", metadata);
|
|
|
|
}
|
2004-12-15 20:02:40 +01:00
|
|
|
lasso_node_destroy(LASSO_NODE(provider));
|
2004-11-29 19:48:27 +01:00
|
|
|
return NULL;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
provider->public_key = g_strdup(public_key);
|
|
|
|
provider->ca_cert_chain = g_strdup(ca_cert_chain);
|
|
|
|
|
2006-11-08 20:23:45 +01:00
|
|
|
if (lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_SIGNING) == FALSE) {
|
2006-11-08 18:16:31 +01:00
|
|
|
message(G_LOG_LEVEL_CRITICAL, "Failed to load signing public key for %s.",
|
2005-08-24 18:28:46 +02:00
|
|
|
provider->ProviderID);
|
|
|
|
lasso_node_destroy(LASSO_NODE(provider));
|
|
|
|
return NULL;
|
|
|
|
}
|
2005-04-25 12:43:48 +02:00
|
|
|
|
2006-11-08 19:14:17 +01:00
|
|
|
lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_ENCRYPTION);
|
2006-11-08 18:16:31 +01:00
|
|
|
|
2006-11-22 13:45:38 +01:00
|
|
|
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
|
2008-09-12 17:06:58 +02:00
|
|
|
|
2004-10-27 11:49:13 +02:00
|
|
|
return provider;
|
|
|
|
}
|
2008-08-26 14:48:58 +02:00
|
|
|
/**
|
|
|
|
* lasso_provider_new:
|
|
|
|
* @role: provider role, identity provider or service provider
|
|
|
|
* @metadata: path to the provider metadata file
|
2010-02-04 01:02:12 +01:00
|
|
|
* @public_key:(allow-none): path to the provider public key file (may be a certificate) or NULL
|
|
|
|
* @ca_cert_chain:(allow-none): path to the provider CA certificate chain file or NULL
|
2008-08-26 14:48:58 +02:00
|
|
|
*
|
|
|
|
* Creates a new #LassoProvider.
|
|
|
|
*
|
|
|
|
* Return value: a newly created #LassoProvider; or NULL if an error occured
|
|
|
|
*/
|
|
|
|
LassoProvider*
|
|
|
|
lasso_provider_new(LassoProviderRole role, const char *metadata,
|
|
|
|
const char *public_key, const char *ca_cert_chain)
|
|
|
|
{
|
2010-03-27 17:52:04 +01:00
|
|
|
return _lasso_provider_new_helper(role, metadata, public_key, ca_cert_chain,
|
2008-08-26 14:48:58 +02:00
|
|
|
lasso_provider_load_metadata);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_new_from_buffer:
|
|
|
|
* @role: provider role, identity provider or service provider
|
|
|
|
* @metadata: string buffer containing a metadata file
|
2010-02-04 01:02:12 +01:00
|
|
|
* @public_key:(allow-none): path to the provider public key file (may be a certificate) or NULL
|
|
|
|
* @ca_cert_chain:(allow-none): path to the provider CA certificate chain file or NULL
|
2008-08-26 14:48:58 +02:00
|
|
|
*
|
|
|
|
* Creates a new #LassoProvider.
|
|
|
|
*
|
|
|
|
* Return value: a newly created #LassoProvider; or NULL if an error occured
|
|
|
|
*/
|
|
|
|
LassoProvider*
|
|
|
|
lasso_provider_new_from_buffer(LassoProviderRole role, const char *metadata,
|
|
|
|
const char *public_key, const char *ca_cert_chain)
|
|
|
|
{
|
2010-03-27 17:52:04 +01:00
|
|
|
return _lasso_provider_new_helper(role, metadata, public_key, ca_cert_chain,
|
2008-08-26 14:48:58 +02:00
|
|
|
lasso_provider_load_metadata_from_buffer);
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2010-02-04 01:02:22 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_load_public_key:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
* @public_key_type: the type of public key to load
|
|
|
|
*
|
|
|
|
* Load the public key from their transport format, a file or a KeyDescriptor #xmlNode.
|
|
|
|
*
|
|
|
|
* Return value: TRUE if loading was succesfull, FALSE otherwise.
