diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-03-09 14:05:31 +0000 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2009-03-09 14:05:31 +0000 |
| commit | 95d27816ee81f3c6b2cdea2bb2f0584a2df0b1a2 (patch) | |
| tree | 538662515d216902765734bc4857914953236c03 | |
| parent | cf50ac6da229df840409217ece42119a0292d1ba (diff) | |
| download | lasso-95d27816ee81f3c6b2cdea2bb2f0584a2df0b1a2.tar.gz lasso-95d27816ee81f3c6b2cdea2bb2f0584a2df0b1a2.tar.xz lasso-95d27816ee81f3c6b2cdea2bb2f0584a2df0b1a2.zip | |
Core: add a method to decrypt nameid, handling error cases
* lasso/id-dff/serverprivate.h:
* lasso/id-ff/server.c:
lasso_server_decrypt_nameid handle error case of NameID decryption,
and update passed field pointers.
* lasso/errors.h:
add new error codes:
LASSO_DS_ERROR_DECRYPTION_FAILED -118
- Decryption of an encrypted node failed
LASSO_PROFILE_ERROR_MISSING_SERVER -438
- No server object set in the profile
| -rw-r--r-- | lasso/errors.c | 4 | ||||
| -rw-r--r-- | lasso/errors.h | 2 | ||||
| -rw-r--r-- | lasso/id-ff/server.c | 41 | ||||
| -rw-r--r-- | lasso/id-ff/serverprivate.h | 3 |
4 files changed, 50 insertions, 0 deletions
diff --git a/lasso/errors.c b/lasso/errors.c index e90b8cf5..852cd93c 100644 --- a/lasso/errors.c +++ b/lasso/errors.c @@ -129,6 +129,8 @@ lasso_strerror(int error_code) return "LASSO_XML_ERROR_MISSING_NAMESPACE"; case LASSO_DS_ERROR_INVALID_SIGNATURE: return "Invalid signature."; + case LASSO_DS_ERROR_DECRYPTION_FAILED: + return "Decryption of an encrypted node failed"; case LASSO_LOGIN_ERROR_ASSERTION_DOES_NOT_MATCH_REQUEST_ID: return "If inResponseTo attribute is present, a matching request must be present too in the LassoLogin object"; case LASSO_SERVER_ERROR_SET_ENCRYPTION_PRIVATE_KEY_FAILED: @@ -205,6 +207,8 @@ lasso_strerror(int error_code) return "Invalid XML file"; case LASSO_WSF_PROFILE_ERROR_MISSING_ENDPOINT: return "Cannot find an WSP endpoint for the ID-WSF service"; + case LASSO_PROFILE_ERROR_MISSING_SERVER: + return "No server object set in the profile"; case LASSO_XML_ERROR_NODE_NOT_FOUND: return "Unable to get child of element."; case LASSO_ERROR_UNIMPLEMENTED: diff --git a/lasso/errors.h b/lasso/errors.h index e6145269..79cdae03 100644 --- a/lasso/errors.h +++ b/lasso/errors.h @@ -57,6 +57,7 @@ #define LASSO_DS_ERROR_SIGNATURE_TEMPLATE_NOT_FOUND -115 /* Signature template has not been found. */ #define LASSO_DS_ERROR_TOO_MUCH_REFERENCES -116 /* SAML signature must contain only one reference */ #define LASSO_DS_ERROR_INVALID_REFERENCE_FOR_SAML -117 /* SAML signature reference must be to a Request, a Reponse or an Assertion ID attribute */ +#define LASSO_DS_ERROR_DECRYPTION_FAILED -118 /* Decryption of an encrypted node failed */ /* Server */ #define LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND -201 /* ProviderID unknown to LassoServer. */ @@ -109,6 +110,7 @@ #define LASSO_PROFILE_ERROR_MISSING_ENDPOINT_REFERENCE -435 /* Missing endpoint reference */ #define LASSO_PROFILE_ERROR_MISSING_ENDPOINT_REFERENCE_ADDRESS -436 /* Missing endpoint reference address */ #define LASSO_PROFILE_ERROR_INVALID_ISSUER -437 /* Assertion issuer is not thesame as the requested issuer */ +#define LASSO_PROFILE_ERROR_MISSING_SERVER -438 /* No server object set in the profile */ /* functions/methods parameters checking */ #define LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ -501 /* An object type provided as parameter */ diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index f7649e44..f3a5bacf 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -837,3 +837,44 @@ lasso_server_dump(LassoServer *server) { return lasso_node_dump(LASSO_NODE(server)); } + +/** + * lasso_decrypt_nameid: + * @profile: a #LassoProfile object + * @nameid_field: reference to the nameid pointer. + * @encryptedid_field: reference to the encryptedid pointer. + * + * Decrypt the LassoNode pointed by the first field pointer, and try to place the result in the + * second field. + * + * Return value: LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ, + * LASSO_PROFILE_ERROR_MISSING_SERVER, + * LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY, + * LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND, + * LASSO_DS_ERROR_DECRYPTION_FAILED + */ +int +lasso_server_decrypt_nameid(LassoServer *server, + LassoSaml2EncryptedElement **encryptedid_field, + LassoNode **nameid_field) +{ + LassoNode *new_name_id; + xmlSecKey *encryption_private_key; + + lasso_bad_param(SERVER, server); + lasso_null_param(encryptedid_field); + lasso_null_param(nameid_field); + + encryption_private_key = server->private_data->encryption_private_key; + g_return_val_if_fail(encryption_private_key != NULL, LASSO_PROFILE_ERROR_MISSING_ENCRYPTION_PRIVATE_KEY); + new_name_id = lasso_node_decrypt(*encryptedid_field, encryption_private_key); + + if (new_name_id) { + return LASSO_DS_ERROR_DECRYPTION_FAILED; + } + lasso_assign_new_gobject(*nameid_field, new_name_id); + lasso_release_gobject(*encryptedid_field); + + return 0; +} + diff --git a/lasso/id-ff/serverprivate.h b/lasso/id-ff/serverprivate.h index 1c4ef9db..bcdcbafb 100644 --- a/lasso/id-ff/serverprivate.h +++ b/lasso/id-ff/serverprivate.h @@ -38,6 +38,9 @@ struct _LassoServerPrivate gchar* lasso_server_get_first_providerID(LassoServer *server); gchar* lasso_server_get_providerID_from_hash(LassoServer *server, gchar *b64_hash); +int lasso_server_decrypt_nameid(LassoServer *profile, + LassoSaml2EncryptedElement **encryptedid_field, + LassoNode **nameid_field); #ifdef __cplusplus } |