extra checks to pass negative testing steps

author: Frederic Peters <fpeters@entrouvert.com> 2006-11-28 10:47:31 +0000
committer: Frederic Peters <fpeters@entrouvert.com> 2006-11-28 10:47:31 +0000
commit: 166cff941716b236a7d2602562d7c2ecadd8e908 (patch)
tree: ccca6a7b37e7f61700feb4305034be418566d20e
parent: e51ab22b76a139f4e2a573ca69f4ae7f1e5ebfc4 (diff)
download: lasso-166cff941716b236a7d2602562d7c2ecadd8e908.tar.gz
lasso-166cff941716b236a7d2602562d7c2ecadd8e908.tar.xz
lasso-166cff941716b236a7d2602562d7c2ecadd8e908.zip
9 files changed, 95 insertions, 2 deletions
diff --git a/lasso/errors.c b/lasso/errors.c
index 893ba39d..c8a5e615 100644
--- a/lasso/errors.c
+++ b/lasso/errors.c
@@ -169,6 +169,8 @@ lasso_strerror(int error_code)
 			return "Request denied";
 		case LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT:
 			return "No default endpoint";
+		case LASSO_LOGIN_ERROR_ASSERTION_REPLAY:
+			return "Assertion replay";
 
 		case LASSO_SOAP_FAULT_REDIRECT_REQUEST:
 			return "Redirect request from Attribute Provider";
diff --git a/lasso/errors.h b/lasso/errors.h
index d928738e..6bf76bc9 100644
--- a/lasso/errors.h
+++ b/lasso/errors.h
@@ -112,6 +112,7 @@
 #define LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS             607
 #define LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL              608
 #define LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT		 609
+#define LASSO_LOGIN_ERROR_ASSERTION_REPLAY		 610
 
 /* Federation Termination Notification */
 #define LASSO_DEFEDERATION_ERROR_MISSING_NAME_IDENTIFIER  -700
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c
index c0da988c..7de28c2f 100644
--- a/lasso/saml-2.0/login.c
+++ b/lasso/saml-2.0/login.c
@@ -554,8 +554,7 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 	assertion->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string(
 			LASSO_PROVIDER(profile->server)->ProviderID));
 	assertion->Conditions = LASSO_SAML2_CONDITIONS(lasso_saml2_conditions_new());
-	assertion->Conditions->NotBefore = g_strdup(notBefore);
-	assertion->Conditions->NotOnOrAfter = g_strdup(notOnOrAfter);
+
 	audience_restriction = LASSO_SAML2_AUDIENCE_RESTRICTION(
 			lasso_saml2_audience_restriction_new());
 	audience_restriction->Audience = g_strdup(profile->remote_providerID);
@@ -570,6 +569,10 @@ lasso_saml20_login_build_assertion(LassoLogin *login,
 	assertion->Subject->SubjectConfirmation->SubjectConfirmationData = 
 		LASSO_SAML2_SUBJECT_CONFIRMATION_DATA(
 			lasso_saml2_subject_confirmation_data_new());
+	assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotBefore = g_strdup(
+		notBefore);
+	assertion->Subject->SubjectConfirmation->SubjectConfirmationData->NotOnOrAfter = g_strdup(
+		notOnOrAfter);
 
 	provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID);
 
@@ -1033,6 +1036,7 @@ lasso_saml20_login_accept_sso(LassoLogin *login)
 {
 	LassoProfile *profile;
 	LassoSaml2Assertion *assertion;
+	GList *previous_assertions, *t;
 	LassoSaml2NameID *ni, *idp_ni = NULL;
 	LassoFederation *federation;
 
@@ -1044,6 +1048,24 @@ lasso_saml20_login_accept_sso(LassoLogin *login)
 	if (assertion == NULL)
 		return LASSO_PROFILE_ERROR_MISSING_ASSERTION;
 
