*** empty log message ***

6 files changed, 340 insertions, 4 deletions

diff --git a/lasso/Attic/protocols/sso_and_federation_authn_request.c b/lasso/Attic/protocols/authn_request.c
index 2129a670..a6bb87de 100644
--- a/lasso/Attic/protocols/sso_and_federation_authn_request.c
+++ b/lasso/Attic/protocols/authn_request.c
@@ -23,7 +23,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-#include <lasso/protocols/ssoaf_authn_request.h>
+#include <lasso/protocols/sso_and_federation_authn_request.h>
 
 /*****************************************************************************/
 /* public methods                                                            */
diff --git a/lasso/Attic/protocols/sso_and_federation_authn_request.h b/lasso/Attic/protocols/authn_request.h
index f83ae7f1..68b9e33a 100644
--- a/lasso/Attic/protocols/sso_and_federation_authn_request.h
+++ b/lasso/Attic/protocols/authn_request.h
@@ -23,8 +23,8 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-#ifndef __LASSO_SSOAF_AUTHN_REQUEST_H__
-#define __LASSO_SSOAF_AUTHN_REQUEST_H__
+#ifndef __LASSO_SSO_AND_FEDERATION_AUTHN_REQUEST_H__
+#define __LASSO_SSO_AND_FEDERATION_AUTHN_REQUEST_H__
 
 #ifdef __cplusplus
 extern "C" {
@@ -67,4 +67,4 @@ LASSO_EXPORT void lasso_authn_request_set_scoping              (LassoAuthnReques
 }
 #endif /* __cplusplus */
 
