diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-01-12 15:39:33 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-01-12 15:39:33 +0000 |
| commit | 4fe35b69cc6f4e22a0886b64e96203c402e69f2b (patch) | |
| tree | 22d6b1297547104f723d7b92f69b4531c8c064b7 | |
| parent | 56bd9e24052092de2cfe9562320a9291974366c5 (diff) | |
| download | lasso-4fe35b69cc6f4e22a0886b64e96203c402e69f2b.tar.gz lasso-4fe35b69cc6f4e22a0886b64e96203c402e69f2b.tar.xz lasso-4fe35b69cc6f4e22a0886b64e96203c402e69f2b.zip | |
SAML 2.0: add new function to factorize adding signature to a message
| -rw-r--r-- | lasso/saml-2.0/profile.c | 50 | ||||
| -rw-r--r-- | lasso/saml-2.0/profileprivate.h | 2 |
2 files changed, 52 insertions, 0 deletions
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index 400e888c..09b82733 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -1354,3 +1354,53 @@ cleanup: lasso_release(url); return rc; } + +gint +lasso_profile_saml20_setup_message_signature(LassoProfile *profile, LassoNode *request_or_response) +{ + lasso_bad_param(PROFILE, profile); + + if (! lasso_flag_sign_messages) { + message(G_LOG_LEVEL_WARNING, "message should be signed but no-sign-messages flag is " \ + "activated, so it won't be"); + return 0; + } + if (! LASSO_IS_SERVER(profile->server)) { + return LASSO_PROFILE_ERROR_MISSING_SERVER; + } + if (! profile->server->private_key_file) { + return LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED; + } + if (LASSO_IS_SAMLP2_REQUEST_ABSTRACT(request_or_response)) { + LassoSamlp2RequestAbstract *request; + + request = (LassoSamlp2RequestAbstract*)request_or_response; + if (profile->server->certificate) { + request->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; + } else { + request->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; + } + request->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; + lasso_assign_string(request->private_key_file, + profile->server->private_key); + lasso_assign_string(request->certificate_file, + profile->server->certificate); + } else if (LASSO_IS_SAMLP2_STATUS_RESPONSE(request_or_response)) { + LassoSamlp2StatusResponse *response; + + response = (LassoSamlp2StatusResponse*)request_or_response; + if (profile->server->certificate) { + response->sign_type = LASSO_SIGNATURE_TYPE_WITHX509; + } else { + response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE; + } + response->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1; + lasso_assign_string(response->private_key_file, + profile->server->private_key); + lasso_assign_string(response->certificate_file, + profile->server->certificate); + } else { + return LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ; + } + return 0; +} diff --git a/lasso/saml-2.0/profileprivate.h b/lasso/saml-2.0/profileprivate.h index b30957ba..9fb8cc63 100644 --- a/lasso/saml-2.0/profileprivate.h +++ b/lasso/saml-2.0/profileprivate.h @@ -72,6 +72,8 @@ gint lasso_saml20_build_http_redirect_query_simple(LassoProfile *profile, LassoN gboolean must_sign, const char *profile_name, gboolean is_response); gint lasso_saml20_profile_build_http_redirect(LassoProfile *profile, LassoNode *msg, gboolean must_sign, const char *url); +gint lasso_profile_saml20_setup_message_signature(LassoProfile *profile, + LassoNode *request_or_response); #ifdef __cplusplus } |