|
|
|
|
*/
|
2005-08-24 18:28:46 +02:00
|
|
|
gboolean
|
2006-11-08 18:16:31 +01:00
|
|
|
lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType public_key_type)
|
2005-04-25 12:43:48 +02:00
|
|
|
{
|
2006-11-08 18:16:31 +01:00
|
|
|
gchar *public_key = NULL;
|
2010-02-04 01:02:22 +01:00
|
|
|
xmlNode *key_descriptor = NULL;
|
2005-04-25 12:43:48 +02:00
|
|
|
xmlSecKey *pub_key = NULL;
|
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE);
|
2006-11-08 20:23:45 +01:00
|
|
|
if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
|
2006-11-08 18:16:31 +01:00
|
|
|
public_key = provider->public_key;
|
|
|
|
key_descriptor = provider->private_data->signing_key_descriptor;
|
|
|
|
} else {
|
2006-11-08 19:14:17 +01:00
|
|
|
key_descriptor = provider->private_data->encryption_key_descriptor;
|
2006-11-08 18:16:31 +01:00
|
|
|
}
|
|
|
|
|
2006-11-09 18:41:09 +01:00
|
|
|
if (public_key == NULL && key_descriptor == NULL) {
|
2005-08-24 18:28:46 +02:00
|
|
|
return FALSE;
|
2006-11-09 18:41:09 +01:00
|
|
|
}
|
2005-05-25 11:44:03 +02:00
|
|
|
|
2006-11-08 18:16:31 +01:00
|
|
|
if (public_key == NULL) {
|
2010-02-04 01:02:22 +01:00
|
|
|
pub_key = lasso_xmlsec_load_key_info(key_descriptor);
|
|
|
|
if (! pub_key) {
|
|
|
|
message(G_LOG_LEVEL_WARNING, "Could not read KeyInfo from %s KeyDescriptor", public_key_type == LASSO_PUBLIC_KEY_SIGNING ? "signing" : "encryption");
|
2006-11-09 18:41:09 +01:00
|
|
|
}
|
2010-02-04 01:02:22 +01:00
|
|
|
} else {
|
|
|
|
pub_key = lasso_xmlsec_load_private_key(public_key, NULL);
|
2006-11-08 19:14:17 +01:00
|
|
|
}
|
|
|
|
|
2010-02-04 01:02:22 +01:00
|
|
|
if (pub_key) {
|
|
|
|
switch (public_key_type) {
|
|
|
|
case LASSO_PUBLIC_KEY_SIGNING:
|
|
|
|
lasso_assign_new_sec_key(provider->private_data->public_key, pub_key);
|
|
|
|
break;
|
|
|
|
case LASSO_PUBLIC_KEY_ENCRYPTION:
|
|
|
|
lasso_assign_new_sec_key(provider->private_data->encryption_public_key, pub_key);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
xmlSecKeyDestroy(pub_key);
|
|
|
|
}
|
2005-04-25 12:43:48 +02:00
|
|
|
}
|
2006-11-08 18:16:31 +01:00
|
|
|
|
2005-08-24 18:28:46 +02:00
|
|
|
return (pub_key != NULL);
|
2005-04-25 12:43:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2004-12-31 12:51:11 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_new_from_dump:
|
|
|
|
* @dump: XML provider dump
|
|
|
|
*
|
2004-12-31 12:52:26 +01:00
|
|
|
* Restores the @dump to a new #LassoProvider.
|
2004-12-31 12:51:11 +01:00
|
|
|
*
|
2004-12-31 12:52:26 +01:00
|
|
|
* Return value: a newly created #LassoProvider; or NULL if an error occured.
|
2004-12-31 12:51:11 +01:00
|
|
|
**/
|
2004-10-27 11:49:13 +02:00
|
|
|
LassoProvider*
|
|
|
|
lasso_provider_new_from_dump(const gchar *dump)
|
|
|
|
{
|
|
|
|
LassoProvider *provider;
|
|
|
|
|
2010-02-04 01:02:12 +01:00
|
|
|
provider = (LassoProvider*)lasso_node_new_from_dump(dump);
|
|
|
|
if (! LASSO_IS_PROVIDER(provider)) {
|
|
|
|
lasso_release_gobject(provider);
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
return provider;
|
|
|
|
}
|
|
|
|
|
2009-01-24 10:33:55 +01:00
|
|
|
int
|
|
|
|
lasso_provider_verify_saml_signature(LassoProvider *provider,
|
2009-03-27 16:04:58 +01:00
|
|
|
xmlNode *signed_node, xmlDoc *doc)
|
2009-01-24 10:33:55 +01:00
|
|
|
{
|
|
|
|
const char *id_attribute_name = NULL;
|
|
|
|
const xmlChar *node_ns = NULL;
|
2009-03-27 16:05:33 +01:00
|
|
|
xmlSecKey *public_key = NULL;
|
|
|
|
xmlSecKeysMngr *keys_manager = NULL;
|
2009-01-24 10:33:55 +01:00
|
|
|
int rc = 0;
|
|
|
|
|
2009-03-27 16:04:58 +01:00
|
|
|
lasso_bad_param(PROVIDER, provider);
|
|
|
|
lasso_null_param(signed_node);
|
|
|
|
g_return_val_if_fail((signed_node->doc && doc) || ! signed_node->doc, LASSO_PARAM_ERROR_INVALID_VALUE);
|
|
|
|
|
2009-01-24 10:33:55 +01:00
|
|
|
/* ID-FF 1.2 Signatures case */
|
|
|
|
if (xmlSecCheckNodeName(signed_node, (xmlChar*)"Request", (xmlChar*)LASSO_SAML_PROTOCOL_HREF)) {
|
|
|
|
id_attribute_name = "RequestID";
|
|
|
|
}
|
|
|
|
if (xmlSecCheckNodeName(signed_node, (xmlChar*)"Response", (xmlChar*)LASSO_SAML_PROTOCOL_HREF)) {
|
|
|
|
id_attribute_name = "ResponseID";
|
|
|
|
}
|
|
|
|
if (xmlSecCheckNodeName(signed_node, (xmlChar*)"Assertion", (xmlChar*)LASSO_SAML_ASSERTION_HREF)) {
|
|
|
|
id_attribute_name = "AssertionID";
|
|
|
|
}
|
|
|
|
/* SAML 2.0 signature case */
|
|
|
|
node_ns = xmlSecGetNodeNsHref(signed_node);
|
|
|
|
if ((strcmp((char*)node_ns, LASSO_SAML2_PROTOCOL_HREF) == 0) ||
|
|
|
|
(strcmp((char*)node_ns, LASSO_SAML2_ASSERTION_HREF) == 0)) {
|
|
|
|
id_attribute_name = "ID";
|
|
|
|
}
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc(id_attribute_name, LASSO_PARAM_ERROR_INVALID_VALUE);
|
2009-01-24 10:33:55 +01:00
|
|
|
/* Get provider credentials */
|
|
|
|
public_key = lasso_provider_get_public_key(provider);
|
|
|
|
keys_manager = lasso_load_certs_from_pem_certs_chain_file(provider->ca_cert_chain);
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc_with_warning(public_key || keys_manager,
|
2009-01-24 10:33:55 +01:00
|
|
|
LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED);
|
2009-03-27 16:04:58 +01:00
|
|
|
rc = lasso_verify_signature(signed_node, doc, id_attribute_name, keys_manager, public_key,
|
2009-01-24 10:33:55 +01:00
|
|
|
NO_OPTION, NULL);
|
2009-03-27 16:06:27 +01:00
|
|
|
lasso_release_key_manager(keys_manager);
|
2009-04-23 01:49:29 +02:00
|
|
|
cleanup:
|
2009-03-27 16:04:58 +01:00
|
|
|
lasso_release_key_manager(keys_manager);
|
2009-01-24 10:33:55 +01:00
|
|
|
return rc;
|
|
|
|
}
|
|
|
|
|
2008-09-12 17:06:58 +02:00
|
|
|
int
|
2008-04-23 19:10:05 +02:00
|
|
|
lasso_provider_verify_signature(LassoProvider *provider,
|
2004-12-10 01:30:01 +01:00
|
|
|
const char *message, const char *id_attr_name, LassoMessageFormat format)
|
2004-10-27 11:49:13 +02:00
|
|
|
{
|
2004-12-10 17:13:34 +01:00
|
|
|
/* this duplicates some code from lasso_node_init_from_message;
|
|
|
|
* reflection about code reuse is under way...