-#endif /* __LASSO_SSOAF_AUTHN_REQUEST_H__ */
+#endif /* __LASSO_SSO_AND_FEDERATION_AUTHN_REQUEST_H__ */
diff --git a/lasso/Attic/protocols/authn_response.c b/lasso/Attic/protocols/authn_response.c
new file mode 100644
index 00000000..571b3038
--- /dev/null
+++ b/lasso/Attic/protocols/authn_response.c
@@ -0,0 +1,156 @@
+/* $Id$ 
+ *
+ * Lasso - A free implementation of the Liberty Alliance specifications.
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Valery Febvre   <vfebvre@easter-eggs.com>
+ *          Nicolas Clapies <nclapies@entrouvert.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <lasso/protocols/sso_and_federation_authn_response.h>
+
+/*****************************************************************************/
+/* public methods                                                            */
+/*****************************************************************************/
+
+void
+lasso_authn_response_set_responseAuthnContext(LassoAuthnResponse *response,
+					      GPtrArray          *authnContextClassRefs,
+					      GPtrArray          *authnContextStatementRefs,
+					      const xmlChar      *authnContextComparison)
+{
+  g_return_if_fail (LASSO_IS_AUTHN_RESPONSE(response));
+
+  LassoNode *response_authn_context;
+  gint i;
+
+}
+
+void
+lasso_authn_response_set_scoping(LassoAuthnResponse *response,
+				 gint                proxyCount)
+{
+  g_return_if_fail (LASSO_IS_AUTHN_RESPONSE(response));
+
+  LassoNode *scoping;
+
+}
+
+/*****************************************************************************/
+/* instance and class init functions                                         */
+/*****************************************************************************/
+
+static void
+lasso_authn_response_instance_init(LassoAuthnResponse *response)
+{
+}
+
+static void
+lasso_authn_response_class_init(LassoAuthnResponseClass *class)
+{
+}
+
+GType lasso_authn_response_get_type() {
+  static GType this_type = 0;
+
+  if (!this_type) {
+    static const GTypeInfo this_info = {
+      sizeof (LassoAuthnResponseClass),
+      NULL,
+      NULL,
+      (GClassInitFunc) lasso_authn_response_class_init,
+      NULL,
+      NULL,
+      sizeof(LassoAuthnResponse),
+      0,
+      (GInstanceInitFunc) lasso_authn_response_instance_init,
+    };
+    
+    this_type = g_type_register_static(LASSO_TYPE_LIB_AUTHN_RESPONSE,
+				       "LassoAuthnResponse",
+				       &this_info, 0);
+  }
+  return this_type;
+}
+
+LassoNode*
+lasso_authn_response_new(lassoAuthnRequestCtx *ctx,
+			 const xmlChar        *providerID,
+			 gboolean              authentication_result)
+{
+  LassoNode *response;
+  const xmlChar *nameIDPolicy;
+
+  response = LASSO_NODE(g_object_new(LASSO_TYPE_AUTHN_RESPONSE, NULL));
+
+  /* ResponseID */
+  lasso_samlp_response_abstract_set_responseID(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
+					       (const xmlChar *)lasso_build_unique_id(32));
+  /* MajorVersion */
+  lasso_samlp_response_abstract_set_majorVersion(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
+						 lassoLibMajorVersion);     
+  /* MinorVersion */
+  lasso_samlp_response_abstract_set_minorVersion(LASSO_SAMLP_RESPONSE_ABSTRACT(response), 
+						 lassoLibMinorVersion);
+  /* IssueInstance */
+  lasso_samlp_response_abstract_set_issueInstance(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
+						  lasso_get_current_time());
+
+  /* ProviderID */
+  lasso_lib_authn_response_set_providerID(LASSO_LIB_AUTHN_RESPONSE(response),
+					  providerID);
+
+  /* RelayState */
+  if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(ctx->query_dict), "RelayState"), 0) != NULL) {
+    lasso_lib_authn_response_set_relayState(LASSO_LIB_AUTHN_RESPONSE(response),
+					    lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(ctx->query_dict), "RelayState"), 0));
+  }
+  /* InResponseTo */
+  if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(ctx->query_dict), "RequestID"), 0) != NULL) {
+    lasso_samlp_response_abstract_set_inResponseTo(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
+						   lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(ctx->query_dict), "RequestID"), 0));
+  }
+
+  /* consent ??? */
+  /* Recipient ??? */
+
+  /* Status & StatusCode */
+  /* StatusCode */
+  if (authentication_result == TRUE) {
+    nameIDPolicy = lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(ctx->query_dict), "NameIDPolicy"), 0);
+    if (xmlStrEqual(nameIDPolicy, "none") || nameIDPolicy == NULL) {
+      printf("no NameIDPolicy or none value\n");
+      status_code_value = 0;
+    }
+  }
+  else
+    status_code_value = 0;
+
+  /* Add Status */
+  status = lasso_samlp_status_new();
+  status_code = lasso_samlp_status_code_new();
+  if (status_code_value == 0)
+    lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code), lassoSamlStatusCodeRequestDenied);
+  else
+    lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code), lassoSamlStatusCodeSuccess);
+  lasso_samlp_status_set_statusCode(LASSO_SAMLP_STATUS(status), LASSO_SAMLP_STATUS_CODE(status_code));
+  lasso_samlp_response_set_status(LASSO_SAMLP_RESPONSE(response), LASSO_SAMLP_STATUS(status));
+
+  return (response);
+}
diff --git a/lasso/Attic/protocols/authn_response.h b/lasso/Attic/protocols/authn_response.h
new file mode 100644
index 00000000..a6620203
--- /dev/null
+++ b/lasso/Attic/protocols/authn_response.h
@@ -0,0 +1,64 @@
+/* $Id$ 
+ *
