ID-WSF 2.0: in profile.{c,h}, discovery.{c,h}, data_service.{c,h}, overhaul all profiles.
* lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/profile.h:
- lasso_idwsf2_profile_get_name_identifier returns the NameID found
in an assertion used as a WS-Security token when security mechanism
Bearer or SAML are used.
- complete the function lasso_id_wsf2_profile_build_soap_envelope
with construction of the Sender element which is used to transmit
the providerID of the message sender by the SOAP binding ID-WSF 2.0
specification.
- remove useless instance_init function in profile object
- reset some profile fields in process_soap_request_msg (response,
body, nameIdentifier). use
lasso_saml20_profile_name_identifier_decryption for handling NameID
from WS-Security mechanism assertion.
- add private_data
- change signature of lasso_idwsf2_profile_init_soap_request to use
and EPR and a security mechanism specifier when building the SOAP
request.
- change signature of lasso_idwsf2_profile_process_soap_request to
verify security_mech_id of received messages.
* docs/reference/lasso/lasso-sections.txt:
add the function to the documentation.
* lasso/id-wsf-2.0/discovery.{c,h}:
- use utils.h macros instead of g_return_val_if_fail because it
removes useless warning, since it returns an error code. release
acquired resources.
- in lasso_idwsf2_discovery_metadata_register_self, return error code
instead of identifier string for the new service, use an out
parmeter to return the identifier, use utils.h macros.
- in lasso_idwsf2_discovery_init_metadata_register, use utils.h
macros, check return code of lasso_idwsf2_profile_init_soap_request.
- change signature of lasso_idwsf2_discovery_init_metadata_register
to support security_mech_id, try to get URL from an existing
Discovery service EPR (from Session object).
- change signature of
lasso_idwsf2_discovery_process_metadata_register_msg,
lasso_idwsf2_discovery_init_metadata_association_add,
lasso_idwsf2_discovery_process_metadata_association_add_msg,
lasso_idwsf2_discovery_init_query,
lasso_idwsf2_discovery_process_query_msg, to support security
mechanism.
- improve lasso_idwsf2_discovery_build_query_response_eprs.
- add lasso_idwsf2_discovery_get_nth_data_service to acces returned
services.
* lasso/id-wsf-2.0/data_service.{c,h}:
- redo all the API
This commit is contained in:
parent
277fc83eb1
commit
bfb8483823
|
|
@ -5784,6 +5784,7 @@ lasso_idwsf2_profile_process_soap_request_msg
|
|||
lasso_idwsf2_profile_build_response_msg
|
||||
lasso_idwsf2_profile_process_soap_response_msg
|
||||
lasso_idwsf2_profile_build_soap_envelope
|
||||
lasso_idwsf2_profile_get_name_identifier
|
||||
<SUBSECTION Standard>
|
||||
LASSO_IDWSF2_PROFILE
|
||||
LASSO_IS_IDWSF2_PROFILE
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -33,6 +33,8 @@ extern "C" {
|
|||
#include "profile.h"
|
||||
#include "../xml/xml.h"
|
||||
#include "../xml/id-wsf-2.0/dstref_query_item.h"
|
||||
#include "../xml/id-wsf-2.0/util_status.h"
|
||||
#include "../xml/id-wsf-2.0/dstref_data.h"
|
||||
#include "../xml/ws/wsa_endpoint_reference.h"
|
||||
|
||||
|
||||
|
|
@ -55,12 +57,6 @@ typedef struct _LassoIdWsf2DataServicePrivate LassoIdWsf2DataServicePrivate;
|
|||
struct _LassoIdWsf2DataService {
|
||||
LassoIdWsf2Profile parent;
|
||||
|
||||
/*< public >*/
|
||||
xmlNode *data;
|
||||
gchar *type;
|
||||
gchar *redirect_url;
|
||||
GList *query_items; /* of strings */
|
||||
|
||||
/*< private >*/
|
||||
LassoIdWsf2DataServicePrivate *private_data;
|
||||
};
|
||||
|
|
@ -69,54 +65,76 @@ struct _LassoIdWsf2DataServiceClass {
|
|||
LassoIdWsf2ProfileClass parent;
|
||||
};
|
||||
|
||||
typedef enum {
|
||||
LASSO_IDWSF2_DATA_SERVICE_REQUEST_TYPE_UNKNOWN,
|
||||
LASSO_IDWSF2_DATA_SERVICE_REQUEST_TYPE_QUERY,
|
||||
LASSO_IDWSF2_DATA_SERVICE_REQUEST_TYPE_MODIFY,
|
||||
LASSO_IDWSF2_DATA_SERVICE_REQUEST_TYPE_CREATE,
|
||||
LASSO_IDWSF2_DATA_SERVICE_REQUEST_TYPE_DELETE
|
||||
} LassoIdWsf2DataServiceRequestType;
|
||||
|
||||
LASSO_EXPORT GType lasso_idwsf2_data_service_get_type(void);
|
||||
|
||||
/* Service initialization */
|
||||
LASSO_EXPORT LassoIdWsf2DataService* lasso_idwsf2_data_service_new(LassoServer *server);
|
||||
|
||||
LASSO_EXPORT LassoIdWsf2DataService* lasso_idwsf2_data_service_new_full(LassoServer *server,
|
||||
LassoWsAddrEndpointReference *epr);
|
||||
|
||||
/* Request initialization */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_init_query(LassoIdWsf2DataService *service);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_add_query_item(
|
||||
LassoIdWsf2DataService *service, const gchar *item_xpath, const gchar *item_id);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_process_query_msg(LassoIdWsf2DataService *service,
|
||||
const gchar *message);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_parse_query_items(LassoIdWsf2DataService *service);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_process_query_response_msg(
|
||||
LassoIdWsf2DataService *service, const gchar *message);
|
||||
|
||||
LASSO_EXPORT GList* lasso_idwsf2_data_service_get_attribute_nodes(LassoIdWsf2DataService *service,
|
||||
const gchar *item_id);
|
||||
|
||||
LASSO_EXPORT xmlNode* lasso_idwsf2_data_service_get_attribute_node(LassoIdWsf2DataService *service,
|
||||
const gchar *item_id);
|
||||
|
||||
LASSO_EXPORT GList* lasso_idwsf2_data_service_get_attribute_strings(LassoIdWsf2DataService *service,
|
||||
const gchar *item_id);
|
||||
|
||||
LASSO_EXPORT gchar* lasso_idwsf2_data_service_get_attribute_string(LassoIdWsf2DataService *service,
|
||||
const gchar *item_id);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_init_redirect_user_for_consent(
|
||||
LassoIdWsf2DataService *service, const gchar *redirect_url);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_init_modify(LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_init_create(LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_init_delete(LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_set_service_type(LassoIdWsf2DataService *service,
|
||||
const char *prefix, const char *service_type);
|
||||
LASSO_EXPORT const char* lasso_idwsf2_data_service_get_service_type(
|
||||
LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT const char* lasso_idwsf2_data_service_get_service_type_prefix(
|
||||
LassoIdWsf2DataService *service);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_add_modify_item(
|
||||
LassoIdWsf2DataService *service, const gchar *item_xpath, const gchar *item_id,
|
||||
const gchar *new_data, gboolean overrideAllowed);
|
||||
/* Manipulate request */
|
||||
LASSO_EXPORT LassoIdWsf2DataServiceRequestType lasso_idwsf2_data_service_get_request_type(
|
||||
LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_add_query_item(
|
||||
LassoIdWsf2DataService *service, const gchar *item_query, const gchar *item_id);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_add_modify_item(LassoIdWsf2DataService *service,
