move session storage of assertion for SAML ID-WSF authentication of request to xmlNode instead of LassoNode; add error handling when no description has been found in comply_with_saml_authentication

author: Benjamin Dauvergne <bdauvergne@entrouvert.com> 2008-08-01 14:09:49 +0000
committer: Benjamin Dauvergne <bdauvergne@entrouvert.com> 2008-08-01 14:09:49 +0000
commit: 558bdb7074d0e3d64e56b9889daab443cb47035e (patch)
tree: 7eb8780d68021a8624adb452a4b16c169293771e
parent: e4fda38df5db9567ab84939d0bb0fd087377e060 (diff)
download: lasso-558bdb7074d0e3d64e56b9889daab443cb47035e.tar.gz
lasso-558bdb7074d0e3d64e56b9889daab443cb47035e.tar.xz
lasso-558bdb7074d0e3d64e56b9889daab443cb47035e.zip
4 files changed, 81 insertions, 41 deletions
diff --git a/lasso/id-ff/session.c b/lasso/id-ff/session.c
index 7729222b..7a0534e9 100644
--- a/lasso/id-ff/session.c
+++ b/lasso/id-ff/session.c
@@ -32,6 +32,7 @@
 #include <lasso/id-ff/sessionprivate.h>
 #include <lasso/xml/saml_assertion.h>
 #include <lasso/xml/saml-2.0/saml2_assertion.h>
+#include "../utils.h"
 
 #ifdef LASSO_WSF_ENABLED
 #include <lasso/id-wsf-2.0/session.h>
@@ -62,7 +63,6 @@ gint
 lasso_session_add_assertion(LassoSession *session, const char *providerID, LassoNode *assertion)
 {
 	gint ret = 0;
-	gchar *id = NULL;
 
 	g_return_val_if_fail(LASSO_IS_SESSION(session), LASSO_PARAM_ERROR_INVALID_VALUE);
 	g_return_val_if_fail(providerID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
@@ -70,14 +70,6 @@ lasso_session_add_assertion(LassoSession *session, const char *providerID, Lasso
 
 	g_hash_table_insert(session->assertions, g_strdup(providerID), g_object_ref(assertion));
 
-	if (LASSO_IS_SAML_ASSERTION(assertion)) {
-		id = LASSO_SAML_ASSERTION(assertion)->AssertionID;
-	}
-	if (LASSO_IS_SAML2_ASSERTION(assertion)) {
-		id = LASSO_SAML2_ASSERTION(assertion)->ID;
-	}
-	lasso_session_add_assertion_with_id(session, id, assertion);
-
 	session->is_dirty = TRUE;
 
 	return ret;
@@ -96,7 +88,7 @@ lasso_session_add_assertion(LassoSession *session, const char *providerID, Lasso
  */
 gint
 lasso_session_add_assertion_with_id(LassoSession *session, const char *assertionID,
-	LassoNode *assertion)
+	xmlNode *assertion)
 {
 	g_return_val_if_fail(LASSO_IS_SESSION(session), LASSO_PARAM_ERROR_INVALID_VALUE);
 	g_return_val_if_fail(assertionID != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
@@ -104,7 +96,7 @@ lasso_session_add_assertion_with_id(LassoSession *session, const char *assertion
 
 	g_hash_table_insert(session->private_data->assertions_by_id, 
 			g_strdup(assertionID),
-			g_object_ref(assertion));
+			xmlCopyNode(assertion, 1));
 
 	session->is_dirty = TRUE;
 
@@ -166,7 +158,7 @@ lasso_session_get_assertion(LassoSession *session, const gchar *providerID)
  *      #LassoSamlAssertion is internally allocated and must not be freed by
  *      the caller.
  */
-LassoNode*
+xmlNode*
 lasso_session_get_assertion_by_id(LassoSession *session, const gchar *assertionID)
 {
 	g_return_val_if_fail(LASSO_IS_SESSION(session), NULL);
@@ -449,19 +441,40 @@ lasso_session_get_assertion_identity_token(LassoSession *session, const gchar *s
 
 static LassoNodeClass *parent_class = NULL;
 
+struct DumpContext {
+	xmlNode *parent;
+};
+
 static void
-add_assertion_childnode(gchar *key, LassoLibAssertion *value, xmlNode *xmlnode)
+add_assertion_childnode(gchar *key, LassoLibAssertion *value, struct DumpContext *context)
 {
 	xmlNode *t;
+	xmlNode *xmlnode;
+
+	xmlnode = context->parent;
 	t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"Assertion", NULL);
 	xmlSetProp(t, (xmlChar*)"RemoteProviderID", (xmlChar*)key);
 	xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
 }
 
 static void
-add_status_childnode(gchar *key, LassoSamlpStatus *value, xmlNode *xmlnode)
+add_assertion_by_id(gchar *key, xmlNode *value, struct DumpContext *context)
+{
+	xmlNode *t, *xmlnode;
+
+	xmlnode = context->parent;
+	t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"Assertion", NULL);
+	xmlSetProp(t, (xmlChar*)"ID", (xmlChar*)key);
+	xmlAddChild(t, xmlCopyNode(value, 1));
+}
+
+static void
+add_status_childnode(gchar *key, LassoSamlpStatus *value, struct DumpContext *context)
 {
 	xmlNode *t;
+	xmlNode *xmlnode;
+
+	xmlnode = context->parent;
 	t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"Status", NULL);
 	xmlSetProp(t, (xmlChar*)"RemoteProviderID", (xmlChar*)key);
 	xmlAddChild(t, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
@@ -469,8 +482,11 @@ add_status_childnode(gchar *key, LassoSamlpStatus *value, xmlNode *xmlnode)
 
