* lasso/id-ff/logout.c:
- (lasso_logout_build_response_msg, lasso_logout_init_request,
lasso_logout_process_request_msg, lasso_logout_process_response_msg,
lasso_logout_validate_request) use lasso_assign_new_object,
lasso_assign_string, lasso_release and lasso_assign_new_string when
possible.
- (lasso_logout_process_response_msg) move the tranfer of the relaystate
from XML object to profile object.
* lasso/id-ff/defederation.c:
- (lasso_defederation_build_notification_msg,
lasso_defederation_init_notification,
lasso_defederation_process_notification_msg,
lasso_defederation_validate_notification): idem
* lasso/id-ff/lecp.c:
- (lasso_lecp_build_authn_request_envelope_msg,
lasso_lecp_build_authn_request_msg,lasso_lecp_build_authn_response_msg,
lasso_lecp_build_authn_response_envelope_msg) idem
* lasso/id-ff/login.c: (lasso_login_init_authn_request) again a passing by
correction, use lasso_assign_string for copying information from
the request to the profile object.
* lasso/id-ff/login.c:
- (lasso_login_init_request) catch RelayState in the query_fields and
copy it to msg_relayState
- (lasso_login_process_authn_request_msg) copy RelayState from the
request object to the profile object.
* lasso/xml/saml_assertion.c:
* lasso/xml/samlp_response_abstract.c:
* lasso/xml/samlp_request_abstract.c:
* lasso/xml/saml-2.0/samlp2_request_abstract.c:
* lasso/xml/saml-2.0/saml2_assertion.c:
* lasso/xml/saml-2.0/samlp2_status_response.c:
if a failure occur in the signing process, free the xmlnode, return
NULL and print a warning.
* lasso/xml/saml-2.0/samlp2_authn_request.c,
lasso/xml/saml-2.0/samlp2_logout_request.c,
- (instance_init) remove initialization of relayState field
* lasso/xml/saml-2.0/samlp2_logout_response.c:
- (instance_init) remove empty function, since it
only initialized relayState.
- (lasso_samlp2_logout_reponse_get_type) remove instance_init
from the type initialization structure.
* lasso/xml/saml-2.0/samlp2_authn_request.h,
lasso/xml/saml-2.0/samlp2_logout_request.h,
lasso/xml/saml-2.0/samlp2_logout_response.h:
- (struct _LassoSamlp2*) mark relaystate field as deprecated.
* lasso/xml/xml.c: (lasso_node_init_from_saml2_query_fields) Since parsing
of the relayState is now done inside each "_process_*msg" method of
each SAML2 profile, it is not needed anymore in this function.
* lasso/xml/lib_authn_request.c, lasso/xml/lib_logout_request.c,
lasso/xml/lib_register_name_identifier_request.c,
lasso/xml/lib_status_resposne.c:
- build_query: remove build_query overloaded virtual method, use
LassoNode new generic implementation.
- init_from_query:
- change direct call to lasso_node_init_from_query_fields to use of
base implementation from LassoNode.
- make use of utils.h memory handling macros like
lasso_release_gobject and lasso_assign_string.
* lasso/xml/lib_federation_termination_notification.c:
- init_from_query: remove parsing of RelayState parameter
* lasso/saml-2.0/login.c: In
lasso_saml20_login_process_authn_request_msg change handling of
relayState do not rely upon parsing by the node object, but extract
directly from the query string. Use new function
lasso_get_relaystate_from_query.
* lasso/saml-2.0/logout.c: In lasso_saml20_logout_process_request_msg
change handling of relayState do not rely upon parsing by the node
object, but extract directly from the query string.
* lasso/saml-2.0/profile.c: In
lasso_saml20_profile_init_artifact_resolve, add handling of the
relayState transmitted to the assertion consumer URL.
* lasso/saml-2.0/name_id_management.c: In
lasso_name_id_management_process_request_msg change handling of
relayState do not rely upon parsing by the node
object, but extract directly from the query string.
* lasso/saml-2.0/login.c, lasso/saml-2.0/logout.c,
lasso/saml-2.0/name_id_management.c: simplify code path associated
with generation of the url for the HTTP-Redirect binding using the
rencently introduced function
lasso_saml20_profile_build_http_redirect.
* lasso/xml/saml-2.0/samlp2_request_abstract.c: add a build query
overloaded function to LassoSamlp2RequestAbstract class, the base
class of all saml 2.0 request nodes.
