entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
lasso/lasso/id-ff/lecp.c

488 lines
14 KiB
C
Raw Blame History

/* $Id$
*
* Lasso - A free implementation of the Liberty Alliance specifications.
*
* Copyright (C) 2004-2007 Entr'ouvert
* http://lasso.entrouvert.org
*
* Authors: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
/**
* SECTION:lecp
* @short_description: Liberty Enabled Client and Proxy Profile (ID-FF)
*
**/
#include "../xml/private.h"
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
#include "lecp.h"
#include "profileprivate.h"
#include "../utils.h"
#include "../utils.h"
/*****************************************************************************/
/* public methods */
/*****************************************************************************/
/**
* lasso_lecp_build_authn_request_envelope_msg:
* @lecp: a #LassoLecp
*
* Builds an enveloped authentication request message. Sets @msg_body to that
* message.
*
* Return value: 0 on success; or a negative value otherwise.
**/
gint
lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp)
{
LassoProfile *profile;
gchar *assertionConsumerServiceURL;
xmlNode *msg;
xmlOutputBuffer *buf;
xmlCharEncodingHandler *handler;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
profile = LASSO_PROFILE(lecp);
assertionConsumerServiceURL = lasso_provider_get_assertion_consumer_service_url(
LASSO_PROVIDER(profile->server), NULL);
if (assertionConsumerServiceURL == NULL) {
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
}
if (profile->request == NULL) {
return LASSO_PROFILE_ERROR_MISSING_REQUEST;
}
lasso_assign_new_gobject(lecp->authnRequestEnvelope, lasso_lib_authn_request_envelope_new_full(
LASSO_LIB_AUTHN_REQUEST(profile->request),
LASSO_PROVIDER(profile->server)->ProviderID,
assertionConsumerServiceURL));
if (lecp->authnRequestEnvelope == NULL) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
}
LASSO_SAMLP_REQUEST_ABSTRACT(lecp->authnRequestEnvelope->AuthnRequest)->private_key_file =
LASSO_PROFILE(lecp)->server->private_key;
LASSO_SAMLP_REQUEST_ABSTRACT(lecp->authnRequestEnvelope->AuthnRequest)->certificate_file =
LASSO_PROFILE(lecp)->server->certificate;
msg = lasso_node_get_xmlNode(LASSO_NODE(lecp->authnRequestEnvelope), FALSE);
/* msg is not SOAP but straight XML */
handler = xmlFindCharEncodingHandler("utf-8");
buf = xmlAllocOutputBuffer(handler);
xmlNodeDumpOutput(buf, NULL, msg, 0, 0, "utf-8");
xmlOutputBufferFlush(buf);
lasso_assign_string(profile->msg_body,
(char*)(buf->conv ? buf->conv->content : buf->buffer->content));
xmlOutputBufferClose(buf);
xmlFreeNode(msg);
if (profile->msg_body == NULL) {
return LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED;
}
return 0;
}
/**
* lasso_lecp_build_authn_request_msg:
* @lecp: a #LassoLecp
*
* Builds an authentication request. The data for the sending of the request are
* stored in @msg_url and @msg_body (SOAP POST).
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_lecp_build_authn_request_msg(LassoLecp *lecp)
{
LassoProfile *profile;
LassoProvider *remote_provider;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
profile = LASSO_PROFILE(lecp);
if (profile->remote_providerID == NULL) {
/* this means lasso_logout_init_request was not called before */
return critical_error(LASSO_PROFILE_ERROR_MISSING_REMOTE_PROVIDERID);
}
remote_provider = g_hash_table_lookup(profile->server->providers,
profile->remote_providerID);
lasso_assign_new_string(profile->msg_url, lasso_provider_get_metadata_one(
remote_provider, "SingleSignOnServiceURL"));
/* msg_body has usally been set in
* lasso_lecp_process_authn_request_envelope_msg() */
if (profile->msg_body == NULL)
return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
return 0;
}
/**
* lasso_lecp_build_authn_response_msg:
* @lecp: a #LassoLecp
*
* Builds the lecp authentication response message (base64). Sets @msg_body to
* that message.
