diff options
author | Frederic Peters <fpeters@entrouvert.com> | 2004-12-28 12:44:22 +0000 |
---|---|---|
committer | Frederic Peters <fpeters@entrouvert.com> | 2004-12-28 12:44:22 +0000 |
commit | 07fcdf0c4e3c89941e45f353e92c715875de08c1 (patch) | |
tree | a610faff5fdc3c02304e928177cfe9edb4368921 | |
parent | 86fdb04dc0d0803855a2ecd207eeebb9279bfc75 (diff) | |
download | lasso-07fcdf0c4e3c89941e45f353e92c715875de08c1.tar.gz lasso-07fcdf0c4e3c89941e45f353e92c715875de08c1.tar.xz lasso-07fcdf0c4e3c89941e45f353e92c715875de08c1.zip |
generate xmlsec signatures in get_xmlNode; this should allow envelopes (in
LECP) to work properly.
32 files changed, 198 insertions, 190 deletions
diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c index a4a01510..01aa0f96 100644 --- a/lasso/id-ff/defederation.c +++ b/lasso/id-ff/defederation.c @@ -77,9 +77,9 @@ lasso_defederation_build_notification_msg(LassoDefederation *defederation) /* build the logout request message */ profile->msg_url = lasso_provider_get_metadata_one( remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request, - profile->server->private_key, profile->server->certificate); - + profile->request->private_key_file = profile->server->private_key; + profile->request->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->request)); return 0; } @@ -91,7 +91,7 @@ lasso_defederation_build_notification_msg(LassoDefederation *defederation) if (url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - query = lasso_node_export_to_query(profile->request, + query = lasso_node_export_to_query(LASSO_NODE(profile->request), profile->server->signature_method, profile->server->private_key); @@ -271,7 +271,7 @@ lasso_defederation_process_notification_msg(LassoDefederation *defederation, cha profile = LASSO_PROFILE(defederation); profile->request = lasso_lib_federation_termination_notification_new(); - format = lasso_node_init_from_message(profile->request, request_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index 998b4c84..75aad176 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -40,7 +40,6 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) xmlNode *message, *authn_request_node; xmlOutputBufferPtr buf; xmlCharEncodingHandlerPtr handler = NULL; - int rc; g_return_val_if_fail(LASSO_IS_LECP(lecp), -1); @@ -65,6 +64,10 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } + LASSO_SAMLP_REQUEST_ABSTRACT(lecp->authnRequestEnvelope->AuthnRequest)->private_key_file = + LASSO_PROFILE(lecp)->server->private_key; + LASSO_SAMLP_REQUEST_ABSTRACT(lecp->authnRequestEnvelope->AuthnRequest)->certificate_file = + LASSO_PROFILE(lecp)->server->certificate; message = lasso_node_get_xmlNode(LASSO_NODE(lecp->authnRequestEnvelope), FALSE); for (authn_request_node = message->children; authn_request_node && strcmp(authn_request_node->name, "AuthnRequest") != 0; @@ -73,11 +76,13 @@ lasso_lecp_build_authn_request_envelope_msg(LassoLecp *lecp) if (authn_request_node == NULL) return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); + /* rc = lasso_sign_node(authn_request_node, "RequestID", LASSO_SAMLP_REQUEST_ABSTRACT( lecp->authnRequestEnvelope->AuthnRequest)->RequestID, LASSO_PROFILE(lecp)->server->private_key, LASSO_PROFILE(lecp)->server->certificate); + */ handler = xmlFindCharEncodingHandler("utf-8"); buf = xmlAllocOutputBuffer(handler); @@ -120,12 +125,11 @@ lasso_lecp_build_authn_request_msg(LassoLecp *lecp) profile->msg_url = lasso_provider_get_metadata_one( remote_provider, "SingleSignOnServiceURL"); + /* msg_body has usally been set in + * lasso_lecp_process_authn_request_envelope_msg() */ if (profile->msg_body == NULL) return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); - /* msg_body should have been set in - * lasso_lecp_process_authn_request_envelope_msg() */ - return 0; } @@ -141,7 +145,7 @@ lasso_lecp_build_authn_response_msg(LassoLecp *lecp) if (profile->msg_url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - profile->msg_body = lasso_node_export_to_base64(profile->response, NULL, NULL); + profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response)); if (profile->msg_body == NULL) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } @@ -189,10 +193,13 @@ lasso_lecp_build_authn_response_envelope_msg(LassoLecp *lecp) lecp->authnResponseEnvelope = lasso_lib_authn_response_envelope_new( LASSO_LIB_AUTHN_RESPONSE(profile->response), assertionConsumerServiceURL); - LASSO_PROFILE(lecp)->msg_body = lasso_node_export_to_soap( - LASSO_NODE(lecp->authnResponseEnvelope), NULL, NULL); + LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse + )->private_key_file = profile->server->private_key; + LASSO_SAMLP_RESPONSE_ABSTRACT(lecp->authnResponseEnvelope->AuthnResponse + )->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(lecp->authnResponseEnvelope)); - if (LASSO_PROFILE(lecp)->msg_body == NULL) { + if (profile->msg_body == NULL) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index c68aacfc..90e4a5c8 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -530,22 +530,24 @@ gint lasso_login_build_authn_request_msg(LassoLogin *login) { LassoProvider *provider, *remote_provider; + LassoProfile *profile; char *md_authnRequestsSigned, *url, *query, *lareq, *protocolProfile; LassoProviderRole role; gboolean must_sign; gint ret = 0; g_return_val_if_fail(LASSO_IS_LOGIN(login), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); + profile = LASSO_PROFILE(login); - provider = LASSO_PROVIDER(LASSO_PROFILE(login)->server); - remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers, - LASSO_PROFILE(login)->remote_providerID); + provider = LASSO_PROVIDER(profile->server); + remote_provider = g_hash_table_lookup(profile->server->providers, + profile->remote_providerID); if (LASSO_IS_PROVIDER(remote_provider) == FALSE) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND, - LASSO_PROFILE(login)->remote_providerID); + profile->remote_providerID); } - protocolProfile = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(login)->request)->ProtocolProfile; + protocolProfile = LASSO_LIB_AUTHN_REQUEST(profile->request)->ProtocolProfile; if (protocolProfile == NULL) protocolProfile = LASSO_LIB_PROTOCOL_PROFILE_BRWS_ART; @@ -567,12 +569,12 @@ lasso_login_build_authn_request_msg(LassoLogin *login) if (login->http_method == LASSO_HTTP_METHOD_REDIRECT) { /* REDIRECT -> query */ if (must_sign) { - query = lasso_node_export_to_query(LASSO_PROFILE(login)->request, - LASSO_PROFILE(login)->server->signature_method, - LASSO_PROFILE(login)->server->private_key); + query = lasso_node_export_to_query(LASSO_NODE(profile->request), + profile->server->signature_method, + profile->server->private_key); } else { query = lasso_node_export_to_query( - LASSO_PROFILE(login)->request, 0, NULL); + LASSO_NODE(profile->request), 0, NULL); } if (query == NULL) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED); @@ -584,19 +586,19 @@ lasso_login_build_authn_request_msg(LassoLogin *login) return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - LASSO_PROFILE(login)->msg_url = g_strdup_printf("%s?%s", url, query); - LASSO_PROFILE(login)->msg_body = NULL; + profile->msg_url = g_strdup_printf("%s?%s", url, query); + profile->msg_body = NULL; g_free(query); g_free(url); } if (login->http_method == LASSO_HTTP_METHOD_POST) { - char *private_key = NULL, *certificate = NULL; if (must_sign) { - private_key = LASSO_PROFILE(login)->server->private_key; - certificate = LASSO_PROFILE(login)->server->certificate; + LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->private_key_file = + profile->server->private_key; + LASSO_SAMLP_REQUEST_ABSTRACT(profile->request)->certificate_file = + profile->server->certificate; } - lareq = lasso_node_export_to_base64(LASSO_PROFILE(login)->request, - private_key, certificate); + lareq = lasso_node_export_to_base64(LASSO_NODE(profile->request)); if (lareq == NULL) { message(G_LOG_LEVEL_CRITICAL, @@ -604,9 +606,9 @@ lasso_login_build_authn_request_msg(LassoLogin *login) return -5; } - LASSO_PROFILE(login)->msg_url = lasso_provider_get_metadata_one( + profile->msg_url = lasso_provider_get_metadata_one( remote_provider, "SingleSignOnServiceURL"); - LASSO_PROFILE(login)->msg_body = lareq; + profile->msg_body = lareq; } return ret; @@ -638,13 +640,13 @@ lasso_login_build_authn_response_msg(LassoLogin *login) /* Countermeasure: The issuer should sign <lib:AuthnResponse> messages. * (binding and profiles (1.2errata2, page 65) */ - LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; - LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response)->sign_method = - LASSO_SIGNATURE_METHOD_RSA_SHA1; + profile->response->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; + profile->response->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; + profile->response->private_key_file = profile->server->private_key; + profile->response->certificate_file = profile->server->certificate; /* build an lib:AuthnResponse base64 encoded */ - profile->msg_body = lasso_node_export_to_base64(profile->response, - profile->server->private_key, profile->server->certificate); + profile->msg_body = lasso_node_export_to_base64(LASSO_NODE(profile->response)); remote_provider = g_hash_table_lookup(LASSO_PROFILE(login)->server->providers, LASSO_PROFILE(login)->remote_providerID); @@ -673,8 +675,9 @@ lasso_login_build_request_msg(LassoLogin *login) profile = LASSO_PROFILE(login); - LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(profile->request, - profile->server->private_key, profile->server->certificate); + profile->request->private_key_file = profile->server->private_key; + profile->request->certificate_file = profile->server->certificate; + LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->request)); remote_provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); @@ -747,8 +750,9 @@ lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID) lasso_profile_set_response_status(profile, LASSO_SAML_STATUS_CODE_REQUEST_DENIED); } - profile->msg_body = lasso_node_export_to_soap(profile->response, - profile->server->private_key, profile->server->certificate); + profile->response->private_key_file = profile->server->private_key; + profile->response->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->response)); return ret; } @@ -801,7 +805,7 @@ lasso_login_init_authn_request(LassoLogin *login, const gchar *remote_providerID LASSO_SAMLP_REQUEST_ABSTRACT(request)->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; } - LASSO_PROFILE(login)->request = LASSO_NODE(request); + LASSO_PROFILE(login)->request = LASSO_SAMLP_REQUEST_ABSTRACT(request); if (LASSO_PROFILE(login)->request == NULL) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); @@ -877,7 +881,7 @@ lasso_login_init_request(LassoLogin *login, gchar *response_msg, request->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; request->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; - LASSO_PROFILE(login)->request = LASSO_NODE(request); + LASSO_PROFILE(login)->request = LASSO_SAMLP_REQUEST_ABSTRACT(request); return ret; } @@ -922,7 +926,7 @@ lasso_login_init_idp_initiated_authn_request(LassoLogin *login, request->ProviderID = g_strdup(LASSO_PROFILE(login)->remote_providerID); request->NameIDPolicy = LASSO_LIB_NAMEID_POLICY_TYPE_ANY; - LASSO_PROFILE(login)->request = LASSO_NODE(request); + LASSO_PROFILE(login)->request = LASSO_SAMLP_REQUEST_ABSTRACT(request); return ret; } @@ -1014,7 +1018,7 @@ lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_reque return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } - LASSO_PROFILE(login)->request = LASSO_NODE(request); + LASSO_PROFILE(login)->request = LASSO_SAMLP_REQUEST_ABSTRACT(request); } @@ -1087,10 +1091,11 @@ lasso_login_process_authn_response_msg(LassoLogin *login, gchar *authn_response_ g_return_val_if_fail(authn_response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); if (LASSO_PROFILE(login)->response) - lasso_node_destroy(LASSO_PROFILE(login)->response); + lasso_node_destroy(LASSO_NODE(LASSO_PROFILE(login)->response)); LASSO_PROFILE(login)->response = lasso_lib_authn_response_new(NULL, NULL); - format = lasso_node_init_from_message(LASSO_PROFILE(login)->response, authn_response_msg); + format = lasso_node_init_from_message( + LASSO_NODE(LASSO_PROFILE(login)->response), authn_response_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } @@ -1127,7 +1132,7 @@ lasso_login_process_request_msg(LassoLogin *login, gchar *request_msg) g_return_val_if_fail(request_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); /* rebuild samlp:Request with request_msg */ - profile->request = lasso_node_new_from_soap(request_msg); + profile->request = LASSO_SAMLP_REQUEST_ABSTRACT(lasso_node_new_from_soap(request_msg)); if (profile->request == NULL) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } @@ -1150,9 +1155,10 @@ lasso_login_process_response_msg(LassoLogin *login, gchar *response_msg) g_return_val_if_fail(response_msg != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); /* rebuild samlp:Response with response_msg */ - LASSO_PROFILE(login)->response = lasso_node_new_from_soap(response_msg); + LASSO_PROFILE(login)->response = LASSO_SAMLP_RESPONSE_ABSTRACT( + lasso_node_new_from_soap(response_msg)); if (! LASSO_IS_SAMLP_RESPONSE(LASSO_PROFILE(login)->response) ) { - lasso_node_destroy(LASSO_PROFILE(login)->response); + lasso_node_destroy(LASSO_NODE(LASSO_PROFILE(login)->response)); LASSO_PROFILE(login)->response = NULL; return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 3fa49933..3299f7db 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -87,8 +87,9 @@ lasso_logout_build_request_msg(LassoLogout *logout) /* build the logout request message */ profile->msg_url = lasso_provider_get_metadata_one( remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request, - profile->server->private_key, profile->server->certificate); + profile->request->private_key_file = profile->server->private_key; + profile->request->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->request)); return 0; } @@ -99,7 +100,7 @@ lasso_logout_build_request_msg(LassoLogout *logout) if (url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - query = lasso_node_export_to_query(profile->request, + query = lasso_node_export_to_query(LASSO_NODE(profile->request), profile->server->signature_method, profile->server->private_key); if (query == NULL) { @@ -165,8 +166,9 @@ lasso_logout_build_response_msg(LassoLogout *logout) /* build logout response message */ if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { profile->msg_url = NULL; - profile->msg_body = lasso_node_export_to_soap(profile->response, - profile->server->private_key, profile->server->certificate); + profile->response->private_key_file = profile->server->private_key; + profile->response->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->response)); return 0; } @@ -175,7 +177,7 @@ lasso_logout_build_response_msg(LassoLogout *logout) if (url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - query = lasso_node_export_to_query(profile->response, + query = lasso_node_export_to_query(LASSO_NODE(profile->response), profile->server->signature_method, profile->server->private_key); if (query == NULL) { @@ -318,7 +320,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, /* before setting profile->request, verify if it is already set */ if (LASSO_IS_LIB_LOGOUT_REQUEST(profile->request) == TRUE) { - lasso_node_destroy(profile->request); + lasso_node_destroy(LASSO_NODE(profile->request)); profile->request = NULL; } @@ -406,7 +408,7 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, char *request_msg) profile = LASSO_PROFILE(logout); profile->request = lasso_lib_logout_request_new(); - format = lasso_node_init_from_message(profile->request, request_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } @@ -473,12 +475,12 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg) /* before verify if profile->response is set */ if (LASSO_IS_LIB_LOGOUT_RESPONSE(profile->response) == TRUE) { - lasso_node_destroy(profile->response); + lasso_node_destroy(LASSO_NODE(profile->response)); profile->response = NULL; } profile->response = lasso_lib_logout_response_new(); - format = lasso_node_init_from_message(profile->response, response_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->response), response_msg); switch (format) { case LASSO_MESSAGE_FORMAT_SOAP: @@ -536,7 +538,7 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg) if (url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - query = lasso_node_export_to_query(profile->request, + query = lasso_node_export_to_query(LASSO_NODE(profile->request), profile->server->signature_method, profile->server->private_key); if (query == NULL) { @@ -592,13 +594,14 @@ lasso_logout_process_response_msg(LassoLogout *logout, gchar *response_msg) if (profile->remote_providerID != NULL) g_free(profile->remote_providerID); if (profile->request != NULL) - lasso_node_destroy(profile->request); + lasso_node_destroy(LASSO_NODE(profile->request)); if (profile->response != NULL) - lasso_node_destroy(profile->response); + lasso_node_destroy(LASSO_NODE(profile->response)); profile->remote_providerID = logout->initial_remote_providerID; - profile->request = logout->initial_request; - profile->response = logout->initial_response; + profile->request = LASSO_SAMLP_REQUEST_ABSTRACT(logout->initial_request); + profile->response = LASSO_SAMLP_RESPONSE_ABSTRACT( + logout->initial_response); logout->initial_remote_providerID = NULL; logout->initial_request = NULL; @@ -776,8 +779,8 @@ lasso_logout_validate_request(LassoLogout *logout) if (remote_provider->role == LASSO_PROVIDER_ROLE_SP && g_hash_table_size(profile->session->assertions) >= 1) { logout->initial_remote_providerID = profile->remote_providerID; - logout->initial_request = profile->request; - logout->initial_response = profile->response; + logout->initial_request = LASSO_NODE(profile->request); + logout->initial_response = LASSO_NODE(profile->response); profile->remote_providerID = NULL; profile->request = NULL; diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 4764ca13..94cb8ebb 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -57,8 +57,9 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - profile->msg_body = lasso_node_export_to_soap(profile->request, - profile->server->private_key, profile->server->certificate); + profile->request->private_key_file = profile->server->private_key; + profile->request->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->request)); if (profile->msg_body == NULL) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_MESSAGE_FAILED); } @@ -95,8 +96,9 @@ lasso_name_identifier_mapping_build_response_msg(LassoNameIdentifierMapping *map } profile->msg_url = NULL; - profile->msg_body = lasso_node_export_to_soap(profile->response, - profile->server->private_key, profile->server->certificate); + profile->response->private_key_file = profile->server->private_key; + profile->response->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->response)); return 0; } @@ -199,7 +201,7 @@ lasso_name_identifier_mapping_process_request_msg(LassoNameIdentifierMapping *ma /* build name identifier mapping from message */ profile->request = lasso_lib_name_identifier_mapping_request_new(); - format = lasso_node_init_from_message(profile->request, request_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } @@ -250,7 +252,7 @@ lasso_name_identifier_mapping_process_response_msg(LassoNameIdentifierMapping *m profile = LASSO_PROFILE(mapping); profile->response = lasso_lib_name_identifier_mapping_response_new(); - format = lasso_node_init_from_message(profile->response, response_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->response), response_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index 693b2af0..a4cb77fa 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -70,8 +70,9 @@ lasso_name_registration_build_request_msg(LassoNameRegistration *name_registrati if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { profile->msg_url = lasso_provider_get_metadata_one( remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request, - profile->server->private_key, profile->server->certificate); + profile->request->private_key_file = profile->server->private_key; + profile->request->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->request)); return 0; } @@ -83,7 +84,7 @@ lasso_name_registration_build_request_msg(LassoNameRegistration *name_registrati if (url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - query = lasso_node_export_to_query(profile->request, + query = lasso_node_export_to_query(LASSO_NODE(profile->request), profile->server->signature_method, profile->server->private_key); if (query == NULL) { @@ -121,8 +122,9 @@ lasso_name_registration_build_response_msg(LassoNameRegistration *name_registrat if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) { profile->msg_url = NULL; /* XXX ??? */ - profile->msg_body = lasso_node_export_to_soap(profile->response, - profile->server->private_key, profile->server->certificate); + profile->response->private_key_file = profile->server->private_key; + profile->response->certificate_file = profile->server->certificate; + profile->msg_body = lasso_node_export_to_soap(LASSO_NODE(profile->response)); return 0; } @@ -132,7 +134,7 @@ lasso_name_registration_build_response_msg(LassoNameRegistration *name_registrat if (url == NULL) { return critical_error(LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); } - query = lasso_node_export_to_query(profile->response, + query = lasso_node_export_to_query(LASSO_NODE(profile->response), profile->server->signature_method, profile->server->private_key); if (query == NULL) { @@ -293,7 +295,7 @@ gint lasso_name_registration_process_request_msg(LassoNameRegistration *name_reg profile = LASSO_PROFILE(name_registration); profile->request = lasso_lib_register_name_identifier_request_new(); - format = lasso_node_init_from_message(profile->request, request_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->request), request_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } @@ -369,7 +371,7 @@ lasso_name_registration_process_response_msg(LassoNameRegistration *name_registr /* build register name identifier response from message */ profile->response = lasso_lib_register_name_identifier_response_new(); - format = lasso_node_init_from_message(profile->response, response_msg); + format = lasso_node_init_from_message(LASSO_NODE(profile->response), response_msg); if (format == LASSO_MESSAGE_FORMAT_UNKNOWN || format == LASSO_MESSAGE_FORMAT_ERROR) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } diff --git a/lasso/id-ff/profile.h b/lasso/id-ff/profile.h index c759f385..4b251649 100644 --- a/lasso/id-ff/profile.h +++ b/lasso/id-ff/profile.h @@ -35,6 +35,9 @@ extern "C" { #include <lasso/id-ff/server.h> #include <lasso/id-ff/session.h> +#include <lasso/xml/samlp_request_abstract.h> +#include <lasso/xml/samlp_response_abstract.h> + #define LASSO_TYPE_PROFILE (lasso_profile_get_type()) #define LASSO_PROFILE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_PROFILE, LassoProfile)) #define LASSO_PROFILE_CLASS(klass) \ @@ -74,8 +77,8 @@ struct _LassoProfile { /*< public >*/ LassoServer *server; - LassoNode *request; - LassoNode *response; + LassoSamlpRequestAbstract *request; + LassoSamlpResponseAbstract *response; LassoSamlNameIdentifier *nameIdentifier; diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c index 403a0db3..76c4fa21 100644 --- a/lasso/id-wsf/wsf_profile.c +++ b/lasso/id-wsf/wsf_profile.c @@ -32,20 +32,16 @@ gint lasso_wsf_profile_build_request_msg(LassoWsfProfile *profile) { - profile->msg_body = lasso_node_export_to_soap(profile->request, /* FIXME : set keys */ - NULL, - NULL); - + /* FIXME : set keys */ + profile->msg_body = lasso_node_export_to_soap(profile->request); return 0; } gint lasso_wsf_profile_build_response_msg(LassoWsfProfile *profile) { - profile->msg_body = lasso_node_export_to_soap(profile->response, /* FIXME : set keys */ - NULL, - NULL); - + /* FIXME : set keys */ + profile->msg_body = lasso_node_export_to_soap(profile->response); return 0; } diff --git a/lasso/xml/lib_authn_response.c b/lasso/xml/lib_authn_response.c index a906817e..7a24afab 100644 --- a/lasso/xml/lib_authn_response.c +++ b/lasso/xml/lib_authn_response.c @@ -113,7 +113,7 @@ lasso_lib_authn_response_get_type() return authn_response_type; } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_authn_response_new(char *providerID, LassoLibAuthnRequest *request) { LassoLibAuthnResponse *response; @@ -129,6 +129,6 @@ lasso_lib_authn_response_new(char *providerID, LassoLibAuthnRequest *request) response->RelayState = g_strdup(request->RelayState); } - return LASSO_NODE(response); + return LASSO_SAMLP_RESPONSE_ABSTRACT(response); } diff --git a/lasso/xml/lib_authn_response.h b/lasso/xml/lib_authn_response.h index 2d16f5ad..b47045d1 100644 --- a/lasso/xml/lib_authn_response.h +++ b/lasso/xml/lib_authn_response.h @@ -69,7 +69,7 @@ struct _LassoLibAuthnResponseClass { }; LASSO_EXPORT GType lasso_lib_authn_response_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_authn_response_new( +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_authn_response_new( char *providerID, LassoLibAuthnRequest *request); #ifdef __cplusplus diff --git a/lasso/xml/lib_federation_termination_notification.c b/lasso/xml/lib_federation_termination_notification.c index 7f9dd341..edf11cfa 100644 --- a/lasso/xml/lib_federation_termination_notification.c +++ b/lasso/xml/lib_federation_termination_notification.c @@ -196,13 +196,13 @@ lasso_lib_federation_termination_notification_get_type() return this_type; } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_federation_termination_notification_new() { return g_object_new(LASSO_TYPE_LIB_FEDERATION_TERMINATION_NOTIFICATION, NULL); } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_federation_termination_notification_new_full(char *providerID, LassoSamlNameIdentifier *nameIdentifier, lassoSignatureType sign_type, lassoSignatureMethod sign_method) @@ -222,6 +222,5 @@ lasso_lib_federation_termination_notification_new_full(char *providerID, LASSO_LIB_FEDERATION_TERMINATION_NOTIFICATION(request)->NameIdentifier = g_object_ref(nameIdentifier); - return LASSO_NODE(request); + return request; } - diff --git a/lasso/xml/lib_federation_termination_notification.h b/lasso/xml/lib_federation_termination_notification.h index 1ae46c50..ddadfc86 100644 --- a/lasso/xml/lib_federation_termination_notification.h +++ b/lasso/xml/lib_federation_termination_notification.h @@ -75,8 +75,8 @@ struct _LassoLibFederationTerminationNotificationClass { }; LASSO_EXPORT GType lasso_lib_federation_termination_notification_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_federation_termination_notification_new(void); -LASSO_EXPORT LassoNode* lasso_lib_federation_termination_notification_new_full( +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_federation_termination_notification_new(void); +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_federation_termination_notification_new_full( char *providerID, LassoSamlNameIdentifier *nameIdentifier, lassoSignatureType sign_type, lassoSignatureMethod sign_method); diff --git a/lasso/xml/lib_logout_request.c b/lasso/xml/lib_logout_request.c index f8de8826..7757b41c 100644 --- a/lasso/xml/lib_logout_request.c +++ b/lasso/xml/lib_logout_request.c @@ -171,13 +171,13 @@ lasso_lib_logout_request_get_type() return this_type; } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_logout_request_new() { return g_object_new(LASSO_TYPE_LIB_LOGOUT_REQUEST, NULL); } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_logout_request_new_full(char *providerID, LassoSamlNameIdentifier *nameIdentifier, lassoSignatureType sign_type, lassoSignatureMethod sign_method) { @@ -194,6 +194,5 @@ lasso_lib_logout_request_new_full(char *providerID, LassoSamlNameIdentifier *nam LASSO_LIB_LOGOUT_REQUEST(request)->ProviderID = g_strdup(providerID); LASSO_LIB_LOGOUT_REQUEST(request)->NameIdentifier = g_object_ref(nameIdentifier); - return LASSO_NODE(request); + return request; } - diff --git a/lasso/xml/lib_logout_request.h b/lasso/xml/lib_logout_request.h index 4e4b3279..30f6ed1b 100644 --- a/lasso/xml/lib_logout_request.h +++ b/lasso/xml/lib_logout_request.h @@ -69,9 +69,9 @@ struct _LassoLibLogoutRequestClass { }; LASSO_EXPORT GType lasso_lib_logout_request_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_logout_request_new(void); +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_logout_request_new(void); -LASSO_EXPORT LassoNode* lasso_lib_logout_request_new_full( +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_logout_request_new_full( char *providerID, LassoSamlNameIdentifier *nameIdentifier, lassoSignatureType sign_type, lassoSignatureMethod sign_method); diff --git a/lasso/xml/lib_logout_response.c b/lasso/xml/lib_logout_response.c index 8c5bfab9..8652da94 100644 --- a/lasso/xml/lib_logout_response.c +++ b/lasso/xml/lib_logout_response.c @@ -78,13 +78,13 @@ lasso_lib_logout_response_get_type() return logout_response_type; } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_logout_response_new() { return g_object_new(LASSO_TYPE_LIB_LOGOUT_RESPONSE, NULL); } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_logout_response_new_full(char *providerID, const char *statusCodeValue, LassoLibLogoutRequest *request, lassoSignatureType sign_type, lassoSignatureMethod sign_method) @@ -105,6 +105,6 @@ lasso_lib_logout_response_new_full(char *providerID, const char *statusCodeValue response->Status->StatusCode = lasso_samlp_status_code_new(); response->Status->StatusCode->Value = g_strdup(statusCodeValue); - return LASSO_NODE(response); + return LASSO_SAMLP_RESPONSE_ABSTRACT(response); } diff --git a/lasso/xml/lib_logout_response.h b/lasso/xml/lib_logout_response.h index d43dbf09..6de78e88 100644 --- a/lasso/xml/lib_logout_response.h +++ b/lasso/xml/lib_logout_response.h @@ -59,9 +59,9 @@ struct _LassoLibLogoutResponseClass { }; LASSO_EXPORT GType lasso_lib_logout_response_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_logout_response_new(void); +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_logout_response_new(void); -LASSO_EXPORT LassoNode* lasso_lib_logout_response_new_full( +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_logout_response_new_full( char *providerID, const char *statusCodeValue, LassoLibLogoutRequest *request, lassoSignatureType sign_type, lassoSignatureMethod sign_method); diff --git a/lasso/xml/lib_name_identifier_mapping_request.c b/lasso/xml/lib_name_identifier_mapping_request.c index 9f7c727d..348cf38a 100644 --- a/lasso/xml/lib_name_identifier_mapping_request.c +++ b/lasso/xml/lib_name_identifier_mapping_request.c @@ -120,13 +120,13 @@ lasso_lib_name_identifier_mapping_request_get_type() return this_type; } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_name_identifier_mapping_request_new() { return g_object_new(LASSO_TYPE_LIB_NAME_IDENTIFIER_MAPPING_REQUEST, NULL); } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_name_identifier_mapping_request_new_full(char *providerID, LassoSamlNameIdentifier *nameIdentifier, const char *targetNamespace, lassoSignatureType sign_type, lassoSignatureMethod sign_method) @@ -152,6 +152,5 @@ lasso_lib_name_identifier_mapping_request_new_full(char *providerID, /* XXX: consent ? */ - return LASSO_NODE(request); + return request; } - diff --git a/lasso/xml/lib_name_identifier_mapping_request.h b/lasso/xml/lib_name_identifier_mapping_request.h index b200b876..1dbd313c 100644 --- a/lasso/xml/lib_name_identifier_mapping_request.h +++ b/lasso/xml/lib_name_identifier_mapping_request.h @@ -74,8 +74,8 @@ struct _LassoLibNameIdentifierMappingRequestClass { }; LASSO_EXPORT GType lasso_lib_name_identifier_mapping_request_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_name_identifier_mapping_request_new(void); -LASSO_EXPORT LassoNode* lasso_lib_name_identifier_mapping_request_new_full( +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_name_identifier_mapping_request_new(void); +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_name_identifier_mapping_request_new_full( char *providerID, LassoSamlNameIdentifier *nameIdentifier, const char *targetNamespace, lassoSignatureType sign_type, lassoSignatureMethod sign_method); diff --git a/lasso/xml/lib_name_identifier_mapping_response.c b/lasso/xml/lib_name_identifier_mapping_response.c index 2edc26a2..589018ef 100644 --- a/lasso/xml/lib_name_identifier_mapping_response.c +++ b/lasso/xml/lib_name_identifier_mapping_response.c @@ -109,13 +109,13 @@ lasso_lib_name_identifier_mapping_response_get_type() return name_identifier_mapping_response_type; } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_name_identifier_mapping_response_new() { return g_object_new(LASSO_TYPE_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE, NULL); } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_name_identifier_mapping_response_new_full(char *providerID, const char *statusCodeValue, LassoLibNameIdentifierMappingRequest *request, lassoSignatureType sign_type, lassoSignatureMethod sign_method) @@ -135,6 +135,6 @@ lasso_lib_name_identifier_mapping_response_new_full(char *providerID, const char response->Status->StatusCode = lasso_samlp_status_code_new(); response->Status->StatusCode->Value = g_strdup(statusCodeValue); - return LASSO_NODE(response); + return LASSO_SAMLP_RESPONSE_ABSTRACT(response); } diff --git a/lasso/xml/lib_name_identifier_mapping_response.h b/lasso/xml/lib_name_identifier_mapping_response.h index ca27a27a..17a58292 100644 --- a/lasso/xml/lib_name_identifier_mapping_response.h +++ b/lasso/xml/lib_name_identifier_mapping_response.h @@ -74,9 +74,9 @@ struct _LassoLibNameIdentifierMappingResponseClass { }; LASSO_EXPORT GType lasso_lib_name_identifier_mapping_response_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_name_identifier_mapping_response_new(void); +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_name_identifier_mapping_response_new(void); -LASSO_EXPORT LassoNode* lasso_lib_name_identifier_mapping_response_new_full( +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_name_identifier_mapping_response_new_full( char *provideRID, const char *statusCodeValue, LassoLibNameIdentifierMappingRequest *request, lassoSignatureType sign_type, lassoSignatureMethod sign_method); diff --git a/lasso/xml/lib_register_name_identifier_request.c b/lasso/xml/lib_register_name_identifier_request.c index 3825fa2a..0df41d09 100644 --- a/lasso/xml/lib_register_name_identifier_request.c +++ b/lasso/xml/lib_register_name_identifier_request.c @@ -195,13 +195,13 @@ lasso_lib_register_name_identifier_request_get_type() return this_type; } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_register_name_identifier_request_new() { return g_object_new(LASSO_TYPE_LIB_REGISTER_NAME_IDENTIFIER_REQUEST, NULL); } -LassoNode* +LassoSamlpRequestAbstract* lasso_lib_register_name_identifier_request_new_full(const char *providerID, LassoSamlNameIdentifier *idpNameIdentifier, LassoSamlNameIdentifier *spNameIdentifier, @@ -226,7 +226,7 @@ lasso_lib_register_name_identifier_request_new_full(const char *providerID, request->SPProvidedNameIdentifier = spNameIdentifier; request->OldProvidedNameIdentifier = oldNameIdentifier; - return LASSO_NODE(request); + return request_base; } diff --git a/lasso/xml/lib_register_name_identifier_request.h b/lasso/xml/lib_register_name_identifier_request.h index 6346bab4..6d8ca82a 100644 --- a/lasso/xml/lib_register_name_identifier_request.h +++ b/lasso/xml/lib_register_name_identifier_request.h @@ -77,8 +77,8 @@ struct _LassoLibRegisterNameIdentifierRequestClass { }; LASSO_EXPORT GType lasso_lib_register_name_identifier_request_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_request_new(void); -LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_request_new_full( +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_register_name_identifier_request_new(void); +LASSO_EXPORT LassoSamlpRequestAbstract* lasso_lib_register_name_identifier_request_new_full( const char *providerID, LassoSamlNameIdentifier *idpNameIdentifier, LassoSamlNameIdentifier *spNameIdentifier, diff --git a/lasso/xml/lib_register_name_identifier_response.c b/lasso/xml/lib_register_name_identifier_response.c index 2f0cc471..ab59604f 100644 --- a/lasso/xml/lib_register_name_identifier_response.c +++ b/lasso/xml/lib_register_name_identifier_response.c @@ -80,13 +80,13 @@ lasso_lib_register_name_identifier_response_get_type() return register_name_identifier_response_type; } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_register_name_identifier_response_new() { return g_object_new(LASSO_TYPE_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE, NULL); } -LassoNode* +LassoSamlpResponseAbstract* lasso_lib_register_name_identifier_response_new_full(const char *providerID, const char *statusCodeValue, LassoLibRegisterNameIdentifierRequest *request, lassoSignatureType sign_type, lassoSignatureMethod sign_method) @@ -108,6 +108,6 @@ lasso_lib_register_name_identifier_response_new_full(const char *providerID, response->Status->StatusCode = lasso_samlp_status_code_new(); response->Status->StatusCode->Value = g_strdup(statusCodeValue); - return LASSO_NODE(response); + return LASSO_SAMLP_RESPONSE_ABSTRACT(response); } diff --git a/lasso/xml/lib_register_name_identifier_response.h b/lasso/xml/lib_register_name_identifier_response.h index f99f6ca2..d747419b 100644 --- a/lasso/xml/lib_register_name_identifier_response.h +++ b/lasso/xml/lib_register_name_identifier_response.h @@ -62,8 +62,8 @@ struct _LassoLibRegisterNameIdentifierResponseClass { }; LASSO_EXPORT GType lasso_lib_register_name_identifier_response_get_type(void); -LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_response_new(void); -LASSO_EXPORT LassoNode* lasso_lib_register_name_identifier_response_new_full( +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_register_name_identifier_response_new(void); +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_lib_register_name_identifier_response_new_full( const char *providerID, const char *statusCodeValue, LassoLibRegisterNameIdentifierRequest *request, lassoSignatureType sign_type, lassoSignatureMethod sign_method); diff --git a/lasso/xml/samlp_request_abstract.c b/lasso/xml/samlp_request_abstract.c index 4500988f..83c41af4 100644 --- a/lasso/xml/samlp_request_abstract.c +++ b/lasso/xml/samlp_request_abstract.c @@ -67,12 +67,25 @@ static struct XmlSnippet schema_snippets[] = { { NULL, 0, 0} }; -static char* -get_sign_attr_name() +static LassoNodeClass *parent_class = NULL; + +static xmlNode* +get_xmlNode(LassoNode *node, gboolean lasso_dump) { - return "RequestID"; -} + LassoSamlpRequestAbstract *request = LASSO_SAMLP_REQUEST_ABSTRACT(node); + xmlNode *xmlnode; + int rc; + + xmlnode = parent_class->get_xmlNode(node, lasso_dump); + if (lasso_dump == FALSE && request->sign_type) { + rc = lasso_sign_node(xmlnode, "RequestID", request->RequestID, + request->private_key_file, request->certificate_file); + /* signature may have failed; what to do ? */ + } + + return xmlnode; +} /*****************************************************************************/ /* instance and class init functions */ @@ -94,7 +107,8 @@ class_init(LassoSamlpRequestAbstractClass *klass) { LassoNodeClass *nclass = LASSO_NODE_CLASS(klass); - nclass->get_sign_attr_name = get_sign_attr_name; + parent_class = g_type_class_peek_parent(klass); + nclass->get_xmlNode = get_xmlNode; nclass->node_data = g_new0(LassoNodeClassData, 1); lasso_node_class_set_nodename(nclass, "RequestAbstract"); lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX); diff --git a/lasso/xml/samlp_request_abstract.h b/lasso/xml/samlp_request_abstract.h index 07d40e6e..e24688a9 100644 --- a/lasso/xml/samlp_request_abstract.h +++ b/lasso/xml/samlp_request_abstract.h @@ -68,6 +68,8 @@ struct _LassoSamlpRequestAbstract { /* ds:Signature stuffs */ lassoSignatureType sign_type; lassoSignatureMethod sign_method; + char *private_key_file; + char *certificate_file; }; struct _LassoSamlpRequestAbstractClass { diff --git a/lasso/xml/samlp_response.c b/lasso/xml/samlp_response.c index 5638538c..85c31999 100644 --- a/lasso/xml/samlp_response.c +++ b/lasso/xml/samlp_response.c @@ -124,7 +124,7 @@ lasso_samlp_response_get_type() return response_type; } -LassoNode* +LassoSamlpResponseAbstract* lasso_samlp_response_new() { LassoSamlpResponseAbstract *response; @@ -146,6 +146,6 @@ lasso_samlp_response_new() status->StatusCode = status_code; LASSO_SAMLP_RESPONSE(response)->Status = status; - return LASSO_NODE(response); + return response; } diff --git a/lasso/xml/samlp_response.h b/lasso/xml/samlp_response.h index 5e081531..bde65a30 100644 --- a/lasso/xml/samlp_response.h +++ b/lasso/xml/samlp_response.h @@ -64,7 +64,7 @@ struct _LassoSamlpResponseClass { }; LASSO_EXPORT GType lasso_samlp_response_get_type(void); -LASSO_EXPORT LassoNode* lasso_samlp_response_new(void); +LASSO_EXPORT LassoSamlpResponseAbstract* lasso_samlp_response_new(void); #ifdef __cplusplus diff --git a/lasso/xml/samlp_response_abstract.c b/lasso/xml/samlp_response_abstract.c index 5f86e10d..1d24b5b7 100644 --- a/lasso/xml/samlp_response_abstract.c +++ b/lasso/xml/samlp_response_abstract.c @@ -73,12 +73,25 @@ static struct XmlSnippet schema_snippets[] = { { NULL, 0, 0} }; -static char* -get_sign_attr_name() +static LassoNodeClass *parent_class = NULL; + +static xmlNode* +get_xmlNode(LassoNode *node, gboolean lasso_dump) { - return "ResponseID"; -} + LassoSamlpResponseAbstract *response = LASSO_SAMLP_RESPONSE_ABSTRACT(node); + xmlNode *xmlnode; + int rc; + + xmlnode = parent_class->get_xmlNode(node, lasso_dump); + if (lasso_dump == FALSE && response->sign_type) { + rc = lasso_sign_node(xmlnode, "ResponseID", response->ResponseID, + response->private_key_file, response->certificate_file); + /* signature may have failed; what to do ? */ + } + + return xmlnode; +} /*****************************************************************************/ /* instance and class init functions */ @@ -101,7 +114,8 @@ class_init(LassoSamlpResponseAbstractClass *klass) { LassoNodeClass *nclass = LASSO_NODE_CLASS(klass); - nclass->get_sign_attr_name = get_sign_attr_name; + parent_class = g_type_class_peek_parent(klass); + nclass->get_xmlNode = get_xmlNode; nclass->node_data = g_new0(LassoNodeClassData, 1); lasso_node_class_set_nodename(nclass, "ResponseAbstract"); lasso_node_class_set_ns(nclass, LASSO_SAML_PROTOCOL_HREF, LASSO_SAML_PROTOCOL_PREFIX); diff --git a/lasso/xml/samlp_response_abstract.h b/lasso/xml/samlp_response_abstract.h index 89251f0c..62b0e76b 100644 --- a/lasso/xml/samlp_response_abstract.h +++ b/lasso/xml/samlp_response_abstract.h @@ -70,6 +70,8 @@ struct _LassoSamlpResponseAbstract { /* ds:Signature stuffs */ lassoSignatureType sign_type; lassoSignatureMethod sign_method; + char *private_key_file; + char *certificate_file; }; struct _LassoSamlpResponseAbstractClass { diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index dfadaa4d..b07d5111 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -126,40 +126,9 @@ lasso_node_destroy(LassoNode *node) } } -static xmlNode* -lasso_node_export_to_signed_xmlnode(LassoNode *node, - const char *private_key_file, const char *certificate_file) -{ - xmlNode *message; - char *id_attr_name = NULL, *id_value = NULL; - - message = lasso_node_get_xmlNode(node, FALSE); - - if (private_key_file) { - int rc; - - if (LASSO_NODE_GET_CLASS(node)->get_sign_attr_name) { - id_attr_name = LASSO_NODE_GET_CLASS(node)->get_sign_attr_name(); - id_value = xmlGetProp(message, id_attr_name); - } - - rc = lasso_sign_node(message, id_attr_name, id_value, - private_key_file, certificate_file); - /* it may have failed; should we care and return NULL or let - * the unsigned message go on the wire ? */ - if (id_value) - xmlFree(id_value); - } - - return message; -} - - /** * lasso_node_export_to_base64: * @node: a #LassoNode - * @private_key_file: the path to the private key for signature (may be NULL) - * @certificate_file: the path to the certificate for signature (may be NULL) * * Exports @node to a base64-encoded message. * @@ -167,8 +136,7 @@ lasso_node_export_to_signed_xmlnode(LassoNode *node, * the caller. **/ char* -lasso_node_export_to_base64(LassoNode *node, - const char *private_key_file, const char *certificate_file) +lasso_node_export_to_base64(LassoNode *node) { xmlNode *message; xmlOutputBufferPtr buf; @@ -176,7 +144,7 @@ lasso_node_export_to_base64(LassoNode *node, char *buffer; char *ret; - message = lasso_node_export_to_signed_xmlnode(node, private_key_file, certificate_file); + message = lasso_node_get_xmlNode(node, FALSE); handler = xmlFindCharEncodingHandler("utf-8"); buf = xmlAllocOutputBuffer(handler); @@ -223,8 +191,6 @@ lasso_node_export_to_query(LassoNode *node, /** * lasso_node_export_to_soap: * @node: a #LassoNode - * @private_key_file: the path to the private key for signature (may be NULL) - * @certificate_file: the path to the certificate for signature (may be NULL) * * Exports @node to a SOAP message. * @@ -232,8 +198,7 @@ lasso_node_export_to_query(LassoNode *node, * caller. **/ char* -lasso_node_export_to_soap(LassoNode *node, - const char *private_key_file, const char *certificate_file) +lasso_node_export_to_soap(LassoNode *node) { xmlNode *envelope, *body, *message; xmlOutputBuffer *buf; @@ -242,7 +207,7 @@ lasso_node_export_to_soap(LassoNode *node, g_return_val_if_fail (LASSO_IS_NODE(node), NULL); - message = lasso_node_export_to_signed_xmlnode(node, private_key_file, certificate_file); + message = lasso_node_get_xmlNode(node, FALSE); envelope = xmlNewNode(NULL, "Envelope"); xmlSetNs(envelope, xmlNewNs(envelope, LASSO_SOAP_ENV_HREF, LASSO_SOAP_ENV_PREFIX)); @@ -712,7 +677,6 @@ class_init(LassoNodeClass *class) class->destroy = lasso_node_impl_destroy; class->init_from_query = NULL; class->init_from_xml = lasso_node_impl_init_from_xml; - class->get_sign_attr_name = NULL; /* virtual private methods */ class->build_query = lasso_node_impl_build_query; diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h index 105f8895..cff2f91d 100644 --- a/lasso/xml/xml.h +++ b/lasso/xml/xml.h @@ -90,8 +90,6 @@ struct _LassoNodeClass { gboolean (* init_from_query) (LassoNode *node, char **query_fields); int (* init_from_xml) (LassoNode *node, xmlNode *xmlnode); xmlNode* (* get_xmlNode) (LassoNode *node, gboolean lasso_dump); - - char* (* get_sign_attr_name) (); }; LASSO_EXPORT GType lasso_node_get_type(void); @@ -104,14 +102,12 @@ LASSO_EXPORT LassoNode* lasso_node_new_from_xmlNode(xmlNode* node); LASSO_EXPORT void lasso_node_destroy(LassoNode *node); LASSO_EXPORT char* lasso_node_dump(LassoNode *node, const char *encoding, int format); LASSO_EXPORT char* lasso_node_build_query(LassoNode *node); -LASSO_EXPORT char* lasso_node_export_to_base64(LassoNode *node, - const char *private_key_file, const char *certificate_file); +LASSO_EXPORT char* lasso_node_export_to_base64(LassoNode *node); LASSO_EXPORT char* lasso_node_export_to_query(LassoNode *node, lassoSignatureMethod sign_method, const char *private_key_file); -LASSO_EXPORT char* lasso_node_export_to_soap(LassoNode *node, - const char *private_key_file, const char *certificate_file); +LASSO_EXPORT char* lasso_node_export_to_soap(LassoNode *node); LASSO_EXPORT xmlNode* lasso_node_get_xmlNode(LassoNode *node, gboolean lasso_dump); |