|
|
|
|
*/
|
2008-11-04 02:58:53 +01:00
|
|
|
char *msg = NULL;
|
|
|
|
xmlDoc *doc = NULL;
|
|
|
|
xmlNode *xmlnode = NULL, *sign = NULL, *x509data = NULL;
|
2004-12-10 17:13:34 +01:00
|
|
|
xmlSecKeysMngr *keys_mngr = NULL;
|
2008-11-04 02:58:53 +01:00
|
|
|
xmlSecDSigCtx *dsigCtx = NULL;
|
|
|
|
int rc = 0;
|
2007-01-04 00:35:17 +01:00
|
|
|
xmlXPathContext *xpathCtx = NULL;
|
|
|
|
xmlXPathObject *xpathObj = NULL;
|
|
|
|
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
2004-12-10 17:13:34 +01:00
|
|
|
|
2008-10-01 12:31:58 +02:00
|
|
|
if (lasso_flag_verify_signature == FALSE)
|
|
|
|
return 0;
|
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
msg = (char*)message;
|
2004-12-14 14:50:46 +01:00
|
|
|
if (message == NULL)
|
2006-12-04 18:21:00 +01:00
|
|
|
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
2004-12-14 14:50:46 +01:00
|
|
|
|
2004-12-10 01:30:01 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_ERROR)
|
2006-12-04 18:21:00 +01:00
|
|
|
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
2004-12-10 01:30:01 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN)
|
2006-12-04 18:21:00 +01:00
|
|
|
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
2004-12-10 01:30:01 +01:00
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_QUERY) {
|
2010-02-10 01:33:49 +01:00
|
|
|
switch (lasso_provider_get_protocol_conformance(provider)) {
|
|
|
|
case LASSO_PROTOCOL_LIBERTY_1_0:
|
|
|
|
case LASSO_PROTOCOL_LIBERTY_1_1:
|
|
|
|
case LASSO_PROTOCOL_LIBERTY_1_2:
|
|
|
|
return lasso_query_verify_signature(message,
|
|
|
|
lasso_provider_get_public_key(provider));
|
|
|
|
case LASSO_PROTOCOL_SAML_2_0:
|
|
|
|
return lasso_saml2_query_verify_signature(message,
|
|
|
|
lasso_provider_get_public_key(provider));
|
|
|
|
default:
|
|
|
|
return LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE;
|
|
|
|
}
|
2004-12-10 17:13:34 +01:00
|
|
|
}
|
|
|
|
|
2004-12-10 01:30:01 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_BASE64) {
|
2008-11-04 02:58:53 +01:00
|
|
|
int len;
|
2004-12-10 17:13:34 +01:00
|
|
|
msg = g_malloc(strlen(message));
|
2008-11-04 02:58:53 +01:00
|
|
|
len = xmlSecBase64Decode((xmlChar*)message, (xmlChar*)msg, strlen(message));
|
|
|
|
if (len < 0) {
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_MSG);
|
2004-12-10 17:13:34 +01:00
|
|
|
}
|
2009-03-27 16:05:21 +01:00
|
|
|
doc = lasso_xml_parse_memory(msg, strlen(msg));
|
2008-11-04 02:58:53 +01:00
|
|
|
} else {
|
2009-03-27 16:05:21 +01:00
|
|
|
doc = lasso_xml_parse_memory(msg, strlen(msg));
|
2004-12-10 17:13:34 +01:00
|
|
|
msg = NULL;
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
if (format == LASSO_MESSAGE_FORMAT_SOAP) {
|
|
|
|
xpathCtx = xmlXPathNewContext(doc);
|
2005-07-31 00:36:54 +02:00
|
|
|
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
|
|
|
|
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body/*", xpathCtx);
|
2004-12-10 17:13:34 +01:00
|
|
|
if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr ) {
|
|
|
|
xmlnode = xpathObj->nodesetval->nodeTab[0];
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc (xmlnode != NULL, LASSO_PROFILE_ERROR_INVALID_MSG);
|
2004-12-10 17:13:34 +01:00
|
|
|
} else {
|
|
|
|
xmlnode = xmlDocGetRootElement(doc);
|
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
|
2004-12-21 14:56:27 +01:00
|
|
|
sign = NULL;
|
|
|
|
for (sign = xmlnode->children; sign; sign = sign->next) {
|
2005-07-31 00:36:54 +02:00
|
|
|
if (strcmp((char*)sign->name, "Signature") == 0)