+ * Lasso - A free implementation of the Liberty Alliance specifications.
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Valery Febvre <vfebvre@easter-eggs.com>
+ *          Nicolas Clapies <nclapies@entrouvert.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#ifndef __LASSO_SSO_AND_FEDERATION_AUTHN_RESPONSE_H__
+#define __LASSO_SSO_AND_FEDERATION_AUTHN_RESPONSE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */ 
+
+#include <lasso/xml/lib_authn_response.h>
+
+#define LASSO_TYPE_AUTHN_RESPONSE (lasso_authn_response_get_type())
+#define LASSO_AUTHN_RESPONSE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_AUTHN_RESPONSE, LassoAuthnResponse))
+#define LASSO_AUTHN_RESPONSE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_AUTHN_RESPONSE, LassoAuthnResponseClass))
+#define LASSO_IS_AUTHN_RESPONSE(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_AUTHN_RESPONSE))
+#define LASSP_IS_AUTHN_RESPONSE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_AUTHN_RESPONSE))
+#define LASSO_AUTHN_RESPONSE_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_AUTHN_RESPONSE, LassoAuthnResponseClass)) 
+
+typedef struct _LassoAuthnResponse LassoAuthnResponse;
+typedef struct _LassoAuthnResponseClass LassoAuthnResponseClass;
+
+struct _LassoAuthnResponse {
+  LassoLibAuthnResponse parent;
+  /*< public >*/
+  xmlChar  *request_query;
+  gboolean  mustAuthenticate;
+  /*< private >*/
+};
+
+struct _LassoAuthnResponseClass {
+  LassoLibAuthnResponseClass parent;
+};
+
+LASSO_EXPORT GType      lasso_authn_response_get_type          (void);
+LASSO_EXPORT LassoNode* lasso_authn_response_new               (const xmlChar     *providerID);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __LASSO_SSO_AND_FEDERATION_AUTHN_RESPONSE_H__ */
diff --git a/lasso/Attic/protocols/protocols.c b/lasso/Attic/protocols/protocols.c
new file mode 100644
index 00000000..86082120
--- /dev/null
+++ b/lasso/Attic/protocols/protocols.c
@@ -0,0 +1,103 @@
+/* $Id$ 
+ *
+ * Lasso - A free implementation of the Liberty Alliance specifications.
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ * 
+ * Authors: Valery Febvre   <vfebvre@easter-eggs.com>
+ *          Nicolas Clapies <nclapies@entrouvert.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include <lasso/protocols/protocols.h>
+
+gint lasso_authn_request_signature_verify(xmlChar *query,
+					  const xmlChar *public_key_file,
+					  const xmlChar *private_key_file)
+{
+  return (lasso_str_verify(query, public_key_file, private_key_file));
+}
+
+gboolean
+lasso_authn_request_must_authenticate(xmlChar  *query,
+				      gboolean  is_authenticated)
+{
+  GData    *gd;
+  gboolean  must_authenticate = FALSE;
+  /* default values for ForceAuthn and IsPassive */
+  gboolean forceAuthn = FALSE;
+  gboolean isPassive  = TRUE;
+
+  gd = lasso_query_to_dict(query);
+  /* Get ForceAuthn and IsPassive */
+  if (xmlStrEqual(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0), "true")){
+    forceAuthn = TRUE;
+  }
+  if (xmlStrEqual((xmlChar *)lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0), "false")) {
+    isPassive = FALSE;
+  }
+
+  if ((forceAuthn == TRUE || is_authenticated == FALSE) && isPassive == FALSE) {
+    must_authenticate = TRUE;
+  }
+
+  g_datalist_clear(&gd);
+  return (must_authenticate);
+}
+
+lassoAuthnRequestCtx *
+lasso_process_authn_request_query(xmlChar       *query,
+				  gboolean       verify_signature,
+				  const xmlChar *public_key_file,
+				  const xmlChar *private_key_file,
+				  gboolean       is_authenticated) {
+  lassoAuthnRequestCtx *ctx;
+  GData                *gd;
+  /* default values for ForceAuthn and IsPassive */
+  gboolean forceAuthn = FALSE;
+  gboolean isPassive  = TRUE;
+
+  ctx = g_new (lassoAuthnRequestCtx, 1);
+
+  if (verify_signature == TRUE) {
+    /* private_key_file is an IDP private key only used to rebuild digestValue
+       and verify signatureValue in query */
+    ctx->signature_is_valid = lasso_str_verify(query,
+					       public_key_file,
+					       private_key_file);
+  }
+  else {
+    ctx->signature_is_valid = -1;
+  }
+
+  gd = lasso_query_to_dict(query);
+  /* Get ForceAuthn and IsPassive */
+  if (xmlStrEqual(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0), "true")){
+    forceAuthn = TRUE;
+  }
+  if (xmlStrEqual((xmlChar *)lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0), "false")) {
+    isPassive = FALSE;
+  }
+
+  ctx->must_authenticate = FALSE;
+  if ((forceAuthn == TRUE || is_authenticated == FALSE) && isPassive == FALSE) {
+    ctx->must_authenticate = TRUE;
+  }
+
+  g_datalist_clear(&gd);
+  return (ctx);
+}
diff --git a/lasso/Attic/protocols/protocols.h b/lasso/Attic/protocols/protocols.h
index af6ce80f..0b157f0b 100644
--- a/lasso/Attic/protocols/protocols.h
+++ b/lasso/Attic/protocols/protocols.h
@@ -38,6 +38,19 @@ extern "C" {
 #include <lasso/xml/lib_register_name_identifier_request.h>
 #include <lasso/xml/lib_register_name_identifier_response.h>
 
+typedef struct _lassoAuthnRequestCtx lassoAuthnRequestCtx;
+struct _lassoAuthnRequestCtx {
+  gboolean  must_authenticate;
+  gboolean  signature_is_valid;
+};
+
+LASSO_EXPORT gint lasso_authn_request_signature_verify(xmlChar *query,
+						       const xmlChar *public_key_file,
+						       const xmlChar *private_key_file);
+
+LASSO_EXPORT gboolean lasso_authn_request_must_authenticate(xmlChar  *query,
+							    gboolean  is_authenticated);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */