diff options
| author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-03-29 18:06:57 +0200 |
|---|---|---|
| committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2011-03-29 18:43:47 +0200 |
| commit | dac3f345adeb18c7f449da1a28314abedb8e3a16 (patch) | |
| tree | cfe220e656ff66adb7ae5e4c67348eac979b51b2 | |
| parent | 8df7a0022c90b39ed2da8685d882a20d8d9b9c02 (diff) | |
| download | lasso-dac3f345adeb18c7f449da1a28314abedb8e3a16.tar.gz lasso-dac3f345adeb18c7f449da1a28314abedb8e3a16.tar.xz lasso-dac3f345adeb18c7f449da1a28314abedb8e3a16.zip | |
[saml2] add and internal method to load a federation metadata file
It only loads one kind of provider (idp or sp). It's currently
impossible for a provider to have the two roles at the same time toward
a given LassoServer object, i.e. the current service is a service
provider or an identity provider, it cannot be the two at the same time.
| -rw-r--r-- | lasso/saml-2.0/server.c | 51 | ||||
| -rw-r--r-- | lasso/saml-2.0/serverprivate.h | 1 |
2 files changed, 52 insertions, 0 deletions
diff --git a/lasso/saml-2.0/server.c b/lasso/saml-2.0/server.c index 4c7a758f..84bc7ef4 100644 --- a/lasso/saml-2.0/server.c +++ b/lasso/saml-2.0/server.c @@ -22,11 +22,14 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include <xmlsec/xmltree.h> + #include "../utils.h" #include "../xml/private.h" #include "serverprivate.h" #include "../id-ff/serverprivate.h" #include "../id-ff/providerprivate.h" +#include "../xml/saml-2.0/saml2_xsd.h" int @@ -84,3 +87,51 @@ lasso_saml20_server_load_affiliation(LassoServer *server, xmlNode *node) return 0; } + +static gboolean +_lasso_test_sp_descriptor(xmlNode *node) { + return xmlSecFindChild(node, + BAD_CAST LASSO_SAML2_METADATA_ELEMENT_SP_SSO_DESCRIPTOR, + BAD_CAST LASSO_SAML2_METADATA_HREF) != NULL; +} + +static gboolean +_lasso_test_idp_descriptor(xmlNode *node) { + return xmlSecFindChild(node, + BAD_CAST LASSO_SAML2_METADATA_ELEMENT_IDP_SSO_DESCRIPTOR, + BAD_CAST LASSO_SAML2_METADATA_HREF) != NULL; +} + +lasso_error_t +lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role, xmlNode *root_node) +{ + xmlNode *child; + lasso_error_t rc = 0; + + child = xmlSecGetNextElementNode(root_node->children); + /* first parse the providers... */ + while (child) { + if (! xmlSecCheckNodeName(child, + BAD_CAST LASSO_SAML2_METADATA_ELEMENT_ENTITY_DESCRIPTOR, + BAD_CAST LASSO_SAML2_METADATA_HREF)) { + goto next; + } + if (role == LASSO_PROVIDER_ROLE_IDP && ! _lasso_test_idp_descriptor(child)) { + goto next; + } + if (role == LASSO_PROVIDER_ROLE_SP && ! _lasso_test_sp_descriptor(child)) { + goto next; + } + LassoProvider *provider; + + provider = lasso_provider_new_from_xmlnode(role, child); + if (provider) { + char *name = g_strdup(provider->ProviderID); + + g_hash_table_insert(server->providers, name, provider); + } +next: + child = xmlSecGetNextElementNode(child->next); + } + return rc; +} diff --git a/lasso/saml-2.0/serverprivate.h b/lasso/saml-2.0/serverprivate.h index 335a45dc..27d25716 100644 --- a/lasso/saml-2.0/serverprivate.h +++ b/lasso/saml-2.0/serverprivate.h @@ -33,6 +33,7 @@ extern "C" { #include "../id-ff/server.h" int lasso_saml20_server_load_affiliation(LassoServer *server, xmlNode *node); +lasso_error_t lasso_saml20_server_load_federation(LassoServer *server, LassoProviderRole role, xmlNode *root_node); #ifdef __cplusplus } |