 #ifdef LASSO_WSF_ENABLED
 static void
-add_childnode_from_hashtable(gchar *key, LassoNode *value, xmlNode *xmlnode)
+add_childnode_from_hashtable(gchar *key, LassoNode *value, struct DumpContext *context)
 {
+	xmlNode *xmlnode;
+
+	xmlnode = context->parent;
 	xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
 }
 #endif
@@ -480,28 +496,36 @@ get_xmlNode(LassoNode *node, gboolean lasso_dump)
 {
 	xmlNode *xmlnode;
 	LassoSession *session = LASSO_SESSION(node);
+	struct DumpContext context;
 #ifdef LASSO_WSF_ENABLED
 	xmlNode *t;
 #endif
 
 	xmlnode = xmlNewNode(NULL, (xmlChar*)"Session");
+	context.parent = xmlnode;
+
 	xmlSetNs(xmlnode, xmlNewNs(xmlnode, (xmlChar*)LASSO_LASSO_HREF, NULL));
 	xmlSetProp(xmlnode, (xmlChar*)"Version", (xmlChar*)"2");
 
 	if (g_hash_table_size(session->assertions))
 		g_hash_table_foreach(session->assertions,
-				(GHFunc)add_assertion_childnode, xmlnode);
+				(GHFunc)add_assertion_childnode, &context);
 	if (g_hash_table_size(session->private_data->status))
 		g_hash_table_foreach(session->private_data->status,
-				(GHFunc)add_status_childnode, xmlnode);
+				(GHFunc)add_status_childnode, &context);
+	if (g_hash_table_size(session->private_data->assertions_by_id)) {
+		g_hash_table_foreach(session->private_data->assertions_by_id,
+				(GHFunc)add_assertion_by_id, &context);
+	}
 
 #ifdef LASSO_WSF_ENABLED
 	/* Endpoint References */
 	if (session->private_data->eprs != NULL
 			&& g_hash_table_size(session->private_data->eprs)) {
 		t = xmlNewTextChild(xmlnode, NULL, (xmlChar*)"EndpointReferences", NULL);
+		context.parent = t;
 		g_hash_table_foreach(session->private_data->eprs,
-				(GHFunc)add_childnode_from_hashtable, t);
+				(GHFunc)add_childnode_from_hashtable, &context);
 	}
 #endif
 
@@ -531,11 +555,17 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode)
 			
 			if (n) {
 				LassoNode *assertion;
-
-				assertion = lasso_node_new_from_xmlNode(n);
-				g_hash_table_insert(session->assertions,
-						xmlGetProp(t, (xmlChar*)"RemoteProviderID"),
-						assertion);
+				xmlChar* value;
+				
+				if ((value = xmlGetProp(t, (xmlChar*)"RemoteProviderID"))) {
+
+					assertion = lasso_node_new_from_xmlNode(n);
+					lasso_session_add_assertion(session, (char*)value, assertion);
+					xmlFree(value);
+				} else if ((value = xmlGetProp(t, (xmlChar*)"ID"))) {
+					lasso_session_add_assertion_with_id(session, (char*)value, n);
+					xmlFree(value);
+				}
 			}
 		}
 		if (strcmp((char*)t->name, "Status") == 0) {
@@ -601,6 +631,9 @@ dispose(GObject *object)
 	g_list_free(session->private_data->providerIDs);
 	session->private_data->providerIDs = NULL;
 
+	g_hash_table_destroy(session->private_data->assertions_by_id);
+	session->private_data->assertions_by_id = NULL;
+
 #ifdef LASSO_WSF_ENABLED	
 	g_hash_table_destroy(session->private_data->eprs);
 	session->private_data->eprs = NULL;
@@ -636,7 +669,7 @@ instance_init(LassoSession *session)
 	session->private_data->assertions_by_id = 
 			g_hash_table_new_full(g_str_hash, g_str_equal,
 					(GDestroyNotify)g_free,
-					(GDestroyNotify)g_object_unref);
+					(GDestroyNotify)xmlFree);
 #ifdef LASSO_WSF_ENABLED
 	session->private_data->eprs = g_hash_table_new_full(g_str_hash, g_str_equal,
 			(GDestroyNotify)g_free,
diff --git a/lasso/id-ff/sessionprivate.h b/lasso/id-ff/sessionprivate.h
index 20204264..1d00f9c0 100644
--- a/lasso/id-ff/sessionprivate.h
+++ b/lasso/id-ff/sessionprivate.h
@@ -50,11 +50,11 @@ gint lasso_session_add_assertion(LassoSession *session,
 gint lasso_session_add_status(LassoSession *session,
 		const char *providerID, LassoNode *status);
 gint lasso_session_add_assertion_with_id(LassoSession *session, 
-		const char *assertionID, LassoNode *assertion);
+		const char *assertionID, xmlNode *assertion);
 