|
2004-12-21 14:56:27 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2006-12-06 17:32:02 +01:00
|
|
|
/* If no signature was found, look for one in assertion */
|
|
|
|
if (sign == NULL) {
|
|
|
|
for (sign = xmlnode->children; sign; sign = sign->next) {
|
|
|
|
if (strcmp((char*)sign->name, "Assertion") == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (sign != NULL) {
|
|
|
|
xmlnode = sign;
|
|
|
|
for (sign = xmlnode->children; sign; sign = sign->next) {
|
|
|
|
if (strcmp((char*)sign->name, "Signature") == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc (sign != NULL, LASSO_DS_ERROR_SIGNATURE_NOT_FOUND);
|
2004-12-10 17:13:34 +01:00
|
|
|
|
2006-12-06 17:32:02 +01:00
|
|
|
if (id_attr_name) {
|
|
|
|
xmlChar *id_value = xmlGetProp(xmlnode, (xmlChar*)id_attr_name);
|
|
|
|
xmlAttr *id_attr = xmlHasProp(xmlnode, (xmlChar*)id_attr_name);
|
2008-11-04 02:58:53 +01:00
|
|
|
if (id_value != NULL) {
|
2006-12-06 17:32:02 +01:00
|
|
|
xmlAddID(NULL, doc, id_value, id_attr);
|
|
|
|
xmlFree(id_value);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
x509data = xmlSecFindNode(xmlnode, xmlSecNodeX509Data, xmlSecDSigNs);
|
|
|
|
if (x509data != NULL && provider->ca_cert_chain != NULL) {
|
|
|
|
keys_mngr = lasso_load_certs_from_pem_certs_chain_file(
|
|
|
|
provider->ca_cert_chain);
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc (keys_mngr != NULL, LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED);
|
2004-12-10 17:13:34 +01:00
|
|
|
}
|
2004-10-27 11:49:13 +02:00
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
dsigCtx = xmlSecDSigCtxCreate(keys_mngr);
|
|
|
|
if (keys_mngr == NULL) {
|
2007-01-05 13:41:10 +01:00
|
|
|
dsigCtx->signKey = xmlSecKeyDuplicate(lasso_provider_get_public_key(provider));
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc (dsigCtx->signKey != NULL, LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED);
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2009-04-23 01:49:29 +02:00
|
|
|
goto_cleanup_if_fail_with_rc (xmlSecDSigCtxVerify(dsigCtx, sign) >= 0, LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED);
|
2007-01-04 00:35:17 +01:00
|
|
|
|
2004-12-10 17:13:34 +01:00
|
|
|
if (dsigCtx->status != xmlSecDSigStatusSucceeded) {
|
2008-11-04 02:58:53 +01:00
|
|
|
rc = LASSO_DS_ERROR_INVALID_SIGNATURE;
|
2009-04-23 01:49:29 +02:00
|
|
|
goto cleanup;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
|
|
|
|
2009-04-23 01:49:29 +02:00
|
|
|
cleanup:
|
2008-11-04 02:58:53 +01:00
|
|
|
lasso_release_string(msg);
|
|
|
|
lasso_release_key_manager(keys_mngr);
|
|
|
|
lasso_release_signature_context(dsigCtx);
|
|
|
|
if (xpathCtx)
|
|
|
|
xmlXPathFreeContext(xpathCtx);
|
|
|
|
if (xpathObj)
|
|
|
|
xmlXPathFreeObject(xpathObj);
|
Remove use of xmlFreeDoc for lasso_release_doc
- bindings/java/wrapper_top.c, bindings/php4/lasso_php4_helper.c,
bindings/php5/wrapper_source_top.c, bindings/python/wrapper_top.c,
lasso/id-ff/identity.c, lasso/id-ff/lecp.c, lasso/id-ff/login.c,
lasso/id-ff/logout.c, lasso/id-ff/name_registration.c,
lasso/id-ff/profile.c, lasso/id-ff/provider.c, lasso/id-ff/server.c,
lasso/id-ff/session.c, lasso/id-wsf-2.0/data_service.c,
lasso/id-wsf/data_service.c, lasso/id-wsf/discovery.c,
lasso/id-wsf/wsf_profile.c, lasso/saml-2.0/ecp.c,
lasso/saml-2.0/login.c, lasso/saml-2.0/name_id_management.c,
lasso/utils.h, lasso/xml/tools.c, lasso/xml/xml.c, swig/Lasso.i:
Remove use of xmlFreeDoc. Use lasso_release_doc instead.