|
||||
const gchar *item_query, xmlNode *new_data, gboolean overrideAllowed,
|
||||
const gchar *item_id);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_add_namespace(LassoIdWsf2DataService *data_service,
|
||||
const char *prefix, const char *href);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_process_modify_msg(LassoIdWsf2DataService *service,
|
||||
const gchar *message);
|
||||
/* Produce request */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_build_request_msg(LassoIdWsf2DataService *service,
|
||||
const char *security_mech_id);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_parse_modify_items(LassoIdWsf2DataService *service);
|
||||
/* Handle request */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_process_request_msg(LassoIdWsf2DataService *service,
|
||||
const char *msg);
|
||||
LASSO_EXPORT GList *lasso_idwsf2_data_service_get_item_ids(LassoIdWsf2DataService *data_service);
|
||||
LASSO_EXPORT GList *lasso_idwsf2_data_service_get_items(LassoIdWsf2DataService *data_service);
|
||||
LASSO_EXPORT LassoNode* lasso_idwsf2_data_service_get_item(LassoIdWsf2DataService *data_service,
|
||||
const char *item_id);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_process_modify_response_msg(
|
||||
LassoIdWsf2DataService *service, const gchar *message);
|
||||
/* Reponse initialization */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_init_response(LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_set_status_code(LassoIdWsf2DataService *service,
|
||||
const char *status_code, const char *status_code2);
|
||||
|
||||
/* Manipulate response */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_set_query_item_result(
|
||||
LassoIdWsf2DataService *data_service, const char *item_id, xmlNode *xml_data,
|
||||
gboolean add);
|
||||
|
||||
/* Produce response */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_build_response_msg(LassoIdWsf2DataService *service);
|
||||
|
||||
/* Handle response */
|
||||
LASSO_EXPORT gint lasso_idwsf2_data_service_process_response_msg(
|
||||
LassoIdWsf2DataService *service, const char *msg);
|
||||
LASSO_EXPORT LassoIdWsf2UtilStatus *lasso_idwsf2_data_service_get_response_status(
|
||||
LassoIdWsf2DataService *service);
|
||||
LASSO_EXPORT LassoIdWsf2DstRefData* lasso_idwsf2_data_service_get_query_item_result(
|
||||
LassoIdWsf2DataService *service, const char *item_id);
|
||||
LASSO_EXPORT GList* lasso_idwsf2_data_service_get_query_item_results(
|
||||
LassoIdWsf2DataService *service);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -56,9 +56,6 @@ typedef struct _LassoIdWsf2DiscoveryPrivate LassoIdWsf2DiscoveryPrivate;
|
|||
struct _LassoIdWsf2Discovery {
|
||||
LassoIdWsf2Profile parent;
|
||||
|
||||
GList *metadatas; /* of LassoIdWsf2DiscoSvcMetadata* */
|
||||
GList *svcMDIDs; /* of char* */
|
||||
|
||||
/*< private >*/
|
||||
LassoIdWsf2DiscoveryPrivate *private_data;
|
||||
};
|
||||
|
|
@ -71,48 +68,78 @@ LASSO_EXPORT GType lasso_idwsf2_discovery_get_type(void);
|
|||
|
||||
LASSO_EXPORT LassoIdWsf2Discovery* lasso_idwsf2_discovery_new(LassoServer *server);
|
||||
|
||||
LASSO_EXPORT gchar* lasso_idwsf2_discovery_metadata_register_self(LassoIdWsf2Discovery *discovery,
|
||||
const gchar *service_type, const gchar *abstract,
|
||||
const gchar *soap_endpoint, const gchar *svcMDID);
|
||||
/**
|
||||
* LassoIdWsf2DiscoveryRequestType:
|
||||
* @LASSO_IDWSF2_DISCOVERY_METADATA_REGISTER_REQUEST:
|
||||
* @LASSO_IDWSF2_DISCOVERY_METADATA_ASSOCIATION_REQUEST:
|
||||
* @LASSO_IDWSF2_DISCOVERY_METADATA_DISSOCIATION_REQUEST:
|
||||
* @LASSO_IDWSF2_DISCOVERY_QUERY:
|
||||
*/
|
||||
typedef enum {
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_UNKNOWN,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_QUERY,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_QUERY,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_REGISTER,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_REPLACE,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_DELETE,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_ADD,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_DELETE,
|
||||
LASSO_IDWSF2_DISCOVERY_REQUEST_TYPE_MD_ASSOCIATION_QUERY,
|
||||
} LassoIdWsf2DiscoveryRequestType;
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_register(LassoIdWsf2Discovery *discovery,
|
||||
const gchar *service_type, const gchar *abstract,
|
||||
const gchar *disco_provider_id, const gchar *soap_endpoint);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_metadata_register_msg(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *message);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_metadata_register_response_msg(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *message);
|
||||
/**
|
||||
* LassoIdWsf2DiscoveryQueryResultType:
|
||||
* @LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_BEST:
|
||||
* @LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_ALL:
|
||||
* @LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_ONLY_ONE:
|
||||
*/
|
||||
typedef enum {
|
||||
LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_NONE,
|
||||
LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_BEST,
|
||||
LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_ALL,
|
||||
LASSO_IDWSF2_DISCOVERY_QUERY_RESULT_TYPE_ONLY_ONE
|
||||
} LassoIdWsf2DiscoveryQueryResultType;
|
||||
|
||||
/* Request initialization */
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_query(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_query(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_register(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_replace(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_association_add(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *svcMDID);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_metadata_association_add_msg(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *message);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_register_metadata(LassoIdWsf2Discovery *discovery);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_metadata_association_add_response_msg(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *message);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_query(LassoIdWsf2Discovery *discovery,
|
||||
const gchar *security_mech_id);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_add_requested_service_type(LassoIdWsf2Discovery *discovery,
|
||||
const gchar *service_type);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_query_msg(LassoIdWsf2Discovery *discovery,
|
||||
const gchar *message);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_build_query_response_eprs(
|
||||
LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_association_delete(
|
||||
LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_init_metadata_association_query(
