diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-02-22 13:30:29 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-02-22 13:30:29 +0000 |
| commit | 597eaf5cdc2e47cfbb63a2957dc06d29cbf407fc (patch) | |
| tree | a18d60358bf787b1087e3d1c9403a011f10dcfda | |
| parent | 09a546e9cb9e840e22e939124892a6f51bd6e615 (diff) | |
| download | lasso-597eaf5cdc2e47cfbb63a2957dc06d29cbf407fc.tar.gz lasso-597eaf5cdc2e47cfbb63a2957dc06d29cbf407fc.tar.xz lasso-597eaf5cdc2e47cfbb63a2957dc06d29cbf407fc.zip | |
SAML 2.0: add lasso_saml2_encrypted_element_server_decrypt and lasso_saml2_assertion_decrypt_subject
| -rw-r--r-- | lasso/saml-2.0/saml2_helper.c | 43 | ||||
| -rw-r--r-- | lasso/saml-2.0/saml2_helper.h | 7 |
2 files changed, 50 insertions, 0 deletions
diff --git a/lasso/saml-2.0/saml2_helper.c b/lasso/saml-2.0/saml2_helper.c index 9054d0a0..5148b486 100644 --- a/lasso/saml-2.0/saml2_helper.c +++ b/lasso/saml-2.0/saml2_helper.c @@ -24,6 +24,8 @@ #include "./saml2_helper.h" +#include "../id-ff/server.h" +#include "../id-ff/serverprivate.h" #include "../xml/saml-2.0/saml2_audience_restriction.h" #include "../xml/saml-2.0/saml2_one_time_use.h" #include "../xml/saml-2.0/saml2_proxy_restriction.h" @@ -547,3 +549,44 @@ lasso_saml2_assertion_get_in_response_to(LassoSaml2Assertion *assertion) return NULL; return scd->InResponseTo; } + +/** + * lasso_saml2_encrypted_element_server_decrypt: + * @encrypted_element: + * @server: a #LassoServer object + * @decrypted_node:(out): an output arg for a #LassoNode + * + * Decrypt the given encrypted element using the encryption private key of the @server object + * + * Return value: 0 if successful, an error code otherwise. See + * lasso_saml2_encrypted_element_server_decrypt(). + */ +int +lasso_saml2_encrypted_element_server_decrypt(LassoSaml2EncryptedElement* encrypted_element, LassoServer *server, LassoNode** decrypted_node) +{ + lasso_bad_param(SERVER, server); + + return lasso_saml2_encrypted_element_decrypt(encrypted_element, lasso_server_get_encryption_private_key(server), decrypted_node); +} + +/** + * lasso_saml2_assertion_decrypt_subject: + * @assertion: a #LassoSaml2Assertion object + * @server: a #LassoServer object + * + * Decipher (if needed) the EncryptedID of the Subject. + * + * Return value: 0 if successful, an error code otherwise. See + * lasso_saml2_encrypted_element_server_decrypt(). + */ +int +lasso_saml2_assertion_decrypt_subject(LassoSaml2Assertion *assertion, LassoServer *server) +{ + lasso_bad_param(SAML2_ASSERTION, assertion); + lasso_bad_param(SERVER, server); + + if (assertion->Subject && ! assertion->Subject->NameID && assertion->Subject->EncryptedID) { + return lasso_saml2_encrypted_element_server_decrypt(assertion->Subject->EncryptedID, server, (LassoNode**)&assertion->Subject->NameID); + } + return 0; +} diff --git a/lasso/saml-2.0/saml2_helper.h b/lasso/saml-2.0/saml2_helper.h index 030cf440..2f6cc7d8 100644 --- a/lasso/saml-2.0/saml2_helper.h +++ b/lasso/saml-2.0/saml2_helper.h @@ -118,6 +118,13 @@ LASSO_EXPORT LassoSaml2SubjectConfirmationData* LASSO_EXPORT const char* lasso_saml2_assertion_get_in_response_to(LassoSaml2Assertion *assertion); +LASSO_EXPORT int lasso_saml2_encrypted_element_server_decrypt( + LassoSaml2EncryptedElement* encrypted_element, LassoServer *server, + LassoNode** decrypted_node); + +LASSO_EXPORT int lasso_saml2_assertion_decrypt_subject(LassoSaml2Assertion *assertion, + LassoServer *server); + #ifdef __cplusplus } #endif /* __cplusplus */ |