2008-11-04 02:58:49 +01:00
|
|
|
lasso_release_doc(doc);
|
2008-11-04 02:58:53 +01:00
|
|
|
return rc;
|
2004-10-27 11:49:13 +02:00
|
|
|
}
|
2006-11-22 11:30:54 +01:00
|
|
|
|
|
|
|
/**
|
2006-12-06 17:32:02 +01:00
|
|
|
* lasso_provider_set_encryption_mode:
|
2006-11-22 11:30:54 +01:00
|
|
|
* @provider: provider to set encryption for
|
2007-11-22 15:47:12 +01:00
|
|
|
* @encryption_mode: TRUE to activate, FALSE to desactivate
|
2006-11-22 11:30:54 +01:00
|
|
|
*
|
|
|
|
* Activate or desactivate encryption
|
|
|
|
**/
|
|
|
|
void
|
2006-11-22 13:45:38 +01:00
|
|
|
lasso_provider_set_encryption_mode(LassoProvider *provider, LassoEncryptionMode encryption_mode)
|
2006-11-22 11:30:54 +01:00
|
|
|
{
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_if_fail(LASSO_IS_PROVIDER(provider));
|
2006-11-22 13:45:38 +01:00
|
|
|
provider->private_data->encryption_mode = encryption_mode;
|
2006-11-22 11:30:54 +01:00
|
|
|
}
|
2006-12-20 10:03:41 +01:00
|
|
|
|
2010-01-12 16:39:48 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_encryption_mode:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the current encryption mode.
|
2010-02-17 11:14:59 +01:00
|
|
|
*
|
|
|
|
* Return value: a value in the #LassoEncryptionMode enumeration.
|
2010-01-12 16:39:48 +01:00
|
|
|
*/
|
|
|
|
LassoEncryptionMode
|
|
|
|
lasso_provider_get_encryption_mode(LassoProvider *provider) {
|
|
|
|
if (! LASSO_IS_PROVIDER(provider) || ! provider->private_data)
|
|
|
|
return LASSO_ENCRYPTION_MODE_NONE;
|
|
|
|
return provider->private_data->encryption_mode;
|
|
|
|
}
|
|
|
|
|
2006-12-20 10:03:41 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_set_encryption_sym_key_type:
|
|
|
|
* @provider: provider to set encryption for
|
|
|
|
* @encryption_sym_key_type: enum type for generated symetric key
|
|
|
|
*
|
|
|
|
* Set the type of the generated encryption symetric key
|
|
|
|
**/
|
|
|
|
void
|
|
|
|
lasso_provider_set_encryption_sym_key_type(LassoProvider *provider,
|
|
|
|
LassoEncryptionSymKeyType encryption_sym_key_type)
|
|
|
|
{
|
2008-08-05 16:53:29 +02:00
|
|
|
g_return_if_fail(LASSO_IS_PROVIDER(provider));
|
2006-12-20 10:03:41 +01:00
|
|
|
provider->private_data->encryption_sym_key_type = encryption_sym_key_type;
|
|
|
|
}
|
2009-03-27 16:05:00 +01:00
|
|
|
|
2010-01-04 10:14:01 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_encryption_sym_key_type:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the encryption sym key type for this provider.
|
|
|
|
*
|
|
|
|
* Return value: a #LassoEncryptionSymKeyType value.
|
|
|
|
*/
|
|
|
|
LassoEncryptionSymKeyType
|
|
|
|
lasso_provider_get_encryption_sym_key_type(const LassoProvider *provider)
|
|
|
|
{
|
|
|
|
if (LASSO_IS_PROVIDER(provider) && provider->private_data)
|
|
|
|
return provider->private_data->encryption_sym_key_type;
|
|
|
|
|
|
|
|
return LASSO_ENCRYPTION_SYM_KEY_TYPE_DEFAULT;
|
|
|
|
}
|
|
|
|
|
2009-03-27 16:05:00 +01:00
|
|
|
/**
|
|
|
|
* lasso_provider_verify_query_signature:
|
|
|
|
* @provider: the #LassoProvider for the the provider issuing the query
|
|
|
|
* @message: the URL query string UTF-8 encoded
|
|
|
|
*
|
|
|
|
* Retrieve the public key of the given provider and verify the signature of the query string.