|
||||
LassoIdWsf2Discovery *discovery);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_query_response_msg(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *message);
|
||||
/* Add metadatas to operate on, to make request, but also to make responses. */
|
||||
LASSO_EXPORT int lasso_idwsf2_discovery_add_service_metadata(
|
||||
LassoIdWsf2Discovery *idwsf2_discovery, LassoIdWsf2DiscoSvcMetadata *service_metadata);
|
||||
LASSO_EXPORT int lasso_idwsf2_discovery_add_simple_service_metadata(
|
||||
LassoIdWsf2Discovery *idwsf2_discovery, const char *abstract,
|
||||
const char *provider_id, GList *service_types, GList *options, const char *address,
|
||||
GList *security_mech_ids);
|
||||
LASSO_EXPORT GList* lasso_idwsf2_discovery_get_metadatas(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_add_requested_service(LassoIdWsf2Discovery *discovery,
|
||||
GList *service_types, GList *provider_ids, GList *options, GList *security_mech_ids,
|
||||
GList *frameworks, GList *actions, LassoIdWsf2DiscoveryQueryResultType result_type,
|
||||
const char *req_id);
|
||||
|
||||
/* Build the request message */
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_build_request_msg(LassoIdWsf2Discovery *discovery,
|
||||
const char *security_mech_id);
|
||||
|
||||
/* Handle a request */
|
||||
LASSO_EXPORT LassoIdWsf2DiscoveryRequestType lasso_idwsf2_discovery_get_request_type(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_validate_request(LassoIdWsf2Discovery *discovery);
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_fail_request(LassoIdWsf2Discovery *discovery,
|
||||
const char *status_code, const char *status_code2);
|
||||
|
||||
/* Process the response */
|
||||
LASSO_EXPORT gint lasso_idwsf2_discovery_process_response_msg(LassoIdWsf2Discovery *discovery,
|
||||
const char *msg);
|
||||
LASSO_EXPORT GList* lasso_idwsf2_discovery_get_endpoint_references(LassoIdWsf2Discovery *discovery);
|
||||
|
||||
LASSO_EXPORT LassoIdWsf2DataService* lasso_idwsf2_discovery_get_service(
|
||||
LassoIdWsf2Discovery *discovery, const gchar *service_type);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,6 +35,8 @@
|
|||
#include "../id-ff/serverprivate.h"
|
||||
#include "../id-ff/providerprivate.h"
|
||||
|
||||
#include "../saml-2.0/profileprivate.h"
|
||||
|
||||
#include "profile.h"
|
||||
#include "session.h"
|
||||
|
||||
|
|
@ -43,22 +45,85 @@
|
|||
#include "../xml/soap_binding_provider.h"
|
||||
#include "../xml/soap_binding_processing_context.h"
|
||||
#include "../xml/xml_enc.h"
|
||||
#include "../xml/id-wsf-2.0/sb2_sender.h"
|
||||
#include "../xml/id-wsf-2.0/sb2_redirect_request.h"
|
||||
|
||||
#include "../xml/ws/wsse_security_header.h"
|
||||
|
||||
#include "../xml/saml-2.0/saml2_assertion.h"
|
||||
#include "../utils.h"
|
||||
#include "./idwsf2_helper.h"
|
||||
#include "./soap_binding.h"
|
||||
#include "../id-wsf/utils.h"
|
||||
#include "../saml-2.0/saml2_helper.h"
|
||||
|
||||
/*****************************************************************************/
|
||||
/* private methods */
|
||||
/*****************************************************************************/
|
||||
/**
|
||||
* LassoIdWsf2ProfilePrivate:
|
||||
* @epr: the #LassoWsAddrEndpointReference object representing the targetd service
|
||||
*/
|
||||
struct _LassoIdWsf2ProfilePrivate {
|
||||
LassoWsAddrEndpointReference *epr;
|
||||
LassoSoapEnvelope *soap_envelope_request;
|
||||
LassoSoapEnvelope *soap_envelope_response;
|
||||
};
|
||||
|
||||
LassoSoapEnvelope*
|
||||
lasso_idwsf2_profile_build_soap_envelope(G_GNUC_UNUSED const char *refToMessageId, G_GNUC_UNUSED const char *providerId)
|
||||
#define private_accessors(type, name) \
|
||||
static type \
|
||||
_get_##name(LassoIdWsf2Profile *idwsf2_profile)\
|
||||
{ \
|
||||
if (idwsf2_profile && idwsf2_profile->private_data) \
|
||||
{ \
|
||||
return idwsf2_profile->private_data->name; \
|
||||
} \
|
||||
return 0; \
|
||||
} \
|
||||
static void \
|
||||
_set_##name(LassoIdWsf2Profile *idwsf2_profile, \
|
||||
type what) \
|
||||
{ \
|
||||
if (idwsf2_profile && idwsf2_profile->private_data) \
|
||||
{ \
|
||||
lasso_assign_gobject(idwsf2_profile->private_data->name, what); \
|
||||
} \
|
||||
}
|
||||
|
||||
private_accessors(LassoWsAddrEndpointReference*,epr)
|
||||
private_accessors(LassoSoapEnvelope*,soap_envelope_request)
|
||||
private_accessors(LassoSoapEnvelope*,soap_envelope_response)
|
||||
|
||||
|
||||
static void
|
||||
_add_fault_for_rc(LassoIdWsf2Profile *profile, int rc)
|
||||
{
|
||||
LassoSoapFault *fault;
|
||||
char *code;
|
||||
|
||||
if (rc) {
|
||||
code = g_strdup_printf("LASSO_ERROR_%i", rc);
|
||||
fault = lasso_soap_fault_new_full(code, lasso_strerror(rc));
|
||||
g_free(code);
|
||||
lasso_release_list_of_gobjects(_get_soap_envelope_response(profile)->Header->Other);
|
||||
lasso_soap_envelope_add_to_body(_get_soap_envelope_response(profile), (LassoNode*)fault);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_build_soap_envelope:
|
||||
* @refToMessageId: (allow-none): the string ID of the request
|
||||
* @providerId: (allow-none): the providerID of the sender
|
||||
*
|
||||
* Build a new SOAP envelope, for transmitting an ID-WSF request of response. If the message is a
|
||||
* response, refer to the request whose ID is @refToMessageId.
|
||||
*
|
||||
* Return value: a new #LassoSoapEnvelope if successful, NULL otherwise.
|
||||
*/
|
||||
static LassoSoapEnvelope*
|
||||
lasso_idwsf2_profile_build_soap_envelope(const char *refToMessageId, const char *providerID)
|
||||
{
|
||||
LassoSoapEnvelope *envelope;
|
||||
LassoSoapHeader *header;
|
||||
LassoSoapBody *body;
|
||||
LassoIdWsf2Sb2Sender *sender;
|
||||
|
||||
/* Body */
|
||||
body = lasso_soap_body_new();
|
||||
|
|
@ -69,125 +134,424 @@ lasso_idwsf2_profile_build_soap_envelope(G_GNUC_UNUSED const char *refToMessageI
|
|||
header = lasso_soap_header_new();
|
||||
envelope->Header = header;
|
||||
|
||||
if (providerID) {
|
||||
/* Sender */
|
||||
sender = lasso_idwsf2_sb2_sender_new();
|
||||
lasso_assign_string(sender->providerID, providerID);
|
||||
lasso_list_add_gobject(header->Other, sender);
|
||||
}
|
||||
|
||||
if (refToMessageId) {
|
||||
LassoWsAddrAttributedURI *relates_to;
|
||||
relates_to = lasso_wsa_attributed_uri_new_with_string(refToMessageId);
|
||||
lasso_node_set_custom_nodename((LassoNode*)relates_to, "RelatesTo");
|
||||
lasso_list_add_gobject(header->Other, relates_to);
|
||||
}
|
||||
|
||||
return envelope;
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
/* public methods */
|
||||
/*****************************************************************************/
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_init_request:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
*
|
||||
* Initialize a new SOAP ID-WSF 2.0 request. Clear the existing request if one is currently set.