+	previous_assertions = lasso_session_get_assertions(profile->session,
+			profile->remote_providerID);
+	for (t = previous_assertions; t; t = g_list_next(t)) {
+		LassoSaml2Assertion *ta;
+
+		if (! LASSO_IS_SAML2_ASSERTION(t->data)) {
+			continue;
+		}
+
+		ta = t->data;
+
+		if (strcmp(ta->ID, assertion->ID) == 0) {
+			g_list_free(previous_assertions);
+			return LASSO_LOGIN_ERROR_ASSERTION_REPLAY;
+		}
+	}
+	g_list_free(previous_assertions);
+
 	lasso_session_add_assertion(profile->session, profile->remote_providerID,
 			g_object_ref(assertion));
 
diff --git a/swig/Lasso.i b/swig/Lasso.i
index 7882b47f..a9bd17f4 100644
--- a/swig/Lasso.i
+++ b/swig/Lasso.i
@@ -1115,6 +1115,7 @@ typedef enum {
 %rename(LOGIN_ERROR_STATUS_NOT_SUCCESS) LASSO_LOGIN_ERROR_STATUS_NOT_SUCCESS;
 %rename(LOGIN_ERROR_UNKNOWN_PRINCIPAL) LASSO_LOGIN_ERROR_UNKNOWN_PRINCIPAL;
 %rename(LOGIN_ERROR_NO_DEFAULT_ENDPOINT) LASSO_LOGIN_ERROR_NO_DEFAULT_ENDPOINT;
+%rename(LOGIN_ERROR_ASSERTION_REPLAY) LASSO_LOGIN_ERROR_ASSERTION_REPLAY;
 #endif
 
 /* Federation Termination Notification */
diff --git a/swig/saml-2.0/saml2_audience_restriction.i b/swig/saml-2.0/saml2_audience_restriction.i
index 5b635ce8..8290db4b 100644
--- a/swig/saml-2.0/saml2_audience_restriction.i
+++ b/swig/saml-2.0/saml2_audience_restriction.i
@@ -3,6 +3,9 @@
 %rename(Saml2AudienceRestriction) LassoSaml2AudienceRestriction;
 #endif
 typedef struct {
+#ifndef SWIGPHP4
+	%rename(audience) Audience;
+#endif
 	char *Audience;
 } LassoSaml2AudienceRestriction;
 %extend LassoSaml2AudienceRestriction {
diff --git a/swig/saml-2.0/saml2_conditions.i b/swig/saml-2.0/saml2_conditions.i
index 30cc9daf..05b60f99 100644
--- a/swig/saml-2.0/saml2_conditions.i
+++ b/swig/saml-2.0/saml2_conditions.i
@@ -3,11 +3,27 @@
 %rename(Saml2Conditions) LassoSaml2Conditions;
 #endif
 typedef struct {
+#ifndef SWIG_PHP4
+	%rename(notBefore) NotBefore;
+#endif
 	char *NotBefore;
+#ifndef SWIG_PHP4
+	%rename(notOnOrAfter) NotOnOrAfter;
+#endif
 	char *NotOnOrAfter;
 } LassoSaml2Conditions;
 %extend LassoSaml2Conditions {
+#ifndef SWIGPHP4
+	%rename(condition) Condition;
+#endif
+	%newobject Condition_get;
+	LassoNodeList *Condition;
 
+#ifndef SWIGPHP4
+	%rename(audienceRestriction) AudienceRestriction;
+#endif
+	%newobject AudienceRestriction_get;
+	LassoNodeList *AudienceRestriction;
 
 	/* Constructor, Destructor & Static Methods */
 	LassoSaml2Conditions();
@@ -20,6 +36,22 @@ typedef struct {
 
 %{
 
+/* Condition */
+
+#define LassoSaml2Conditions_get_Condition(self) get_node_list((self)->Condition)
+#define LassoSaml2Conditions_Condition_get(self) get_node_list((self)->Condition)
+#define LassoSaml2Conditions_set_Condition(self, value) set_node_list(&(self)->Condition, (value))
+#define LassoSaml2Conditions_Condition_set(self, value) set_node_list(&(self)->Condition, (value))
+
+/* AudienceRestriction */
+
+#define LassoSaml2Conditions_get_AudienceRestriction(self) get_node_list((self)->AudienceRestriction)
+#define LassoSaml2Conditions_AudienceRestriction_get(self) get_node_list((self)->AudienceRestriction)
+#define LassoSaml2Conditions_set_AudienceRestriction(self, value) set_node_list(&(self)->AudienceRestriction, (value))
+#define LassoSaml2Conditions_AudienceRestriction_set(self, value) set_node_list(&(self)->AudienceRestriction, (value))
+
+
+
 