|
|
|
|
*
|
|
|
|
* Return value: 0 if succesfull,
|
2010-02-10 01:33:49 +01:00
|
|
|
* <itemizedlist>
|
|
|
|
* <listitem><para>#LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY if no public key is set for this provider,</para></listitem>
|
|
|
|
* <listitem><para>#LASSO_DS_ERROR_INVALID_SIGNATURE if signature is invalid,</para></listitem>
|
|
|
|
* <listitem><para>#LASSO_DS_ERROR_SIGNATURE_NOT_FOUND if no signature is found,</para></listitem>
|
|
|
|
* <listitem><para>#LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED if the key cannot be loaded,</para></listitem>
|
|
|
|
* <listitem><para>#LASSO_ERROR_UNIMPLEMENTED if the protocol profile of the provider is invalid or not supported.</para></listitem>
|
|
|
|
* </itemizedlist>
|
2009-03-27 16:05:00 +01:00
|
|
|
*/
|
|
|
|
int
|
|
|
|
lasso_provider_verify_query_signature(LassoProvider *provider, const char *message)
|
|
|
|
{
|
|
|
|
const xmlSecKey *provider_public_key;
|
|
|
|
|
|
|
|
lasso_bad_param(PROVIDER, provider);
|
|
|
|
provider_public_key = lasso_provider_get_public_key(provider);
|
|
|
|
g_return_val_if_fail(provider_public_key, LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY);
|
|
|
|
|
2010-02-10 01:33:49 +01:00
|
|
|
switch (lasso_provider_get_protocol_conformance(provider)) {
|
|
|
|
case LASSO_PROTOCOL_LIBERTY_1_0:
|
|
|
|
case LASSO_PROTOCOL_LIBERTY_1_1:
|
|
|
|
case LASSO_PROTOCOL_LIBERTY_1_2:
|
|
|
|
return lasso_query_verify_signature(message,
|
|
|
|
lasso_provider_get_public_key(provider));
|
|
|
|
case LASSO_PROTOCOL_SAML_2_0:
|
|
|
|
return lasso_saml2_query_verify_signature(message,
|
|
|
|
lasso_provider_get_public_key(provider));
|
|
|
|
default:
|
|
|
|
return LASSO_ERROR_UNIMPLEMENTED;
|
|
|
|
}
|
2009-03-27 16:05:00 +01:00
|
|
|
}
|
|
|
|
|
2009-09-29 15:20:31 +02:00
|
|
|
/**
|
|
|
|
* lasso_provider_get_default_name_id_format:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* If the provider has a list of supported name id formats in its metadatas, return the first one.
|
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(transfer full)(allow-none): a NameIDFormat URI or NULL, the returned value must be freed by the caller.
|
2009-09-29 15:20:31 +02:00
|
|
|
*/
|
|
|
|
gchar*
|
2010-03-27 17:52:04 +01:00
|
|
|
lasso_provider_get_default_name_id_format(LassoProvider *provider)
|
2009-09-29 15:20:31 +02:00
|
|
|
{
|
|
|
|
return lasso_provider_get_metadata_one(provider, "NameIDFormat");
|
|
|
|
}
|
2009-10-30 15:47:36 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_sp_name_qualifier:
|
|
|
|
* @provider: a #LassoPRovider object
|
|
|
|
*
|
|
|
|
* Return the entityID to use for qualifying NameIdentifier.
|
|
|
|
*
|
2010-02-17 11:14:59 +01:00
|
|
|
* Return value:(transfer none)(allow-none): a private string or NULL. Do not keep a reference on this string or
|
2009-10-30 15:47:36 +01:00
|
|
|
* free it.
|
|
|
|
*/
|
2010-02-04 01:02:05 +01:00
|
|
|
const char*
|
2009-10-30 15:47:36 +01:00
|
|
|
lasso_provider_get_sp_name_qualifier(LassoProvider *provider)
|
|
|
|
{
|
2010-02-04 01:02:05 +01:00
|
|
|
const char *sp_name_qualifier;
|
2009-10-30 15:47:36 +01:00
|
|
|
|
|
|
|
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
|
|
|
/* should not happen ! */
|
|
|
|
g_return_val_if_fail(provider->private_data != NULL, NULL);
|
|
|
|
|
|
|
|
if (provider->private_data->affiliation_id) {
|
|
|
|
sp_name_qualifier = provider->private_data->affiliation_id;
|
|
|
|
} else {
|
|
|
|
sp_name_qualifier = provider->ProviderID;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sp_name_qualifier) {
|
2010-02-04 01:02:05 +01:00
|
|
|
return sp_name_qualifier;
|
2009-10-30 15:47:36 +01:00
|
|
|
} else {
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
}
|
2010-01-04 10:14:25 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_verify_single_node_signature:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
* @node: a #LassoNode object, still having its originalXmlnode content, and containing an XML
|
|
|
|
* signature.
|
|
|
|
* @id_attr_name: the name of the ID attribute to lookup.
|
|
|
|
*
|
|
|
|
* Return wheter the provider signed this node.
|
|
|
|
*
|
|
|
|
* Return value: 0 if the node is signed by this provider, an error code otherwise.
|
|
|
|
*/
|
|
|
|
int
|
|
|
|
lasso_provider_verify_single_node_signature (LassoProvider *provider, LassoNode *node, const char *id_attr_name)
|
|
|
|
{
|
|
|
|
xmlNode *xmlnode = NULL;
|
|
|
|
xmlSecKey *xmlseckey = NULL;
|
|
|
|
|
|
|
|
xmlnode = lasso_node_get_original_xmlnode (node);
|
|
|
|
if (xmlnode == NULL) {
|
|
|
|
return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
|
|
|
|
}
|
|
|
|
xmlseckey = lasso_provider_get_public_key (provider);
|
|
|
|
if (xmlseckey == NULL) {
|
|
|
|
return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED;
|
|
|
|
}
|
|
|
|
return lasso_verify_signature(xmlnode, NULL, id_attr_name, NULL, xmlseckey, NO_SINGLE_REFERENCE, NULL);
|
|
|
|
}
|
2010-03-27 17:52:04 +01:00
|
|
|
|
|
|
|
struct AddForRoleHelper {
|
|
|
|
GList *l;
|
|
|
|
LassoProviderRole role;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
_add_for_role(gpointer key, G_GNUC_UNUSED gpointer data, struct AddForRoleHelper *helper)
|
|
|
|
{
|
|
|
|
char role_prefix[64];
|
|
|
|
int l;
|
|
|
|
|
|
|
|
l = sprintf(role_prefix, "%s ", protocol_roles[helper->role]);
|
|
|
|
|
|
|
|
if (key && strncmp(key, role_prefix, l) == 0) {
|
|
|
|
lasso_list_add_string(helper->l, ((char*)key) + l);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_metadata_keys_for_role:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
* @role: a #LassoProviderRole value
|
|
|
|
*
|
|
|
|
* Returns the list of metadata keys existing for the given provider.
|
|
|
|
*
|
|
|
|
* Return value:(element-type utf8)(transfer full): a newly allocated list of strings
|
|
|
|
*/
|
|
|
|
GList*
|
|
|
|
lasso_provider_get_metadata_keys_for_role(LassoProvider *provider, LassoProviderRole role)
|
|
|
|
{
|
|
|
|
struct AddForRoleHelper helper = { NULL, role };
|
|
|
|
|
|
|
|
lasso_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
|
|
|
lasso_return_val_if_fail(provider->private_data != NULL, NULL);
|
|
|
|
lasso_return_val_if_fail(role > LASSO_PROVIDER_ROLE_NONE && role < LASSO_PROVIDER_ROLE_LAST, NULL);
|
|
|
|
|
|
|
|
g_hash_table_foreach(provider->private_data->Descriptors, (GHFunc)_add_for_role, &helper);
|
|
|
|
|
|
|
|
return helper.l;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_get_roles:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return the bitmask of the supported roles.
|
|
|
|
*
|
|
|
|
* Return value: a #LassoProviderRole enumeration value.
|
|
|
|
*/
|
|
|
|
LassoProviderRole
|
|
|
|
lasso_provider_get_roles(LassoProvider *provider)
|
|
|
|
{
|
|
|
|
lasso_return_val_if_fail(LASSO_IS_PROVIDER(provider) && provider->private_data, LASSO_PROVIDER_ROLE_NONE);
|
|
|
|
|
|
|
|
return provider->private_data->roles;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* lasso_provider_match_conformance:
|
|
|
|
* @provider: a #LassoProvider object
|
|
|
|
* @another_provider: a #LassoProvider object
|
|
|
|
*
|
|
|
|
* Return whether the two provider support a same protocol.
|
|
|
|
* See also #LassoProtocolConformance.
|
|
|
|
*
|
|
|
|
* Return value: TRUE or FALSE.
|
|
|
|
*/
|
|
|
|
gboolean
|
|
|
|
lasso_provider_match_conformance(LassoProvider *provider, LassoProvider *another_provider)
|
|
|
|
{
|
|
|
|
lasso_return_val_if_fail(LASSO_IS_PROVIDER(provider)
|
|
|
|
&& LASSO_IS_PROVIDER(another_provider),
|
|
|
|
FALSE);
|
|
|
|
|
|
|
|
int conformance1 = lasso_provider_get_protocol_conformance(provider);
|
|
|
|
int conformance2 = lasso_provider_get_protocol_conformance(another_provider);
|
|
|
|
|
|
|
|
return (conformance1 & conformance2) != 0;
|
|
|
|
}
|