 LassoNode* lasso_session_get_assertion(
 		LassoSession *session, const gchar *providerID);
-LassoNode* lasso_session_get_assertion_by_id(
+xmlNode* lasso_session_get_assertion_by_id(
 		LassoSession *session, const gchar *assertionID);
 LassoNode* lasso_session_get_status(
 		LassoSession *session, const gchar *providerID);
diff --git a/lasso/id-wsf/discovery.c b/lasso/id-wsf/discovery.c
index ddfe9bf1..3b13e1dc 100644
--- a/lasso/id-wsf/discovery.c
+++ b/lasso/id-wsf/discovery.c
@@ -929,11 +929,8 @@ lasso_discovery_build_response_msg(LassoDiscovery *discovery)
 }
 
 const char*
-get_assertion_id(LassoNode *node) {
-	if (LASSO_IS_SAML_ASSERTION(node)) {
-		return LASSO_SAML_ASSERTION(node)->AssertionID;
-	}
-	return NULL;
+get_assertion_id(xmlNode *node) {
+	return (char*)xmlGetProp(node, (xmlChar*)"AssertionID");
 }
 
 /**
@@ -972,13 +969,15 @@ lasso_discovery_process_query_response_msg(LassoDiscovery *discovery, const gcha
 	if (response->Credentials) {
 		GList *assertions = response->Credentials->any;
 		for (; assertions; assertions = g_list_next(assertions)) {
-			if (LASSO_IS_SAML_ASSERTION(assertions->data) == FALSE) {
+			xmlNode *assertion = (xmlNode*)assertions->data;
+			if (! (assertion->type == XML_ELEMENT_NODE &&
+				strcmp((char*)assertion->name, "Assertion") == 0)) {
 				continue;
 			}
 			if (profile->session) {
 				lasso_session_add_assertion_with_id(profile->session,
-						get_assertion_id(assertions->data),
-						assertions->data);
+						get_assertion_id(assertion),
+						assertion);
 			} else {
 				rc = LASSO_PROFILE_ERROR_SESSION_NOT_FOUND;
 				goto exit;
diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
index a4b76c9a..348d2945 100644
--- a/lasso/id-wsf/wsf_profile.c
+++ b/lasso/id-wsf/wsf_profile.c
@@ -97,31 +97,39 @@ lasso_wsf_profile_comply_with_saml_authentication(LassoWsfProfile *profile)
 	LassoSoapEnvelope *soap;
 	LassoSoapHeader *header;
 	LassoWsseSecurity *wsse_security;
-	LassoSamlAssertion *assertion;
 	LassoSession *session;
 	LassoDiscoDescription *description;
 	GList *credentialRefs;
+	gint ret = 0;
 
 	wsse_security = lasso_wsse_security_new();
 	session = profile->session;
 	description = lasso_wsf_profile_get_description(profile);
 	/* Lookup in the session the credential ref from the description and
-         * add them to the SOAP header wsse:Security. */
+	 * add them to the SOAP header wsse:Security. */
 	/* FIXME: should we really add every credentials to the message ? */
+	if (description == NULL) {
+		ret = LASSO_WSF_PROFILE_ERROR_MISSING_DESCRIPTION;
+		goto exit;
+	}
 	credentialRefs = description->CredentialRef;
 	while (credentialRefs) {
 		char *ref = (char*)credentialRefs->data;
-		assertion = LASSO_SAML_ASSERTION(
-			lasso_session_get_assertion_by_id(session, ref));
-		if (LASSO_IS_SAML_ASSERTION(assertion)) {
-			g_list_add_gobject(wsse_security->any, assertion);
+		xmlNode *assertion = lasso_session_get_assertion_by_id(session, ref);
+		if (assertion) {
+			g_list_add(wsse_security->any, assertion);
 		}
 		credentialRefs = g_list_next(credentialRefs);
 	}
 	soap = profile->soap_envelope_request;
 	header = soap->Header;
 	g_list_add_gobject(header->Other, wsse_security);
-	return 0;
+	wsse_security = NULL;
+exit:
+	if (wsse_security) {
+		g_release_gobject(wsse_security);
+	}
+	return ret;
 }
 
 /**
author	Benjamin Dauvergne <bdauvergne@entrouvert.com>	2008-08-01 14:09:49 +0000
committer	Benjamin Dauvergne <bdauvergne@entrouvert.com>	2008-08-01 14:09:49 +0000
commit	558bdb7074d0e3d64e56b9889daab443cb47035e (patch)
tree	7eb8780d68021a8624adb452a4b16c169293771e
parent	e4fda38df5db9567ab84939d0bb0fd087377e060 (diff)
download	lasso-558bdb7074d0e3d64e56b9889daab443cb47035e.tar.gz lasso-558bdb7074d0e3d64e56b9889daab443cb47035e.tar.xz lasso-558bdb7074d0e3d64e56b9889daab443cb47035e.zip