diff options
| author | Valery Febvre <vfebvre at easter-eggs.com> | 2004-08-04 00:45:32 +0000 |
|---|---|---|
| committer | Valery Febvre <vfebvre at easter-eggs.com> | 2004-08-04 00:45:32 +0000 |
| commit | 8116061d6bd0c2825f7fe072a890151786f4fce1 (patch) | |
| tree | 708ed988df5b10b5d34a1b4037d37a5b7d6a865d | |
| parent | bad710b4e0aa661ab2d9a7d7aed95e5672221fee (diff) | |
| download | lasso-8116061d6bd0c2825f7fe072a890151786f4fce1.tar.gz lasso-8116061d6bd0c2825f7fe072a890151786f4fce1.tar.xz lasso-8116061d6bd0c2825f7fe072a890151786f4fce1.zip | |
Changed all lasso_provider_get_* methods prototype
It was added:
a 'provider_type' argument to read in the appropriate Descriptor in metadata
a 'err' argument for reporting errors
| -rw-r--r-- | lasso/Attic/protocols/provider.c | 315 | ||||
| -rw-r--r-- | lasso/Attic/protocols/provider.h | 68 | ||||
| -rw-r--r-- | lasso/id-ff/federation_termination.c | 18 | ||||
| -rw-r--r-- | lasso/id-ff/lecp.c | 8 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 75 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 20 | ||||
| -rw-r--r-- | lasso/id-ff/name_identifier_mapping.c | 12 | ||||
| -rw-r--r-- | lasso/id-ff/register_name_identifier.c | 18 |
8 files changed, 401 insertions, 133 deletions
diff --git a/lasso/Attic/protocols/provider.c b/lasso/Attic/protocols/provider.c index 26a92f9f..0ff07ce0 100644 --- a/lasso/Attic/protocols/provider.c +++ b/lasso/Attic/protocols/provider.c @@ -74,10 +74,12 @@ lasso_provider_dump(LassoProvider *provider) provider_class->add_child(provider_node, metadata_node, FALSE); lasso_node_destroy(metadata_node); if(provider->public_key != NULL) { - provider_class->set_prop(provider_node, LASSO_PROVIDER_PUBLIC_KEY_NODE, provider->public_key); + provider_class->set_prop(provider_node, LASSO_PROVIDER_PUBLIC_KEY_NODE, + provider->public_key); } if(provider->ca_certificate != NULL) { - provider_class->set_prop(provider_node, LASSO_PROVIDER_CA_CERTIFICATE_NODE, provider->ca_certificate); + provider_class->set_prop(provider_node, LASSO_PROVIDER_CA_CERTIFICATE_NODE, + provider->ca_certificate); } provider_dump = lasso_node_export(provider_node); @@ -87,83 +89,167 @@ lasso_provider_dump(LassoProvider *provider) } gchar * -lasso_provider_get_assertionConsumerServiceURL(LassoProvider *provider) +lasso_provider_get_metadata_value(LassoProvider *provider, + lassoProviderTypes provider_type, + gchar *name, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "AssertionConsumerServiceURL", NULL, NULL)); + xmlChar *value; + LassoNode *descriptor; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + if (xmlStrEqual(name, "ProviderID")) { + descriptor = lasso_node_get_child(provider->metadata, + "EntityDescriptor", NULL, NULL); + value = lasso_node_get_attr_value(descriptor, name, &tmp_err); + } + else { + switch (provider_type) { + case lassoProviderTypeSp: + descriptor = lasso_node_get_child(provider->metadata, + "SPDescriptor", NULL, NULL); + break; + case lassoProviderTypeIdp: + descriptor = lasso_node_get_child(provider->metadata, + "IDPDescriptor", NULL, NULL); + break; + } + value = lasso_node_get_child_content(descriptor, name, NULL, + &tmp_err); + } + lasso_node_destroy(descriptor); + + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_federationTerminationNotificationProtocolProfile(LassoProvider *provider) +lasso_provider_get_assertionConsumerServiceURL(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "FederationTerminationNotificationProtocolProfile", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "AssertionConsumerServiceURL", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_federationTerminationReturnServiceURL(LassoProvider *provider) +lasso_provider_get_authnRequestsSigned(LassoProvider *provider, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "FederationTerminationReturnServiceURL", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + lassoProviderTypeSp, + "AuthnRequestsSigned", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_federationTerminationServiceURL(LassoProvider *provider) +lasso_provider_get_federationTerminationNotificationProtocolProfile(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "FederationTerminationServiceURL", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "FederationTerminationNotificationProtocolProfile", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_nameIdentifierMappingProtocolProfile(LassoProvider *provider, - GError **err) +lasso_provider_get_federationTerminationReturnServiceURL(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - GError *tmp_err = NULL; xmlChar *value; + GError *tmp_err = NULL; g_return_val_if_fail (err == NULL || *err == NULL, NULL); - - value = lasso_node_get_attr_value(provider->metadata, - "NameIdentifierMappingProtocolProfile", - &tmp_err); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "FederationTerminationReturnServiceURL", + &tmp_err); if (value == NULL) { g_propagate_error (err, tmp_err); - return (NULL); } + return (value); } gchar * -lasso_provider_get_nameIdentifierMappingServiceURL(LassoProvider *provider, - GError **err) +lasso_provider_get_federationTerminationServiceURL(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - GError *tmp_err = NULL; xmlChar *value; + GError *tmp_err = NULL; g_return_val_if_fail (err == NULL || *err == NULL, NULL); - value = lasso_node_get_attr_value(provider->metadata, - "NameIdentifierMappingServiceURL", - &tmp_err); + value = lasso_provider_get_metadata_value(provider, + provider_type, + "FederationTerminationServiceURL", + &tmp_err); if (value == NULL) { g_propagate_error (err, tmp_err); - return (NULL); } + return (value); } gchar * -lasso_provider_get_nameIdentifierMappingServiceReturnURL(LassoProvider *provider, - GError **err) +lasso_provider_get_nameIdentifierMappingProtocolProfile(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - GError *tmp_err = NULL; xmlChar *value; + GError *tmp_err = NULL; g_return_val_if_fail (err == NULL || *err == NULL, NULL); - - value = lasso_node_get_attr_value(provider->metadata, - "NameIdentifierMappingServiceReturnURL", - &tmp_err); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "NameIdentifierMappingProtocolProfile", + &tmp_err); if (value == NULL) { g_propagate_error (err, tmp_err); - return (NULL); } + return (value); } @@ -171,63 +257,184 @@ gchar * lasso_provider_get_providerID(LassoProvider *provider, GError **err) { - GError *tmp_err = NULL; xmlChar *value; + GError *tmp_err = NULL; g_return_val_if_fail (err == NULL || *err == NULL, NULL); - - value = lasso_node_get_attr_value(provider->metadata, "ProviderID", - &tmp_err); + + value = lasso_provider_get_metadata_value(provider, + lassoProviderTypeSp, /* bidon */ + "ProviderID", + &tmp_err); if (value == NULL) { g_propagate_error (err, tmp_err); - return (NULL); } + return (value); } gchar * -lasso_provider_get_registerNameIdentifierProtocolProfile(LassoProvider *provider) +lasso_provider_get_registerNameIdentifierProtocolProfile(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "RegisterNameIdentifierProtocolProfile", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "RegisterNameIdentifierProtocolProfile", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_registerNameIdentifierServiceURL(LassoProvider *provider) +lasso_provider_get_registerNameIdentifierServiceURL(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "RegisterNameIdentifierServiceURL", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "RegisterNameIdentifierServiceURL", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_singleSignOnProtocolProfile(LassoProvider *provider) +lasso_provider_get_singleSignOnProtocolProfile(LassoProvider *provider, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "SingleSignOnProtocolProfile", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + lassoProviderTypeIdp, + "SingleSignOnProtocolProfile", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_singleSignOnServiceURL(LassoProvider *provider) +lasso_provider_get_singleSignOnServiceURL(LassoProvider *provider, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "SingleSignOnServiceURL", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + lassoProviderTypeIdp, + "SingleSignOnServiceURL", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } -gchar *lasso_provider_get_singleLogoutProtocolProfile(LassoProvider *provider) +gchar * +lasso_provider_get_singleLogoutProtocolProfile(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "SingleLogoutProtocolProfile", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "SingleLogoutProtocolProfile", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } -gchar *lasso_provider_get_singleLogoutServiceURL(LassoProvider *provider) +gchar *lasso_provider_get_singleLogoutServiceURL(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "SingleLogoutServiceURL", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "SingleLogoutServiceURL", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } -gchar *lasso_provider_get_singleLogoutServiceReturnURL(LassoProvider *provider) +gchar *lasso_provider_get_singleLogoutServiceReturnURL(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "SingleLogoutServiceReturnURL", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "SingleLogoutServiceReturnURL", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } gchar * -lasso_provider_get_soapEndpoint(LassoProvider *provider) +lasso_provider_get_soapEndpoint(LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err) { - return(lasso_node_get_child_content(provider->metadata, "SoapEndpoint", NULL, NULL)); + xmlChar *value; + GError *tmp_err = NULL; + + g_return_val_if_fail (err == NULL || *err == NULL, NULL); + + value = lasso_provider_get_metadata_value(provider, + provider_type, + "SoapEndpoint", + &tmp_err); + if (value == NULL) { + g_propagate_error (err, tmp_err); + } + + return (value); } void diff --git a/lasso/Attic/protocols/provider.h b/lasso/Attic/protocols/provider.h index 16bcd1d9..b3e6451f 100644 --- a/lasso/Attic/protocols/provider.h +++ b/lasso/Attic/protocols/provider.h @@ -71,55 +71,75 @@ struct _LassoProviderClass { LASSO_EXPORT GType lasso_provider_get_type (void); -LASSO_EXPORT LassoProvider *lasso_provider_new (gchar *metadata, +LASSO_EXPORT LassoProvider* lasso_provider_new (gchar *metadata, gchar *public_key, gchar *ca_certificate); -LASSO_EXPORT LassoProvider *lasso_provider_new_from_metadata_node (LassoNode *metadata_node); +LASSO_EXPORT LassoProvider* lasso_provider_new_from_metadata_node (LassoNode *metadata_node); -LASSO_EXPORT LassoProvider *lasso_provider_new_metadata_filename (gchar *metadata_filename); +LASSO_EXPORT LassoProvider* lasso_provider_new_metadata_filename (gchar *metadata_filename); LASSO_EXPORT LassoProvider* lasso_provider_copy (LassoProvider *provider); LASSO_EXPORT void lasso_provider_destroy (LassoProvider *provider); -LASSO_EXPORT gchar *lasso_provider_dump (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_dump (LassoProvider *provider); -LASSO_EXPORT gchar *lasso_provider_get_assertionConsumerServiceURL (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_assertionConsumerServiceURL (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_federationTerminationNotificationProtocolProfile (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_authnRequestsSigned (LassoProvider *provider, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_federationTerminationReturnServiceURL (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_federationTerminationNotificationProtocolProfile (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_federationTerminationServiceURL (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_federationTerminationReturnServiceURL (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_nameIdentifierMappingProtocolProfile (LassoProvider *provider, - GError **err); +LASSO_EXPORT gchar* lasso_provider_get_federationTerminationServiceURL (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_nameIdentifierMappingServiceURL (LassoProvider *provider, - GError **err); +LASSO_EXPORT gchar* lasso_provider_get_nameIdentifierMappingProtocolProfile (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_nameIdentifierMappingServiceReturnURL (LassoProvider *provider, +LASSO_EXPORT gchar* lasso_provider_get_providerID (LassoProvider *provider, GError **err); -LASSO_EXPORT gchar *lasso_provider_get_providerID (LassoProvider *provider, - GError **err); +LASSO_EXPORT gchar* lasso_provider_get_registerNameIdentifierProtocolProfile (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_registerNameIdentifierProtocolProfile (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_registerNameIdentifierServiceURL (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_registerNameIdentifierServiceURL (LassoProvider *provider); - -LASSO_EXPORT gchar *lasso_provider_get_singleSignOnProtocolProfile (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_singleSignOnProtocolProfile (LassoProvider *provider, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_singleSignOnServiceURL (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_singleSignOnServiceURL (LassoProvider *provider, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_singleLogoutProtocolProfile (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_singleLogoutProtocolProfile (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_singleLogoutServiceURL (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_singleLogoutServiceURL (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar *lasso_provider_get_singleLogoutServiceReturnURL (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_singleLogoutServiceReturnURL (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); -LASSO_EXPORT gchar* lasso_provider_get_soapEndpoint (LassoProvider *provider); +LASSO_EXPORT gchar* lasso_provider_get_soapEndpoint (LassoProvider *provider, + lassoProviderTypes provider_type, + GError **err); LASSO_EXPORT void lasso_provider_set_public_key (LassoProvider *provider, gchar *public_key); diff --git a/lasso/id-ff/federation_termination.c b/lasso/id-ff/federation_termination.c index 71bdfd4a..5d1edcb8 100644 --- a/lasso/id-ff/federation_termination.c +++ b/lasso/id-ff/federation_termination.c @@ -35,6 +35,7 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * LassoProfile *profile; LassoProvider *provider; xmlChar *protocolProfile; + lassoProviderTypes provider_type; /* use to get metadata */ g_return_val_if_fail(LASSO_IS_FEDERATION_TERMINATION(defederation), -1); @@ -46,8 +47,17 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * return(-2); } + if (profile->provider_type == lassoProviderTypeSp) { + provider_type = lassoProviderTypeIdp; + } + else { + provider_type = lassoProviderTypeSp; + } + /* get the prototocol profile of the federation termination notification */ - protocolProfile = lasso_provider_get_federationTerminationNotificationProtocolProfile(provider); + protocolProfile = lasso_provider_get_federationTerminationNotificationProtocolProfile(provider, + provider_type, + NULL); if(protocolProfile == NULL) { message(G_LOG_LEVEL_CRITICAL, "Federation termination notification protocol profile not found\n"); return(-3); @@ -56,7 +66,9 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * if(xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloSpSoap) || \ xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)) { profile->request_type = lassoHttpMethodSoap; - profile->msg_url = lasso_provider_get_federationTerminationServiceURL(provider); + profile->msg_url = lasso_provider_get_federationTerminationServiceURL(provider, + lassoProviderTypeIdp, + NULL); if(profile->msg_url == NULL) { message(G_LOG_LEVEL_CRITICAL, "Federation Termination Notification url not found\n"); return(-4); @@ -71,7 +83,7 @@ lasso_federation_termination_build_notification_msg(LassoFederationTermination * profile->server->private_key); profile->msg_body = NULL; } - else{ + else { message(G_LOG_LEVEL_CRITICAL, "Invalid protocol profile\n"); return(-5); } diff --git a/lasso/id-ff/lecp.c b/lasso/id-ff/lecp.c index 96155d8d..634847b6 100644 --- a/lasso/id-ff/lecp.c +++ b/lasso/id-ff/lecp.c @@ -104,7 +104,9 @@ lasso_lecp_init_authn_request_envelope(LassoLecp *lecp, g_return_val_if_fail(LASSO_IS_LECP(lecp), -1); - assertionConsumerServiceURL = lasso_provider_get_assertionConsumerServiceURL(LASSO_PROVIDER(server)); + assertionConsumerServiceURL = lasso_provider_get_assertionConsumerServiceURL(LASSO_PROVIDER(server), + lassoProviderTypeSp, + NULL); lecp->request = lasso_authn_request_envelope_new(authnRequest, server->providerID, @@ -140,7 +142,9 @@ lasso_lecp_init_authn_response_envelope(LassoLecp *lecp, } provider = lasso_server_get_provider(lecp->server, providerID); - assertionConsumerServiceURL = lasso_provider_get_assertionConsumerServiceURL(provider); + assertionConsumerServiceURL = lasso_provider_get_assertionConsumerServiceURL(provider, + lassoProviderTypeSp, + NULL); if(providerID == NULL) { message(G_LOG_LEVEL_CRITICAL, "AssertionConsumerServiceURL not found\n"); return(-1); diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index bb986c5f..c6ff7a8e 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -82,31 +82,31 @@ lasso_login_add_response_assertion(LassoLogin *login, const gchar *authenticationMethod, const gchar *reauthenticateOnOrAfter) { - LassoNode *assertion = NULL, *authentication_statement; + LassoNode *assertion = NULL, *as; xmlChar *requestID; GError *err = NULL; gint ret = 0; + /* get RequestID to build Assertion */ requestID = lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE(login)->request), "RequestID", &err); - if (requestID == NULL) { message(G_LOG_LEVEL_CRITICAL, err->message); ret = err->code; g_error_free(err); - return(-1); + return(ret); } - assertion = lasso_assertion_new(LASSO_PROFILE(login)->server->providerID, requestID); xmlFree(requestID); - authentication_statement = lasso_authentication_statement_new(authenticationMethod, - reauthenticateOnOrAfter, - LASSO_SAML_NAME_IDENTIFIER(federation->remote_nameIdentifier), - LASSO_SAML_NAME_IDENTIFIER(federation->local_nameIdentifier)); - if (authentication_statement != NULL) { + + as = lasso_authentication_statement_new(authenticationMethod, + reauthenticateOnOrAfter, + LASSO_SAML_NAME_IDENTIFIER(federation->remote_nameIdentifier), + LASSO_SAML_NAME_IDENTIFIER(federation->local_nameIdentifier)); + if (as != NULL) { lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion), - LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement)); + LASSO_SAML_AUTHENTICATION_STATEMENT(as)); } else { message(G_LOG_LEVEL_CRITICAL, "Failed to build the AuthenticationStatement element of the Assertion.\n"); @@ -148,7 +148,7 @@ lasso_login_add_response_assertion(LassoLogin *login, } done: - lasso_node_destroy(authentication_statement); + lasso_node_destroy(as); lasso_node_destroy(assertion); return (ret); @@ -170,11 +170,11 @@ lasso_login_process_federation(LassoLogin *login) federation = lasso_identity_get_federation(LASSO_PROFILE(login)->identity, LASSO_PROFILE(login)->remote_providerID); nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE(login)->request, - "NameIDPolicy", NULL, NULL); + "NameIDPolicy", lassoLibHRef, NULL); if (nameIDPolicy == NULL || xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone)) { if (federation == NULL) { lasso_profile_set_response_status(LASSO_PROFILE(login), - lassoLibStatusCodeFederationDoesNotExist); + lassoLibStatusCodeFederationDoesNotExist); ret = -2; goto done; } @@ -186,7 +186,7 @@ lasso_login_process_federation(LassoLogin *login) if (consent != NULL) { if (!xmlStrEqual(consent, lassoLibConsentObtained)) { lasso_profile_set_response_status(LASSO_PROFILE(login), - lassoSamlStatusCodeRequestDenied); + lassoSamlStatusCodeRequestDenied); message(G_LOG_LEVEL_WARNING, "Consent not obtained"); ret = -3; goto done; @@ -194,7 +194,7 @@ lasso_login_process_federation(LassoLogin *login) } else { lasso_profile_set_response_status(LASSO_PROFILE(login), - lassoSamlStatusCodeRequestDenied); + lassoSamlStatusCodeRequestDenied); message(G_LOG_LEVEL_WARNING, err->message); ret = err->code; g_error_free(err); @@ -440,7 +440,7 @@ lasso_login_build_artifact_msg(LassoLogin *login, remote_provider = lasso_server_get_provider(LASSO_PROFILE(login)->server, LASSO_PROFILE(login)->remote_providerID); /* liberty-idff-bindings-profiles-v1.2.pdf p.25 */ - url = lasso_provider_get_assertionConsumerServiceURL(remote_provider); + url = lasso_provider_get_assertionConsumerServiceURL(remote_provider, lassoProviderTypeSp, NULL); samlArt = g_new(gchar, 2+20+20+1); identityProviderSuccinctID = lasso_str_hash(LASSO_PROFILE(login)->server->providerID, LASSO_PROFILE(login)->server->private_key); @@ -489,42 +489,43 @@ lasso_login_build_authn_request_msg(LassoLogin *login) xmlChar *lareq = NULL; gboolean must_sign; gint ret = 0; + GError *err = NULL; provider = LASSO_PROVIDER(LASSO_PROFILE(login)->server); remote_provider = lasso_server_get_provider(LASSO_PROFILE(login)->server, LASSO_PROFILE(login)->remote_providerID); /* check if authnRequest must be signed */ - md_authnRequestsSigned = lasso_node_get_child_content(provider->metadata, - "AuthnRequestsSigned", - NULL, NULL); + md_authnRequestsSigned = lasso_provider_get_authnRequestsSigned(provider, &err); if (md_authnRequestsSigned != NULL) { must_sign = xmlStrEqual(md_authnRequestsSigned, "true"); xmlFree(md_authnRequestsSigned); } else { - /* AuthnRequestsSigned metadata is required */ - must_sign = FALSE; - message(G_LOG_LEVEL_CRITICAL, "The element 'AuthnRequestsSigned' is missing in metadata of server.\n"); - ret = -1; + /* AuthnRequestsSigned metadata is required in metadata */ + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); goto done; } /* export request depending on the request ProtocolProfile */ - request_protocolProfile = lasso_provider_get_singleSignOnProtocolProfile(remote_provider); + request_protocolProfile = lasso_provider_get_singleSignOnProtocolProfile(remote_provider, &err); if (request_protocolProfile == NULL) { /* SingleSignOnProtocolProfile metadata is required */ - message(G_LOG_LEVEL_CRITICAL, "The element 'SingleSignOnProtocolProfile' is missing in metadata of remote provider.\n"); - ret = -2; + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); goto done; } /* get SingleSignOnServiceURL metadata */ - url = lasso_provider_get_singleSignOnServiceURL(remote_provider); + url = lasso_provider_get_singleSignOnServiceURL(remote_provider, &err); if (url == NULL) { /* SingleSignOnServiceURL metadata is required */ - message(G_LOG_LEVEL_CRITICAL, "The element 'SingleSignOnServiceURL' is missing in metadata of remote provider.\n"); - ret = -3; + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); goto done; } @@ -611,7 +612,9 @@ lasso_login_build_authn_response_msg(LassoLogin *login, LASSO_PROFILE(login)->remote_providerID); /* return an authnResponse (base64 encoded) */ LASSO_PROFILE(login)->msg_body = lasso_node_export_to_base64(LASSO_PROFILE(login)->response); - LASSO_PROFILE(login)->msg_url = lasso_provider_get_assertionConsumerServiceURL(remote_provider); + LASSO_PROFILE(login)->msg_url = lasso_provider_get_assertionConsumerServiceURL(remote_provider, + lassoProviderTypeSp, + NULL); return (0); } @@ -624,7 +627,8 @@ lasso_login_build_request_msg(LassoLogin *login) remote_provider = lasso_server_get_provider(LASSO_PROFILE(login)->server, LASSO_PROFILE(login)->remote_providerID); LASSO_PROFILE(login)->msg_body = lasso_node_export_to_soap(LASSO_PROFILE(login)->request); - LASSO_PROFILE(login)->msg_url = lasso_provider_get_soapEndpoint(remote_provider); + LASSO_PROFILE(login)->msg_url = lasso_provider_get_soapEndpoint(remote_provider, + lassoProviderTypeIdp, NULL); return (0); } @@ -753,15 +757,16 @@ lasso_login_init_from_authn_request_msg(LassoLogin *login, remote_provider = lasso_server_get_provider(LASSO_PROFILE(login)->server, LASSO_PROFILE(login)->remote_providerID); /* Is authnRequest signed ? */ - md_authnRequestsSigned = lasso_node_get_child_content(remote_provider->metadata, - "AuthnRequestsSigned", NULL, NULL); + md_authnRequestsSigned = lasso_provider_get_authnRequestsSigned(remote_provider, &err); if (md_authnRequestsSigned != NULL) { must_verify_signature = xmlStrEqual(md_authnRequestsSigned, "true"); xmlFree(md_authnRequestsSigned); } else { - message(G_LOG_LEVEL_CRITICAL, "The element 'AuthnRequestsSigned' is missing in metadata of server.\n"); - return (-3); + message(G_LOG_LEVEL_CRITICAL, err->message); + ret = err->code; + g_error_free(err); + return (ret); } /* verify request signature */ diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 8e96927d..f2b0937e 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -72,15 +72,17 @@ lasso_logout_build_request_msg(LassoLogout *logout) profile = LASSO_PROFILE(logout); provider = lasso_server_get_provider(profile->server, profile->remote_providerID); - if(provider==NULL){ + if(provider == NULL) { message(G_LOG_LEVEL_CRITICAL, "Provider %s not found\n", profile->remote_providerID); return(-2); } /* get the prototocol profile of the logout request */ - protocolProfile = lasso_provider_get_singleLogoutProtocolProfile(provider); + protocolProfile = lasso_provider_get_singleLogoutProtocolProfile(provider, + lassoProviderTypeIdp, + NULL); - if(protocolProfile==NULL){ + if(protocolProfile == NULL) { message(G_LOG_LEVEL_CRITICAL, "Single Logout Protocol profile not found\n"); return(-3); } @@ -97,14 +99,18 @@ lasso_logout_build_request_msg(LassoLogout *logout) profile->server->certificate, NULL); - profile->msg_url = lasso_provider_get_soapEndpoint(provider); + profile->msg_url = lasso_provider_get_soapEndpoint(provider, + lassoProviderTypeIdp, + NULL); profile->msg_body = lasso_node_export_to_soap(profile->request); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp) || \ xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloIdpHttp)) { debug("Building a http get request message\n"); profile->request_type = lassoHttpMethodRedirect; - profile->msg_url = lasso_provider_get_singleLogoutServiceURL(provider); + profile->msg_url = lasso_provider_get_singleLogoutServiceURL(provider, + lassoProviderTypeIdp, + NULL); profile->msg_url = lasso_node_export_to_query(profile->request, profile->server->signature_method, profile->server->private_key); @@ -134,7 +140,9 @@ lasso_logout_build_response_msg(LassoLogout *logout) return(-2); } - protocolProfile = lasso_provider_get_singleLogoutProtocolProfile(provider); + protocolProfile = lasso_provider_get_singleLogoutProtocolProfile(provider, + lassoProviderTypeSp, + NULL); if(protocolProfile == NULL) { message(G_LOG_LEVEL_CRITICAL, "Single Logout Protocol profile not found\n"); return(-3); diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 4c3ba3f4..8c01bb68 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -59,7 +59,9 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp return(-2); } - protocolProfile = lasso_provider_get_nameIdentifierMappingProtocolProfile(provider, &err); + protocolProfile = lasso_provider_get_nameIdentifierMappingProtocolProfile(provider, + lassoProviderTypeIdp, + &err); if(err != NULL){ message(G_LOG_LEVEL_ERROR, err->message); ret = err->code; @@ -71,7 +73,7 @@ lasso_name_identifier_mapping_build_request_msg(LassoNameIdentifierMapping *mapp xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)) { debug("building a soap request message\n"); profile->request_type = lassoHttpMethodSoap; - profile->msg_url = lasso_provider_get_nameIdentifierMappingServiceURL(provider, NULL); + /* profile->msg_url = lasso_provider_get_nameIdentifierMappingServiceURL(provider, NULL); */ profile->msg_body = lasso_node_export_to_soap(profile->request); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp) || \ @@ -106,7 +108,9 @@ lasso_name_identifier_mapping_build_response_msg(LassoNameIdentifierMapping *map return(-2); } - protocolProfile = lasso_provider_get_nameIdentifierMappingProtocolProfile(provider, &err); + protocolProfile = lasso_provider_get_nameIdentifierMappingProtocolProfile(provider, + lassoProviderTypeSp, + &err); if(err != NULL) { message(G_LOG_LEVEL_ERROR, err->message); ret = err->code; @@ -117,7 +121,7 @@ lasso_name_identifier_mapping_build_response_msg(LassoNameIdentifierMapping *map if(xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloSpSoap) || \ xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)) { debug("building a soap response message\n"); - profile->msg_url = lasso_provider_get_nameIdentifierMappingServiceURL(provider, NULL); + /* profile->msg_url = lasso_provider_get_nameIdentifierMappingServiceURL(provider, NULL); */ profile->msg_body = lasso_node_export_to_soap(profile->response); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp) || \ diff --git a/lasso/id-ff/register_name_identifier.c b/lasso/id-ff/register_name_identifier.c index 50a23236..96929f37 100644 --- a/lasso/id-ff/register_name_identifier.c +++ b/lasso/id-ff/register_name_identifier.c @@ -61,8 +61,10 @@ lasso_register_name_identifier_build_request_msg(LassoRegisterNameIdentifier *re } /* get the prototocol profile of the register_name_identifier */ - protocolProfile = lasso_provider_get_registerNameIdentifierProtocolProfile(provider); - if(protocolProfile == NULL){ + protocolProfile = lasso_provider_get_registerNameIdentifierProtocolProfile(provider, + lassoProviderTypeIdp, + NULL); + if(protocolProfile == NULL) { message(G_LOG_LEVEL_CRITICAL, "Register_Name_Identifier Protocol profile not found\n"); return(-3); } @@ -78,7 +80,9 @@ lasso_register_name_identifier_build_request_msg(LassoRegisterNameIdentifier *re profile->server->certificate, NULL); - profile->msg_url = lasso_provider_get_soapEndpoint(provider); + profile->msg_url = lasso_provider_get_soapEndpoint(provider, + lassoProviderTypeIdp, + NULL); profile->msg_body = lasso_node_export_to_soap(profile->request); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileRniIdpHttp) || \ @@ -109,7 +113,9 @@ lasso_register_name_identifier_build_response_msg(LassoRegisterNameIdentifier *r return(-2); } - protocolProfile = lasso_provider_get_registerNameIdentifierProtocolProfile(provider); + protocolProfile = lasso_provider_get_registerNameIdentifierProtocolProfile(provider, + lassoProviderTypeSp, + NULL); if(protocolProfile == NULL) { message(G_LOG_LEVEL_CRITICAL, "Register name identifier protocol profile not found\n"); return(-3); @@ -118,7 +124,9 @@ lasso_register_name_identifier_build_response_msg(LassoRegisterNameIdentifier *r if(xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloSpSoap) || \ xmlStrEqual(protocolProfile, lassoLibProtocolProfileSloIdpSoap)) { debug("building a soap response message\n"); - profile->msg_url = lasso_provider_get_registerNameIdentifierServiceURL(provider); + profile->msg_url = lasso_provider_get_registerNameIdentifierServiceURL(provider, + lassoProviderTypeSp, + NULL); profile->msg_body = lasso_node_export_to_soap(profile->response); } else if(xmlStrEqual(protocolProfile,lassoLibProtocolProfileSloSpHttp) || \ |