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_lecp_build_authn_response_msg(LassoLecp *lecp)
{
LassoProfile *profile;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
profile = LASSO_PROFILE(lecp);
lasso_profile_clean_msg_info(profile);
lasso_assign_string(profile->msg_url, lecp->assertionConsumerServiceURL);
if (profile->msg_url == NULL) {
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
}
lasso_assign_new_string(profile->msg_body, lasso_node_export_to_base64(LASSO_NODE(profile->response)));
if (profile->msg_body == NULL) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
}
return 0;
}
/**
* lasso_lecp_build_authn_response_envelope_msg:
* @lecp: a #LassoLecp
*
* Builds the enveloped LECP authentication response message (SOAP message).
* Sets @msg_body to that message.
*
* Return value: 0 on success; or a negative value otherwise.
**/
gint
lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp)
{
LassoProfile *profile;
LassoProvider *provider;
gchar *assertionConsumerServiceURL;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
profile = LASSO_PROFILE(lecp);
if (LASSO_IS_LIB_AUTHN_RESPONSE(profile->response) == FALSE) {
return LASSO_PROFILE_ERROR_MISSING_RESPONSE;
}
provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID);
if (provider == NULL) {
return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
}
/* build lib:AuthnResponse */
lasso_login_build_authn_response_msg(LASSO_LOGIN(lecp));
assertionConsumerServiceURL = lasso_provider_get_assertion_consumer_service_url(
provider, NULL);
if (assertionConsumerServiceURL == NULL) {
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
}
lasso_release (LASSO_PROFILE(lecp)->msg_body);
lasso_release (LASSO_PROFILE(lecp)->msg_url);
lasso_assign_new_gobject(lecp->authnResponseEnvelope, lasso_lib_authn_response_envelope_new(
LASSO_LIB_AUTHN_RESPONSE(profile->response),
assertionConsumerServiceURL));
LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse
)->private_key_file = profile->server->private_key;
LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse
)->certificate_file = profile->server->certificate;
profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(lecp->authnResponseEnvelope));
if (profile->msg_body == NULL) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED);
}
return 0;
}
/**
* lasso_lecp_init_authn_request:
* @lecp: a #LassoLecp
* @remote_providerID: the providerID of the identity provider. When NULL, the
* first known identity provider is used.
*
* Initializes a new lib:AuthnRequest.
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_lecp_init_authn_request(LassoLecp *lecp, const char *remote_providerID)
{
gint res;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
/* FIXME : BAD usage of http_method
using POST method so that the lib:AuthnRequest is initialize with
a signature template */
res = lasso_login_init_authn_request(LASSO_LOGIN(lecp), remote_providerID,
LASSO_HTTP_METHOD_POST);
return res;
}
/**
* lasso_lecp_process_authn_request_msg:
* @lecp: a #LassoLecp
* @authn_request_msg: the authentication request received
*
* Processes received authentication request, checks it is signed correctly,
* checks if requested protocol profile is supported, etc.
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_lecp_process_authn_request_msg(LassoLecp *lecp, const char *authn_request_msg)
{
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(authn_request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
return lasso_login_process_authn_request_msg(LASSO_LOGIN(lecp), authn_request_msg);
}
/**
* lasso_lecp_process_authn_request_envelope_msg:
* @lecp: a #LassoLecp
* @request_msg: the enveloped authentication request received
*
* Processes received enveloped authentication request, extracts the
* authentication request out of it.