|
||||
*
|
||||
* Return value: 0 if successful, an error code otherwise.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_init_soap_request(LassoIdWsf2Profile *profile, LassoNode *request,
|
||||
gchar *service_type)
|
||||
lasso_idwsf2_profile_init_request(LassoIdWsf2Profile *idwsf2_profile)
|
||||
{
|
||||
LassoSoapEnvelope *envelope;
|
||||
LassoSession *session = LASSO_PROFILE(profile)->session;
|
||||
LassoSaml2Assertion *assertion;
|
||||
LassoWsSec1SecurityHeader *wsse_security;
|
||||
LassoSoapEnvelope *envelope = NULL;
|
||||
LassoProfile *profile = NULL;
|
||||
LassoWsAddrEndpointReference *epr;
|
||||
const char *provider_id = NULL;
|
||||
int rc = 0;
|
||||
|
||||
/* Initialise soap envelope */
|
||||
envelope = lasso_idwsf2_profile_build_soap_envelope(NULL,
|
||||
LASSO_PROVIDER(LASSO_PROFILE(profile)->server)->ProviderID);
|
||||
lasso_assign_new_gobject(profile->soap_envelope_request, envelope);
|
||||
lasso_bad_param(IDWSF2_PROFILE, idwsf2_profile);
|
||||
profile = &idwsf2_profile->parent;
|
||||
epr = lasso_idwsf2_profile_get_epr(idwsf2_profile);
|
||||
|
||||
/* Add identity token (if it exists in the session) in soap header */
|
||||
assertion = lasso_session_get_assertion_identity_token(session, service_type);
|
||||
if (epr) {
|
||||
LassoIdWsf2DiscoSecurityContext *security_context;
|
||||
|
||||
/* FIXME: use sb2:TargetIdentity if security mech is :null */
|
||||
if (assertion != NULL) {
|
||||
wsse_security = lasso_wsse_security_header_new();
|
||||
lasso_list_add_new_gobject(wsse_security->any, assertion);
|
||||
lasso_list_add_new_gobject(envelope->Header->Other, wsse_security);
|
||||
security_context =
|
||||
lasso_wsa_endpoint_reference_get_idwsf2_security_context_for_security_mechanism(
|
||||
epr, lasso_security_mech_id_is_bearer_authentication, NULL, FALSE);
|
||||
if (! security_context) {
|
||||
return LASSO_WSF_PROFILE_ERROR_UNSUPPORTED_SECURITY_MECHANISM;
|
||||
}
|
||||
}
|
||||
|
||||
/* Add the given request in soap body */
|
||||
lasso_list_add_gobject(envelope->Body->any, request);
|
||||
if (LASSO_IS_SERVER(profile->server)) {
|
||||
provider_id = profile->server->parent.ProviderID;
|
||||
}
|
||||
envelope = lasso_idwsf2_profile_build_soap_envelope(NULL, provider_id);
|
||||
_set_soap_envelope_request(idwsf2_profile, envelope);
|
||||
lasso_release_gobject(profile->request);
|
||||
|
||||
return 0;
|
||||
lasso_release_gobject(envelope);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_init_response:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
*
|
||||
* Initialize a new SOAP ID-WSF 2.0 response. Clear the existing response if one is currently set.
|
||||
*
|
||||
* Return value: 0 if successful, an error code otherwise.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_build_request_msg(LassoIdWsf2Profile *profile)
|
||||
lasso_idwsf2_profile_init_response(LassoIdWsf2Profile *profile)
|
||||
{
|
||||
g_return_val_if_fail(LASSO_IS_IDWSF2_PROFILE(profile),
|
||||
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
char *provider_id = NULL;
|
||||
LassoSoapEnvelope *soap_envelope;
|
||||
char *request_message_id = NULL;
|
||||
int rc = 0;
|
||||
|
||||
lasso_bad_param(IDWSF2_PROFILE, profile);
|
||||
|
||||
if (LASSO_IS_SERVER(profile->parent.server)) {
|
||||
provider_id = profile->parent.server->parent.ProviderID;
|
||||
}
|
||||
request_message_id = lasso_soap_envelope_get_message_id(
|
||||
lasso_idwsf2_profile_get_soap_envelope_request(profile));
|
||||
soap_envelope = lasso_idwsf2_profile_build_soap_envelope(request_message_id, provider_id);
|
||||
_set_soap_envelope_response(profile, soap_envelope);
|
||||
lasso_release_gobject(profile->parent.response);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_build_request_msg:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
*
|
||||
* Serialize and sign, if needed, the SOAP request message, put the result in
|
||||
* <programlisting>LASSO_PROFILE(profile)->msg_body</paramlisting>.
|
||||
*
|
||||
* FIXME: really do sign messages.
|
||||
*
|
||||
* Return value: 0 if successful, LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_build_request_msg(LassoIdWsf2Profile *profile, const char *security_mech_id)
|
||||
{
|
||||
LassoWsAddrEndpointReference *epr;
|
||||
LassoSoapEnvelope *envelope;
|
||||
|
||||
lasso_bad_param(IDWSF2_PROFILE, profile);
|
||||
epr = lasso_idwsf2_profile_get_epr(profile);
|
||||
envelope = _get_soap_envelope_request(profile);
|
||||
|
||||
/* Handle SOAP Binding and WS-Security, when given an EPR */
|
||||
if (LASSO_IS_WSA_ENDPOINT_REFERENCE(epr)) {
|
||||
if (epr->Address != NULL) {
|
||||
lasso_assign_string(profile->parent.msg_url, epr->Address->content);
|
||||
}
|
||||
|
||||
/* Default try bearer */
|
||||
if (security_mech_id == NULL || lasso_security_mech_id_is_bearer_authentication(
|
||||
security_mech_id)) {
|
||||
LassoNode *security_token;
|
||||
|
||||
security_token = lasso_wsa_endpoint_reference_get_security_token(epr,
|
||||
lasso_security_mech_id_is_bearer_authentication, NULL);
|
||||
if (security_token) {
|
||||
lasso_soap_envelope_add_security_token (envelope, security_token);
|
||||
} else {
|
||||
g_warning ("No security mechanism specified, " \
|
||||
"failed to find security token for Bearer mechanism");
|
||||
}
|
||||
if (lasso_wsa_endpoint_reference_get_target_identity_token(epr,
|
||||
lasso_security_mech_id_is_bearer_authentication, NULL) != NULL) {
|
||||
g_critical("TargetIdentity token are not supported");
|
||||
}
|
||||
} else {
|
||||
g_critical("Only Bearer security mechanism is supported by ID-WSF 2.0 module of Lasso");
|
||||
}
|
||||
}
|
||||
|
||||
LASSO_PROFILE(profile)->msg_body = lasso_node_export_to_xml(
|
||||
LASSO_NODE(profile->soap_envelope_request));
|
||||
LASSO_NODE(_get_soap_envelope_request(profile)));
|
||||
|
||||
if (! LASSO_PROFILE(profile)->msg_body)
|
||||
return LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_process_request_msg:
|
||||
* @wsf2_profile: a #LassoIdWsf2Profile object
|
||||
* @message: a received SOAP message
|
||||
*
|
||||
* Parse a SOAP request message and initialize the SOAP Envelope for the response.
|
||||
*
|
||||
* Return value: 0 if successful, an error code otherwise among:
|
||||
* <itemizedlist>
|
||||
* <listitem><para>LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if @profile is not a #LassoIdWsf2Profile
|
||||
* object,</para></listitem>
|
||||
* <listitem><para>LASSO_PARAM_ERROR_INVALID_VALUE if message is NULL,</para></listitem>
|
||||
* <listitem><para>LASSO_PROFILE_ERROR_INVALID_MSG if we cannot parse the message,</para></listitem>
|
||||
* <listitem><para>LASSO_SOAP_ERROR_MISSING_BODY if the message has no body
|
||||
* content.</para></listitem>
|
||||
* <itemizedlist>
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_process_soap_request_msg(LassoIdWsf2Profile *wsf2_profile, const gchar *message)
|
||||
lasso_idwsf2_profile_process_request_msg(LassoIdWsf2Profile *wsf2_profile, const gchar *message)
|
||||
{
|
||||
LassoProfile *profile = NULL;
|
||||
LassoSoapEnvelope *envelope = NULL;
|
||||
char *message_id;
|
||||
char *provider_id;
|
||||
int rc = 0;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_IDWSF2_PROFILE(wsf2_profile),
|
||||
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
g_return_val_if_fail(message != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||
lasso_bad_param(IDWSF2_PROFILE, wsf2_profile);
|
||||
lasso_check_non_empty_string(message);
|
||||
|
||||
/* Clean some fields */
|
||||
lasso_release_gobject(wsf2_profile->parent.nameIdentifier);
|
||||
lasso_release_string(wsf2_profile->parent.remote_providerID);
|
||||
lasso_release_string(wsf2_profile->parent.msg_body);
|
||||
lasso_release_gobject(wsf2_profile->private_data->soap_envelope_response);
|
||||
lasso_release_gobject(wsf2_profile->parent.response);
|
||||
|
||||
/* Get soap request */
|
||||
profile = LASSO_PROFILE(wsf2_profile);
|
||||
lasso_assign_new_gobject(wsf2_profile->soap_envelope_request, lasso_soap_envelope_new_from_message(message));
|
||||
if (! LASSO_IS_SOAP_ENVELOPE(wsf2_profile->soap_envelope_request)) {
|
||||
|
||||
lasso_assign_new_gobject(wsf2_profile->private_data->soap_envelope_request,
|
||||
lasso_soap_envelope_new_from_message(message));
|
||||
if (! LASSO_IS_SOAP_ENVELOPE(_get_soap_envelope_request(wsf2_profile))) {
|
||||
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
||||
}
|
||||
envelope = wsf2_profile->soap_envelope_request;
|
||||
envelope = _get_soap_envelope_request(wsf2_profile);
|
||||
if (envelope != NULL && envelope->Body != NULL && envelope->Body->any != NULL &&
|
||||
LASSO_IS_NODE(envelope->Body->any->data)) {
|
||||
lasso_assign_gobject(LASSO_PROFILE(profile)->request, (LassoNode*)envelope->Body->any->data);
|
||||
lasso_assign_gobject(profile->request, envelope->Body->any->data);
|
||||
} else {
|
||||
rc = LASSO_SOAP_ERROR_MISSING_BODY;
|
||||
}
|
||||
|
||||
/* Initialize soap response */
|
||||
lasso_assign_new_gobject(wsf2_profile->soap_envelope_response, lasso_idwsf2_profile_build_soap_envelope(NULL,
|
||||
LASSO_PROVIDER(profile->server)->ProviderID));
|
||||
message_id = lasso_soap_envelope_get_message_id(
|
||||
_get_soap_envelope_request(wsf2_profile));
|
||||
if (LASSO_IS_SERVER(profile->server)) {
|
||||
provider_id = profile->server->parent.ProviderID;
|
||||
lasso_assign_new_gobject(wsf2_profile->private_data->soap_envelope_response,
|
||||
lasso_idwsf2_profile_build_soap_envelope(message_id, provider_id));
|
||||
}
|
||||
_add_fault_for_rc(wsf2_profile, rc);
|
||||
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_check_security_mechanism:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
* @security_mech_id:(allow-none): the security mechanism to enforce, if none is provided Bearer is
|
||||
* assumed.
|
||||
*
|
||||
* Check ID-WSF 2.0 Security Mechanism upon the received request.
|
||||
*
|
||||
* Return value: 0 if the request passed the check, an error code otherwise.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_build_response_msg(LassoIdWsf2Profile *profile)
|
||||
lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
|
||||
const char *security_mech_id)
|
||||
{
|
||||
g_return_val_if_fail(LASSO_IS_IDWSF2_PROFILE(profile),
|
||||
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
LassoSoapEnvelope *envelope = NULL;
|
||||
int rc = LASSO_WSF_PROFILE_ERROR_SECURITY_MECHANISM_CHECK_FAILED;
|
||||
|
||||
LASSO_PROFILE(profile)->msg_body = lasso_node_export_to_xml(LASSO_NODE(
|
||||
profile->soap_envelope_response));
|
||||
lasso_bad_param(IDWSF2_PROFILE, profile);
|
||||
envelope = _get_soap_envelope_request(profile);
|
||||
/* Verify security mechanism */
|
||||
if (security_mech_id == NULL ||
|
||||
lasso_security_mech_id_is_bearer_authentication(security_mech_id)) {
|
||||
LassoSaml2Assertion *assertion;
|
||||
LassoProvider *issuer;
|
||||
|
||||
assertion = lasso_soap_envelope_get_saml2_security_token (envelope);
|
||||
if (assertion == NULL)
|
||||
goto cleanup;
|
||||
if (! lasso_saml2_assertion_validate_conditions(assertion, NULL))
|
||||
goto cleanup;
|
||||
issuer = lasso_saml2_assertion_get_issuer_provider(assertion, profile->parent.server);
|
||||
if (! issuer || issuer->role != LASSO_PROVIDER_ROLE_IDP)
|
||||
goto cleanup;
|
||||
if (lasso_provider_verify_single_node_signature(issuer, (LassoNode*)assertion, "ID") != 0)
|
||||
goto cleanup;
|
||||
} else {
|
||||
g_warning("Only Bearer mechanism is supported!");
|
||||
rc = LASSO_ERROR_UNIMPLEMENTED;
|
||||
goto cleanup;
|
||||
}
|
||||
rc = 0;
|
||||
cleanup:
|
||||
_add_fault_for_rc(profile, rc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_init_soap_fault_response:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
*
|
||||
* Initialize a new SOAP 1.1 fault.