 /* Constructors, destructors & static methods implementations */
 
diff --git a/swig/saml-2.0/saml2_subject_confirmation.i b/swig/saml-2.0/saml2_subject_confirmation.i
index 55a6ea4c..42454972 100644
--- a/swig/saml-2.0/saml2_subject_confirmation.i
+++ b/swig/saml-2.0/saml2_subject_confirmation.i
@@ -3,6 +3,9 @@
 %rename(Saml2SubjectConfirmation) LassoSaml2SubjectConfirmation;
 #endif
 typedef struct {
+#ifndef SWIGPHP4
+	%rename(method) Method;
+#endif
 	char *Method;
 } LassoSaml2SubjectConfirmation;
 %extend LassoSaml2SubjectConfirmation {
diff --git a/swig/saml-2.0/saml2_subject_confirmation_data.i b/swig/saml-2.0/saml2_subject_confirmation_data.i
index db587cd5..359d1690 100644
--- a/swig/saml-2.0/saml2_subject_confirmation_data.i
+++ b/swig/saml-2.0/saml2_subject_confirmation_data.i
@@ -3,10 +3,25 @@
 %rename(Saml2SubjectConfirmationData) LassoSaml2SubjectConfirmationData;
 #endif
 typedef struct {
+#ifndef SWIG_PHP4
+	%rename(notBefore) NotBefore;
+#endif
 	char *NotBefore;
+#ifndef SWIG_PHP4
+	%rename(notOnOrAfter) NotOnOrAfter;
+#endif
 	char *NotOnOrAfter;
+#ifndef SWIG_PHP4
+	%rename(recipient) Recipient;
+#endif
 	char *Recipient;
+#ifndef SWIG_PHP4
+	%rename(inResponseTo) InResponseTo;
+#endif
 	char *InResponseTo;
+#ifndef SWIG_PHP4
+	%rename(address) Address;
+#endif
 	char *Address;
 } LassoSaml2SubjectConfirmationData;
 %extend LassoSaml2SubjectConfirmationData {
diff --git a/swig/saml-2.0/samlp2_response.i b/swig/saml-2.0/samlp2_response.i
index d7a9524f..a1fe78f1 100644
--- a/swig/saml-2.0/samlp2_response.i
+++ b/swig/saml-2.0/samlp2_response.i
@@ -50,6 +50,12 @@ typedef struct {
 #endif
 	char *Consent;
 
+#ifndef SWIGPHP4
+	%rename(assertion) Assertion;
+#endif
+	%newobject Assertion_get;
+	LassoNodeList *Assertion;
+
 	/* Constructor, Destructor & Static Methods */
 	LassoSamlp2Response();
 	~LassoSamlp2Response();
@@ -136,6 +142,14 @@ typedef struct {
 #define LassoSamlp2Response_Consent_set(self,value) set_string(&LASSO_SAMLP2_STATUS_RESPONSE(self)->Consent, (value))
 
 
+/* Assertion */
+
+#define LassoSamlp2Response_get_Assertion(self) get_node_list((self)->Assertion)
+#define LassoSamlp2Response_Assertion_get(self) get_node_list((self)->Assertion)
+#define LassoSamlp2Response_set_Assertion(self, value) set_node_list(&(self)->Assertion, (value))
+#define LassoSamlp2Response_Assertion_set(self, value) set_node_list(&(self)->Assertion, (value))
+
+
 /* Constructors, destructors & static methods implementations */
 
 #define new_LassoSamlp2Response lasso_samlp2_response_new
author	Frederic Peters <fpeters@entrouvert.com>	2006-11-28 10:47:31 +0000
committer	Frederic Peters <fpeters@entrouvert.com>	2006-11-28 10:47:31 +0000
commit	166cff941716b236a7d2602562d7c2ecadd8e908 (patch)
tree	ccca6a7b37e7f61700feb4305034be418566d20e
parent	e51ab22b76a139f4e2a573ca69f4ae7f1e5ebfc4 (diff)
download	lasso-166cff941716b236a7d2602562d7c2ecadd8e908.tar.gz lasso-166cff941716b236a7d2602562d7c2ecadd8e908.tar.xz lasso-166cff941716b236a7d2602562d7c2ecadd8e908.zip