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_lecp_process_authn_request_envelope_msg(LassoLecp *lecp, const char *request_msg)
{
xmlDoc *doc;
xmlXPathContext *xpathCtx;
xmlXPathObject *xpathObj;
xmlNode *soap_envelope, *soap_body, *authn_request;
xmlOutputBuffer *buf;
xmlCharEncodingHandler *handler;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
doc = xmlParseMemory(request_msg, strlen(request_msg));
xpathCtx = xmlXPathNewContext(doc);
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"lib", (xmlChar*)LASSO_LIB_HREF);
/* TODO: will need to use another href for id-ff 1.1 support */
xpathObj = xmlXPathEvalExpression((xmlChar*)"//lib:AuthnRequest", xpathCtx);
if (xpathObj == NULL) {
xmlXPathFreeContext(xpathCtx);
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) {
xmlXPathFreeContext(xpathCtx);
xmlXPathFreeObject(xpathObj);
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
authn_request = xmlCopyNode(xpathObj->nodesetval->nodeTab[0], 1);
xmlXPathFreeContext(xpathCtx);
xmlXPathFreeObject(xpathObj);
lasso_release_doc(doc);
xpathCtx = NULL;
xpathObj = NULL;
doc = NULL;
soap_envelope = xmlNewNode(NULL, (xmlChar*)"Envelope");
xmlSetNs(soap_envelope, xmlNewNs(soap_envelope,
(xmlChar*)LASSO_SOAP_ENV_HREF, (xmlChar*)LASSO_SOAP_ENV_PREFIX));
soap_body = xmlNewTextChild(soap_envelope, NULL, (xmlChar*)"Body", NULL);
xmlAddChild(soap_body, authn_request);
handler = xmlFindCharEncodingHandler("utf-8");
buf = xmlAllocOutputBuffer(handler);
xmlNodeDumpOutput(buf, NULL, soap_envelope, 0, 0, "utf-8");
xmlOutputBufferFlush(buf);
LASSO_PROFILE(lecp)->msg_body = g_strdup( (char*)(
buf->conv ? buf->conv->content : buf->buffer->content));
xmlOutputBufferClose(buf);
xmlFreeNode(soap_envelope);
return 0;
}
/**
* lasso_lecp_process_authn_response_envelope_msg:
* @lecp: a #LassoLecp
* @response_msg: the enveloped authentication response received
*
* Processes received enveloped authentication response, extracts the
* authentication response out of it and stores it in @response.
*
* Return value: 0 on success; or a negative value otherwise.
**/
int
lasso_lecp_process_authn_response_envelope_msg(LassoLecp *lecp, const char *response_msg)
{
LassoProfile *profile;
LassoMessageFormat format;
g_return_val_if_fail(LASSO_IS_LECP(lecp), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
profile = LASSO_PROFILE(lecp);
lecp->authnResponseEnvelope = lasso_lib_authn_response_envelope_new(NULL, NULL);
format = lasso_node_init_from_message(LASSO_NODE(lecp->authnResponseEnvelope),
response_msg);
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) {
return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG);
}
profile->response = g_object_ref(lecp->authnResponseEnvelope->AuthnResponse);
if (profile->response == NULL) {
return LASSO_PROFILE_ERROR_MISSING_RESPONSE;
}
lecp->assertionConsumerServiceURL = g_strdup(
lecp->authnResponseEnvelope->AssertionConsumerServiceURL);
if (lecp->assertionConsumerServiceURL == NULL){
return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL);
}
return 0;
}
/**
* lasso_lecp_destroy:
* @lecp: a #LassoLecp
*
* Destroys a #LassoLecp object
*
**/
void
lasso_lecp_destroy(LassoLecp *lecp)
{
lasso_node_destroy(LASSO_NODE(lecp));
}
/*****************************************************************************/
/* private methods */
/*****************************************************************************/
static LassoNodeClass *parent_class = NULL;
/*****************************************************************************/
/* overridden parent class methods */
/*****************************************************************************/
static void
finalize(GObject *object)
{
G_OBJECT_CLASS(parent_class)->finalize(object);
}
/*****************************************************************************/
/* instance and class init functions */
/*****************************************************************************/
static void
instance_init(LassoLecp *lecp)
{
lecp->authnRequestEnvelope = NULL;
lecp->authnResponseEnvelope = NULL;
lecp->assertionConsumerServiceURL = NULL;
}
static void
class_init(LassoLecpClass *klass)
{
parent_class = g_type_class_peek_parent(klass);
G_OBJECT_CLASS(klass)->finalize = finalize;
}
GType
lasso_lecp_get_type()
{
static GType this_type = 0;
if (!this_type) {
static const GTypeInfo this_info = {
sizeof (LassoLecpClass),
NULL,
NULL,
(GClassInitFunc) class_init,
NULL,
NULL,
sizeof(LassoLecp),
0,
(GInstanceInitFunc) instance_init,
NULL
};
this_type = g_type_register_static(LASSO_TYPE_LOGIN,
"LassoLecp", &this_info, 0);
}
return this_type;
}
/**
* lasso_lecp_new
* @server: the #LassoServer
*
* Creates a new #LassoLecp.
*
* Return value: a newly created #LassoLecp object; or NULL if an error
* occured
**/
LassoLecp*
lasso_lecp_new(LassoServer *server)
{
LassoLecp *lecp;
lecp = g_object_new(LASSO_TYPE_LECP, NULL);
LASSO_PROFILE(lecp)->server = g_object_ref(server);
return lecp;
}
View Git Blame Copy Permalink