|
||||
*
|
||||
* Return value: 0 if successful, an error code otherwise.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_init_soap_fault_response(LassoIdWsf2Profile *profile)
|
||||
{
|
||||
int rc = 0;
|
||||
LassoSoapEnvelope *envelope;
|
||||
LassoSoapFault *fault;
|
||||
|
||||
lasso_check_good_rc(lasso_idwsf2_profile_init_response(profile));
|
||||
envelope = lasso_idwsf2_profile_get_soap_envelope_response(profile);
|
||||
if (envelope) {
|
||||
fault = lasso_soap_fault_new();
|
||||
lasso_list_add_new_gobject(envelope->Body->any, fault);
|
||||
lasso_assign_gobject(profile->parent.response, fault);
|
||||
}
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_redirect_user_for_interaction:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
* @redirect_url: an URL where the user must be redirected
|
||||
*
|
||||
* Create a SOAP fault asking for user
|
||||
*
|
||||
* Return value: 0 if successful, an error code otherwise.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_redirect_user_for_interaction(
|
||||
LassoIdWsf2Profile *profile, const gchar *redirect_url, gboolean for_data)
|
||||
{
|
||||
LassoSoapFault *fault = NULL;
|
||||
LassoIdWsf2Sb2RedirectRequest *redirect_request = NULL;
|
||||
LassoIdWsf2Sb2UserInteractionHint hint;
|
||||
int rc = 0;
|
||||
|
||||
lasso_bad_param(IDWSF2_PROFILE, profile);
|
||||
lasso_check_non_empty_string(redirect_url);
|
||||
|
||||
hint = lasso_soap_envelope_get_sb2_user_interaction_hint(
|
||||
lasso_idwsf2_profile_get_soap_envelope_request(profile));
|
||||
switch (hint) {
|
||||
case LASSO_IDWSF2_SB2_USER_INTERACTION_HINT_DO_NOT_INTERACT:
|
||||
return LASSO_WSF_PROFILE_ERROR_SERVER_INTERACTION_REQUIRED;
|
||||
case LASSO_IDWSF2_SB2_USER_INTERACTION_HINT_DO_NOT_INTERACT_FOR_DATA:
|
||||
if (for_data) {
|
||||
return LASSO_WSF_PROFILE_ERROR_SERVER_INTERACTION_REQUIRED_FOR_DATA;
|
||||
}
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
lasso_check_good_rc(lasso_idwsf2_profile_init_soap_fault_response(profile));
|
||||
fault = (LassoSoapFault*)profile->parent.response;
|
||||
lasso_assign_string(fault->faultcode, LASSO_SOAP_FAULT_CODE_SERVER);
|
||||
lasso_assign_string(fault->faultstring, "Server error");
|
||||
redirect_request = lasso_idwsf2_sb2_redirect_request_new_full(redirect_url);
|
||||
lasso_soap_fault_add_to_detail(fault, (LassoNode*)redirect_request);
|
||||
|
||||
cleanup:
|
||||
lasso_release_gobject(redirect_request);
|
||||
return rc;
|
||||
}
|
||||
/**
|
||||
* lasso_idwsf2_profile_build_response_msg:
|
||||
* @idwsf2_profile: a #LassoIdWsf2Profile object
|
||||
*
|
||||
* Serialize and sign the SOAP, if needed, the response message, put the result in
|
||||
* <programlisting>LASSO_PROFILE(profile)->msg_body</paramlisting>.
|
||||
*
|
||||
* Return value: 0 if successful, LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED otherwise.
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_build_response_msg(LassoIdWsf2Profile *idwsf2_profile)
|
||||
{
|
||||
LassoSoapEnvelope *envelope;
|
||||
|
||||
lasso_bad_param(IDWSF2_PROFILE, idwsf2_profile);
|
||||
|
||||
envelope = lasso_idwsf2_profile_get_soap_envelope_response(idwsf2_profile);
|
||||
if (envelope == NULL) {
|
||||
return LASSO_PROFILE_ERROR_MISSING_RESPONSE;
|
||||
}
|
||||
idwsf2_profile->parent.msg_body = lasso_node_export_to_xml((LassoNode*)envelope);
|
||||
|
||||
if (! LASSO_PROFILE(idwsf2_profile)->msg_body) {
|
||||
return LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_process_response_msg:
|
||||
* @profile: a #LassoIdWsf2Profile object
|
||||
* @message: a string containing a response message
|
||||
*
|
||||
* Parse a response received by SOAP. Place the parsed message in the #LassoIdWsf2Profile structure
|
||||
* in the @soap_envelope_response field and the content of the body in the @response field.
|
||||
*
|
||||
* Return value: 0 if successful, one of those error codes if the call fails: <itemizedlist>
|
||||
* <listitem><para>LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if first parameter is not
|
||||
* a #LassoIdWsf2Profile object,</para></listitem>
|
||||
* <listitem><para>LASSO_PARAM_ERROR_INVALID_VALUE if message is NULL,</para></listitem>
|
||||
* <listitem><para>LASSO_SOAP_ERROR_MISSING_BODY if no body element is found,</para></listitem>
|
||||
* <listitem><para>LASSO_PROFILE_ERROR_MISSING_RESPONSE if the body element is
|
||||
* empty.</para></listitem>
|
||||
*/
|
||||
gint
|
||||
lasso_idwsf2_profile_process_soap_response_msg(LassoIdWsf2Profile *profile, const gchar *message)
|
||||
lasso_idwsf2_profile_process_response_msg(LassoIdWsf2Profile *profile, const gchar *message)
|
||||
{
|
||||
LassoSoapEnvelope *envelope = NULL;
|
||||
int res = 0;
|
||||
int rc = 0;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_IDWSF2_PROFILE(profile),
|
||||
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
g_return_val_if_fail(message != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||
lasso_bad_param(IDWSF2_PROFILE, profile);
|
||||
lasso_check_non_empty_string(message);
|
||||
|
||||
/* Get soap response */
|
||||
envelope = lasso_soap_envelope_new_from_message(message);
|
||||
_set_soap_envelope_response(profile, envelope);
|
||||
|
||||
lasso_assign_new_gobject(profile->soap_envelope_response, envelope);
|
||||
goto_cleanup_if_fail_with_rc (envelope != NULL,
|
||||
LASSO_PROFILE_ERROR_INVALID_RESPONSE);
|
||||
goto_cleanup_if_fail_with_rc (envelope->Body != NULL,
|
||||
LASSO_SOAP_ERROR_MISSING_BODY);
|
||||
goto_cleanup_if_fail_with_rc (envelope->Body->any != NULL &&
|
||||
LASSO_IS_NODE(envelope->Body->any->data),
|
||||
LASSO_PROFILE_ERROR_MISSING_RESPONSE);
|
||||
|
||||
if (envelope != NULL && envelope->Body != NULL && envelope->Body->any != NULL) {
|
||||
lasso_assign_gobject(LASSO_PROFILE(profile)->response, LASSO_NODE(envelope->Body->any->data));
|
||||
} else {
|
||||
res = LASSO_SOAP_ERROR_MISSING_BODY;
|
||||
lasso_assign_gobject(profile->parent.response,
|
||||
envelope->Body->any->data);
|
||||
|
||||
if (LASSO_IS_SOAP_FAULT(profile->parent.response)) {
|
||||
LassoSoapFault *fault = (LassoSoapFault*)profile->parent.response;
|
||||
if (LASSO_IS_SOAP_DETAIL(fault->Detail)) {
|
||||
LassoIdWsf2Sb2RedirectRequest *redirect_request;
|
||||
redirect_request =
|
||||
lasso_extract_gobject_from_list(
|
||||
LassoIdWsf2Sb2RedirectRequest,
|
||||
LASSO_TYPE_IDWSF2_SB2_REDIRECT_REQUEST,
|
||||
fault->Detail->any);
|
||||
if (redirect_request) {
|
||||
lasso_assign_string(profile->parent.msg_url, redirect_request->redirectURL);
|
||||
return LASSO_WSF_PROFILE_ERROR_REDIRECT_REQUEST;
|
||||
}
|
||||
return LASSO_WSF_PROFILE_ERROR_SOAP_FAULT;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (LASSO_PROFILE(profile)->response == NULL) {
|
||||
res = LASSO_PROFILE_ERROR_MISSING_RESPONSE;
|
||||
}
|
||||
|
||||
return res;
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -196,12 +560,13 @@ lasso_idwsf2_profile_process_soap_response_msg(LassoIdWsf2Profile *profile, cons
|
|||
*
|
||||
* Return the last parsed SOAP request object.