* lasso/saml-2.0/profile.c, lasso/saml-2.0/profileprivate.h:
- remove_all_signature traverse a tree of LassoNode objects to unset
all signature_type field in on nodes supporting signature
generation.
- lasso_saml20_profile_export_to_query does the job of generateing
the url containing the message content and the relaystate, then
sign it using lasso_query_sign.
- lasso_saml20_profile_build_http_redirect use those two functions
and the metadatas to build the signed redirect url.
* lasso/utils.h:
- (lasso_assign_new_string,lasso_assign_gobject) if source parameter
is a function call it could be called two times and have unexpected
side effects. Copy the returned value to a temp variable and use it
instead.
* lasso/utils.h: When setting strings using lasso_assing_string or
lasso_assign_new_string, verify that new string is different than the
target value string before deallocating the target.
* lasso/xml/xml.c:
In lasso_node_init_from_message_with_format remove direct use of
xmlSecSoap* functions because they emit too much warning by lasso
reimplementations.
* lasso/saml-2.0/name_id_management.c:
use new generic methods in lasso_name_id_management_init_request,
lasso_name_id_management_build_request_msg,
lasso_name_id_management_process_request_msg,
lasso_name_id_management_validate_request,
lasso_name_id_management_build_response_msg,
lasso_name_id_management_process_response_msg.
Remove useless boilerplate code.
* lasso/id-ff/server.c:
* lasso/id-ff/serverprivate.h:
last user of lasso_server_nameid_decrypt removed, so remove the code.
* lasso/saml-2.0/login.c:
use new generic profile methods for saml 2.0 in
lasso_saml20_login_process_paos_response_msg,
lasso_saml20_login_process_authn_response_msg,
lasso_saml20_login_process_response_status_and_assertion.
* lasso/xml/saml-2.0/saml2_encrypted_element.c:
using new function lasso_node_decrypt_xmlnode implement the new
method, int lasso_saml2_encrypted_element_decrypt(
LassoSaml2EncryptedElement* encrypted_element,
xmlSecKey *encryption_private_key, LassoNode **decrypted_node).
This function is currently not exported by bindings because of the
last ouput argument which is not supported by the binding generator.
* lasso/xml/private.h:
* lasso/xml/tools.c:
replace implementation of lasso_node_decrypt by a new one called
lasso_node_decrypt_xmlnode, and use it where old one was used.
* lasso/saml-2.0/assertion_query.c:
use new code in SAML 2.0 profile.c to parse requests and decrypt
nameid, chains calls so that error are kept but all actions are
accomplished anyway (if first call fails, keep the error but continue
the processing, then at end return the first returned error).
* lasso/saml-2.0/profile.c:
* lasso/saml-2.0/profileprivate.h:
the current effort is to simplify implementation code in saml-2.0 and
much of the other frameworks. Those new methods:
lasso_saml20_init_request
lasso_saml20_profile_process_name_identifier_decryption
lasso_saml20_profile_process_soap_request
lasso_saml20_profile_process_soap_response
lasso_saml20_profile_process_any_request
lasso_saml20_profile_process_any_response
lasso_saml20_profile_setup_request_signing
lasso_saml20_profile_build_request_msg
lasso_saml20_profile_build_response
lasso_saml20_profile_init_response
should help reduce code in login.c, logout.c, name_id_management.c
and assertion_query.c. They should also permit to make all profiles
at the same level of binding support
(GET,REDIRECT,POST,ARTIFACT_GET,ARTIFACT_POST).
Those function centralize error code handling, initialization of
commong class (LassoSamlp2StatusResponse and
LassoSamlp2RequestAbstract) and also the handling of NameID
decryption.
* lasso/utils.h:
this new macro try to extract a field from a structre (or any
left-hand-side value), try to typecheck it using 'LASSO_IS_XXX',
if succesfull, the value is assigned to the variable given as first
argument or we jump to the 'cleanup' goto label, setting the 4th
argument as the current error code (value of variable 'rc').
* lasso/id-wsf-2.0/data_service.c:
* lasso/id-wsf-2.0/discovery.c:
* lasso/id-wsf-2.0/profile.c:
* lasso/id-wsf/data_service.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
when --enable-debugging is activated much more type checking is done
by internal macros, and code do not pass compile anymore.
* bindings/python/tests/idwsf2_tests.py: nameIdentifier packing in SOAP
ID-WSF calls headers is no longer supported, do not test it.
Benjamin Dauvergne