|
||||
*
|
||||
* Return value: a #LassoSoapEnvelope object or NULL if no request as ever been parsed with this
|
||||
* object. You must free this object.
|
||||
* Return value:(transfer none): a #LassoSoapEnvelope object or NULL if no request as ever been
|
||||
* parsed with this object. You must free this object.
|
||||
*/
|
||||
LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_request(LassoIdWsf2Profile *idwsf2_profile)
|
||||
LassoSoapEnvelope*
|
||||
lasso_idwsf2_profile_get_soap_envelope_request(LassoIdWsf2Profile *idwsf2_profile)
|
||||
{
|
||||
return g_object_ref(idwsf2_profile->soap_envelope_request);
|
||||
return _get_soap_envelope_request(idwsf2_profile);
|
||||
|
||||
}
|
||||
|
||||
|
|
@ -211,59 +576,133 @@ LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_request(LassoIdWsf2Pro
|
|||
*
|
||||
* Return the last parsed SOAP response object.
|
||||
*
|
||||
* Return value: a #LassoSoapEnvelope object or NULL if no response as ever been parsed with this
|
||||
* object. You must free this object.
|
||||
* Return value:(transfer none): a #LassoSoapEnvelope object or NULL if no response as ever been
|
||||
* parsed with this objects. You must free this object.
|
||||
*/
|
||||
LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_response(LassoIdWsf2Profile *idwsf2_profile)
|
||||
LassoSoapEnvelope*
|
||||
lasso_idwsf2_profile_get_soap_envelope_response(LassoIdWsf2Profile *idwsf2_profile)
|
||||
{
|
||||
return g_object_ref(idwsf2_profile->soap_envelope_response);
|
||||
return _get_soap_envelope_response(idwsf2_profile);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_set_response:
|
||||
* lasso_idwsf2_profile_get_name_identifier:
|
||||
* @idwsf2_profile: a #LassoIdWsf2Profile object
|
||||
* @response: (transfer full) (allow-none): a #LassoNode to set as the new content of the SOAP
|
||||
* response
|
||||
*
|
||||
* Replace the current content of the response with node.
|
||||
* Return the NameIdentifier found in a WS-Security authentication token, when Bearer or SAML
|
||||
* security mechanism is used.
|
||||
*
|
||||
* Return value: (allow-none): a #LassoNode object or NULL.
|
||||
*/
|
||||
void
|
||||
lasso_idwsf2_profile_set_response(LassoIdWsf2Profile *idwsf2_profile, LassoNode *response)
|
||||
LassoNode *
|
||||
lasso_idwsf2_profile_get_name_identifier(LassoIdWsf2Profile *idwsf2_profile)
|
||||
{
|
||||
if (! LASSO_IDWSF2_PROFILE(idwsf2_profile) || !idwsf2_profile->soap_envelope_response ||
|
||||
! idwsf2_profile->soap_envelope_response->Body)
|
||||
return;
|
||||
lasso_assign_new_gobject(((LassoProfile*)idwsf2_profile)->response, response);
|
||||
lasso_release_list_of_gobjects(idwsf2_profile->soap_envelope_response->Body->any);
|
||||
lasso_list_add_gobject(idwsf2_profile->soap_envelope_response->Body->any, response);
|
||||
return;
|
||||
LassoSaml2Assertion *assertion = NULL;
|
||||
LassoSaml2NameID *nameID = NULL;
|
||||
LassoIdWsf2Sb2TargetIdentity *target_identity = NULL;
|
||||
LassoSaml2EncryptedElement *encryptedID = NULL;
|
||||
|
||||
|
||||
if (! LASSO_IS_IDWSF2_PROFILE(idwsf2_profile))
|
||||
return NULL;
|
||||
|
||||
/** Already extracted, return it */
|
||||
if (idwsf2_profile->parent.nameIdentifier != NULL)
|
||||
goto cleanup;
|
||||
|
||||
/* Try to get a SAML2 assertion */
|
||||
assertion = lasso_soap_envelope_get_saml2_security_token
|
||||
(lasso_idwsf2_profile_get_soap_envelope_request(idwsf2_profile));
|
||||
if (assertion && assertion->Subject) {
|
||||
|
||||
/* We need a server object to check for audience and decrypt encrypted NameIDs */
|
||||
if (! LASSO_IS_SERVER(idwsf2_profile->parent.server)) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
/* Check validity of the assertion */
|
||||
/* FIXME: get tolerance from profile */
|
||||
if (lasso_saml2_assertion_validate_conditions(assertion,
|
||||
idwsf2_profile->parent.server->parent.ProviderID) !=
|
||||
LASSO_SAML2_ASSERTION_VALID) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
lasso_assign_gobject (nameID, assertion->Subject->NameID);
|
||||
lasso_assign_gobject (encryptedID, assertion->Subject->EncryptedID);
|
||||
}
|
||||
if (!nameID && !encryptedID) {
|
||||
GList *it;
|
||||
/* Go look at the target identity */
|
||||
target_identity = lasso_soap_envelope_sb2_get_target_identity_header (
|
||||
lasso_idwsf2_profile_get_soap_envelope_request (idwsf2_profile));
|
||||
if (target_identity) {
|
||||
lasso_foreach (it, target_identity->any)
|
||||
{
|
||||
if (LASSO_IS_SAML2_NAME_ID(it->data)) {
|
||||
lasso_assign_gobject (nameID, it->data);
|
||||
break;
|
||||
}
|
||||
if (LASSO_IS_SAML2_ENCRYPTED_ELEMENT(it->data)) {
|
||||
lasso_assign_gobject (encryptedID, it->data);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (lasso_saml20_profile_process_name_identifier_decryption(&idwsf2_profile->parent, &nameID,
|
||||
&encryptedID) != 0) {
|
||||
g_warning("process_name_identifier_decryption failed "\
|
||||
"when retrieving name identifier for ID-WSF profile");
|
||||
}
|
||||
if (nameID) {
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
lasso_release_gobject (assertion);
|
||||
lasso_release_gobject (encryptedID);
|
||||
lasso_assign_gobject (idwsf2_profile->parent.nameIdentifier, nameID);
|
||||
return (LassoNode*)nameID;
|
||||
}
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_set_request:
|
||||
* lasso_idwsf2_profile_get_epr:
|
||||
* @idwsf2_profile: a #LassoIdWsf2Profile object
|
||||
* @request: (transfer full) (allow-none): a #LassoNode to set as the new content of the SOAP
|
||||
* request.
|
||||
* @epr: a #LassoWsAddrEndpointReference object
|
||||
*
|
||||
* Replace the current content of the request with node.
|
||||
* Set the EPR for the service targeted by the profile object.
|
||||
*
|
||||
*/
|
||||
void
|
||||
lasso_idwsf2_profile_set_request(LassoIdWsf2Profile *idwsf2_profile, LassoNode *request)
|
||||
lasso_idwsf2_profile_set_epr(LassoIdWsf2Profile *idwsf2_profile,
|
||||
LassoWsAddrEndpointReference *epr)
|
||||
{
|
||||
if (! LASSO_IDWSF2_PROFILE(idwsf2_profile) || !idwsf2_profile->soap_envelope_request ||
|
||||
! idwsf2_profile->soap_envelope_request->Body)
|
||||
if (! LASSO_IS_IDWSF2_PROFILE(idwsf2_profile) || ! LASSO_IS_WSA_ENDPOINT_REFERENCE(epr) ||
|
||||
! idwsf2_profile->private_data)
|
||||
return;
|
||||
lasso_assign_new_gobject(((LassoProfile*)idwsf2_profile)->request, request);
|
||||
lasso_release_list_of_gobjects(idwsf2_profile->soap_envelope_request->Body->any);
|
||||
lasso_list_add_gobject(idwsf2_profile->soap_envelope_request->Body->any, request);
|
||||
return;
|
||||
_set_epr(idwsf2_profile, epr);
|
||||
}
|
||||
/*****************************************************************************/
|
||||
/* overridden parent class methods */
|
||||
/*****************************************************************************/
|
||||
|
||||
/**
|
||||
* lasso_idwsf2_profile_get_epr:
|
||||
* @idwsf2_profile: a #LassoIdWsf2Profile object
|
||||
*
|
||||
* Return the EPR used by this profile.
|
||||
*
|
||||
* Return value:(transfer none): a #LassoWsAddrEndpointReference object, or NULL if none is set.
|
||||
*/
|
||||
LassoWsAddrEndpointReference*
|
||||
lasso_idwsf2_profile_get_epr(LassoIdWsf2Profile *idwsf2_profile)
|
||||
{
|
||||
if (! LASSO_IS_IDWSF2_PROFILE(idwsf2_profile) || ! idwsf2_profile->private_data)
|
||||
return NULL;
|
||||
return _get_epr(idwsf2_profile);
|
||||
}
|
||||
|
||||
|
||||
static LassoNodeClass *parent_class = NULL;
|
||||
|
||||
|
|
@ -272,21 +711,16 @@ dispose(GObject *object)
|
|||
{
|
||||
LassoIdWsf2Profile *profile = LASSO_IDWSF2_PROFILE(object);
|
||||
|
||||
lasso_release_gobject(profile->soap_envelope_request);
|
||||
lasso_release_gobject(profile->soap_envelope_response);
|
||||
lasso_release_gobject(profile->private_data->soap_envelope_request);
|
||||
lasso_release_gobject(profile->private_data->soap_envelope_response);
|
||||
|
||||
G_OBJECT_CLASS(parent_class)->dispose(object);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
/* instance and class init functions */
|
||||
/*****************************************************************************/
|
||||
|
||||
static void
|
||||
instance_init(LassoIdWsf2Profile *profile)
|
||||
instance_init(LassoIdWsf2Profile *discovery)
|
||||
{
|
||||
profile->soap_envelope_request = NULL;
|
||||
profile->soap_envelope_response = NULL;
|
||||
discovery->private_data = g_new0(LassoIdWsf2ProfilePrivate, 1);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ extern "C" {
|
|||
|
||||
#include "../id-ff/profile.h"
|
||||
#include "../xml/soap_envelope.h"
|
||||
#include "../xml/ws/wsa_endpoint_reference.h"
|
||||
|
||||
#define LASSO_TYPE_IDWSF2_PROFILE (lasso_idwsf2_profile_get_type())
|
||||
#define LASSO_IDWSF2_PROFILE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), \
|
||||
|
|
@ -53,9 +54,6 @@ struct _LassoIdWsf2Profile {
|
|||
LassoProfile parent;
|
||||
|
||||
/*< private >*/
|
||||
LassoSoapEnvelope *soap_envelope_request;
|
||||
LassoSoapEnvelope *soap_envelope_response;
|
||||
|
||||
LassoIdWsf2ProfilePrivate *private_data;
|
||||
};
|
||||
|
||||
|
|
@ -65,30 +63,43 @@ struct _LassoIdWsf2ProfileClass {
|
|||
|
||||
LASSO_EXPORT GType lasso_idwsf2_profile_get_type(void);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_init_soap_request(LassoIdWsf2Profile *profile,
|
||||
LassoNode *request, gchar *service_type);
|
||||
/* Initialize profile */
|
||||
LASSO_EXPORT void lasso_idwsf2_profile_set_epr(LassoIdWsf2Profile *idwsf2_profile,
|
||||
LassoWsAddrEndpointReference *epr);
|
||||
LASSO_EXPORT LassoWsAddrEndpointReference* lasso_idwsf2_profile_get_epr(
|
||||
LassoIdWsf2Profile *idwsf2_profile);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_build_request_msg(LassoIdWsf2Profile *profile);
|
||||
/* Initialize requests */
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_init_request(LassoIdWsf2Profile *profile);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_process_soap_request_msg(LassoIdWsf2Profile *profile,
|
||||
const gchar *message);
|
||||
/* Build request message */
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_build_request_msg(LassoIdWsf2Profile *profile,
|
||||
const char *security_mech_id);
|
||||
|
||||
/* Handle request */
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_process_request_msg(LassoIdWsf2Profile *profile,
|
||||
const char *msg);
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_check_security_mechanism(LassoIdWsf2Profile *profile,
|
||||
const char *security_mech_id);
|
||||
LASSO_EXPORT LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_request(
|
||||
LassoIdWsf2Profile *idwsf2_profile);
|
||||
LASSO_EXPORT LassoNode *lasso_idwsf2_profile_get_name_identifier(
|
||||
LassoIdWsf2Profile *idwsf2_profile);
|
||||
|
||||
/* Initialize response */
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_init_response(LassoIdWsf2Profile *profile);
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_init_soap_fault_response(LassoIdWsf2Profile *profile);
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_redirect_user_for_interaction(LassoIdWsf2Profile *profile,
|
||||
const gchar *redirect_url, gboolean for_data);
|
||||
|
||||
/* Build response message */
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_build_response_msg(LassoIdWsf2Profile *profile);
|
||||
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_process_soap_response_msg(LassoIdWsf2Profile *profile,
|
||||
const gchar *message);
|
||||
|
||||
LASSO_EXPORT LassoSoapEnvelope* lasso_idwsf2_profile_build_soap_envelope(
|
||||
const char *refToMessageId,
|
||||
const char *providerId);
|
||||
|
||||
LASSO_EXPORT LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_request(LassoIdWsf2Profile *idwsf2_profile);
|
||||
|
||||
LASSO_EXPORT LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_response(LassoIdWsf2Profile *idwsf2_profile);
|
||||
|
||||
LASSO_EXPORT void lasso_idwsf2_profile_set_response(LassoIdWsf2Profile *idwsf2_profile, LassoNode *response);
|
||||
|
||||
LASSO_EXPORT void lasso_idwsf2_profile_set_request(LassoIdWsf2Profile *idwsf2_profile, LassoNode *request);
|
||||
/* Handle response */
|
||||
LASSO_EXPORT gint lasso_idwsf2_profile_process_response_msg(LassoIdWsf2Profile *profile,
|
||||
const char *msg);
|
||||
LASSO_EXPORT LassoSoapEnvelope* lasso_idwsf2_profile_get_soap_envelope_response(
|
||||
LassoIdWsf2Profile *idwsf2_profile);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue