diff options
| author | Valery Febvre <vfebvre at easter-eggs.com> | 2004-07-06 01:07:32 +0000 |
|---|---|---|
| committer | Valery Febvre <vfebvre at easter-eggs.com> | 2004-07-06 01:07:32 +0000 |
| commit | fbf995b8def3d6e4cbb1881c4f47ec3a520c3826 (patch) | |
| tree | f119d44392b6c5df7ae9ac23104c9396afd63c9f | |
| parent | 68df8d32eb2113acca0ca55534035e3db6cedef6 (diff) | |
| download | lasso-fbf995b8def3d6e4cbb1881c4f47ec3a520c3826.tar.gz lasso-fbf995b8def3d6e4cbb1881c4f47ec3a520c3826.tar.xz lasso-fbf995b8def3d6e4cbb1881c4f47ec3a520c3826.zip | |
*** empty log message ***
| -rw-r--r-- | lasso/Attic/protocols/artifact.c | 43 | ||||
| -rw-r--r-- | lasso/Attic/protocols/artifact.h | 5 | ||||
| -rw-r--r-- | lasso/Attic/protocols/authn_request.c | 2 | ||||
| -rw-r--r-- | lasso/Attic/protocols/authn_response.c | 2 | ||||
| -rw-r--r-- | lasso/id-ff/Makefile.am | 4 | ||||
| -rw-r--r-- | lasso/id-ff/authentication.c | 411 | ||||
| -rw-r--r-- | lasso/id-ff/authentication.h | 89 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 433 | ||||
| -rw-r--r-- | lasso/id-ff/login.h | 88 | ||||
| -rw-r--r-- | lasso/id-ff/profile_context.c | 24 | ||||
| -rw-r--r-- | lasso/id-ff/profile_context.h | 19 | ||||
| -rw-r--r-- | lasso/id-ff/server.c | 4 | ||||
| -rw-r--r-- | lasso/id-ff/server.h | 5 | ||||
| -rw-r--r-- | lasso/xml/lib_idp_provided_name_identifier.c | 4 | ||||
| -rw-r--r-- | lasso/xml/strings.c | 4 | ||||
| -rw-r--r-- | lasso/xml/strings.h | 4 |
16 files changed, 590 insertions, 551 deletions
diff --git a/lasso/Attic/protocols/artifact.c b/lasso/Attic/protocols/artifact.c index 3f6a4f86..74a29122 100644 --- a/lasso/Attic/protocols/artifact.c +++ b/lasso/Attic/protocols/artifact.c @@ -69,7 +69,8 @@ lasso_artifact_split_samlArt(gchar *b64_samlArt, xmlChar* lasso_artifact_get_assertionHandle(LassoArtifact *artifact) { - return (lasso_node_get_child_content(LASSO_NODE(artifact), "AssertionHandle", NULL)); + return (lasso_node_get_child_content(LASSO_NODE(artifact), + "AssertionHandle", NULL)); } gint @@ -77,20 +78,29 @@ lasso_artifact_get_byteCode(LassoArtifact *artifact) { xmlChar *byteCode; - byteCode = lasso_node_get_child_content(LASSO_NODE(artifact), "ByteCode", NULL); + byteCode = lasso_node_get_child_content(LASSO_NODE(artifact), + "ByteCode", NULL); return ((gint)g_strtod(byteCode, NULL)); } xmlChar* lasso_artifact_get_identityProviderSuccinctID(LassoArtifact *artifact) { - return (lasso_node_get_child_content(LASSO_NODE(artifact), "IdentityProviderSuccinctID", NULL)); + return (lasso_node_get_child_content(LASSO_NODE(artifact), + "IdentityProviderSuccinctID", NULL)); } xmlChar* lasso_artifact_get_relayState(LassoArtifact *artifact) { - return (lasso_node_get_child_content(LASSO_NODE(artifact), "RelayState", NULL)); + return (lasso_node_get_child_content(LASSO_NODE(artifact), + "RelayState", NULL)); +} + +xmlChar* +lasso_artifact_get_samlArt(LassoArtifact *artifact) +{ + return (lasso_node_get_child_content(LASSO_NODE(artifact), "SAMLArt", NULL)); } /*****************************************************************************/ @@ -134,7 +144,8 @@ GType lasso_artifact_get_type() { } LassoNode* -lasso_artifact_new(gchar *byteCode, +lasso_artifact_new(gchar *samlArt, + gchar *byteCode, gchar *identityProviderSuccinctID, gchar *assertionHandle, gchar *relayState) @@ -149,8 +160,10 @@ lasso_artifact_new(gchar *byteCode, artifact = LASSO_NODE(g_object_new(LASSO_TYPE_ARTIFACT, NULL)); class = LASSO_NODE_GET_CLASS(artifact); + class->new_child(artifact, "SAMLArt", samlArt, FALSE); class->new_child(artifact, "ByteCode", byteCode, FALSE); - class->new_child(artifact, "IdentityProviderSuccinctID", identityProviderSuccinctID, FALSE); + class->new_child(artifact, "IdentityProviderSuccinctID", + identityProviderSuccinctID, FALSE); class->new_child(artifact, "AssertionHandle", assertionHandle, FALSE); if (relayState != NULL) { class->new_child(artifact, "RelayState", relayState, FALSE); @@ -179,10 +192,13 @@ lasso_artifact_new_from_query(const xmlChar *query) identityProviderSuccinctID = (gchar *) g_new0(gchar, 20+1); assertionHandle = (gchar *) g_new0(gchar, 20+1); ret = lasso_artifact_split_samlArt(b64_samlArt, byteCode, - identityProviderSuccinctID, assertionHandle); + identityProviderSuccinctID, + assertionHandle); if (ret >= 0) { - artifact = lasso_artifact_new(byteCode, identityProviderSuccinctID, - assertionHandle, relayState); + artifact = lasso_artifact_new(b64_samlArt, + byteCode, identityProviderSuccinctID, + assertionHandle, + relayState); } g_free(byteCode); g_free(identityProviderSuccinctID); @@ -207,10 +223,13 @@ lasso_artifact_new_from_lares(const xmlChar *lares, identityProviderSuccinctID = (gchar *) g_new0(gchar, 20+1); assertionHandle = (gchar *) g_new0(gchar, 20+1); ret = lasso_artifact_split_samlArt(lares, byteCode, - identityProviderSuccinctID, assertionHandle); + identityProviderSuccinctID, + assertionHandle); if (ret >= 0) { - artifact = lasso_artifact_new(byteCode, identityProviderSuccinctID, - assertionHandle, relayState); + artifact = lasso_artifact_new(lares, + byteCode, identityProviderSuccinctID, + assertionHandle, + relayState); } g_free(byteCode); g_free(identityProviderSuccinctID); diff --git a/lasso/Attic/protocols/artifact.h b/lasso/Attic/protocols/artifact.h index 87d0e99d..0072c1ba 100644 --- a/lasso/Attic/protocols/artifact.h +++ b/lasso/Attic/protocols/artifact.h @@ -54,7 +54,8 @@ struct _LassoArtifactClass { LASSO_EXPORT GType lasso_artifact_get_type (void); -LASSO_EXPORT LassoNode* lasso_artifact_new (gchar *byteCode, +LASSO_EXPORT LassoNode* lasso_artifact_new (gchar *samlArt, + gchar *byteCode, gchar *identityProviderSuccinctID, gchar *assertionHandle, gchar *relayState); @@ -72,6 +73,8 @@ LASSO_EXPORT xmlChar* lasso_artifact_get_identityProviderSuccinctID (LassoArti LASSO_EXPORT xmlChar* lasso_artifact_get_relayState (LassoArtifact *artifact); +LASSO_EXPORT xmlChar* lasso_artifact_get_samlArt (LassoArtifact *artifact); + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/lasso/Attic/protocols/authn_request.c b/lasso/Attic/protocols/authn_request.c index cf343487..9ad46c0c 100644 --- a/lasso/Attic/protocols/authn_request.c +++ b/lasso/Attic/protocols/authn_request.c @@ -36,7 +36,7 @@ lasso_authn_request_get_protocolProfile(gchar *query) protocolProfile = lasso_g_ptr_array_index(lasso_query_get_value(query, "ProtocolProfile"), 0); if (protocolProfile == NULL) - protocolProfile = (gchar *)lassoLibProtocolProfileArtifact; + protocolProfile = (gchar *)lassoLibProtocolProfileBrwsArt; return (protocolProfile); } diff --git a/lasso/Attic/protocols/authn_response.c b/lasso/Attic/protocols/authn_response.c index 17413dfd..3bf8375d 100644 --- a/lasso/Attic/protocols/authn_response.c +++ b/lasso/Attic/protocols/authn_response.c @@ -308,6 +308,8 @@ lasso_authn_response_new(char *providerID, lasso_lib_authn_response_set_providerID(LASSO_LIB_AUTHN_RESPONSE(response), providerID); + /* TODO RelayState */ + /* Status Code */ //lasso_authn_response_set_status(response, lassoSamlStatusCodeSuccess); diff --git a/lasso/id-ff/Makefile.am b/lasso/id-ff/Makefile.am index 11a7e578..6031816e 100644 --- a/lasso/id-ff/Makefile.am +++ b/lasso/id-ff/Makefile.am @@ -15,13 +15,13 @@ INCLUDES = \ noinst_LTLIBRARIES = liblasso-environs.la liblasso_environs_la_SOURCES = \ - authentication.c \ + login.c \ profile_context.c \ server.c \ user.c liblassoinclude_HEADERS = \ - authentication.h \ + login.h \ profile_context.h \ server.h \ user.h diff --git a/lasso/id-ff/authentication.c b/lasso/id-ff/authentication.c deleted file mode 100644 index 3e7de239..00000000 --- a/lasso/id-ff/authentication.c +++ /dev/null @@ -1,411 +0,0 @@ -/* $Id$ - * - * Lasso - A free implementation of the Liberty Alliance specifications. - * - * Copyright (C) 2004 Entr'ouvert - * http://lasso.entrouvert.org - * - * Author: Valery Febvre <vfebvre@easter-eggs.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#include <lasso/xml/samlp_response.h> -#include <lasso/protocols/request.h> -#include <lasso/protocols/response.h> -#include <lasso/protocols/authn_response.h> -#include <lasso/environs/authentication.h> - -/*****************************************************************************/ -/* functions */ -/*****************************************************************************/ - -/*****************************************************************************/ -/* public methods */ -/*****************************************************************************/ - -gchar * -lasso_authentication_build_request_msg(LassoAuthentication *authn) -{ - LassoProvider *provider; - xmlChar *request_protocolProfile, *url, *query; - gchar *msg; - gboolean must_sign; - - provider = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server); - must_sign = xmlStrEqual(lasso_node_get_child_content(provider->metadata, "AuthnRequestsSigned", NULL), "true"); - - /* export request depending on the request ProtocolProfile */ - request_protocolProfile = lasso_provider_get_singleSignOnProtocolProfile(provider); - if (xmlStrEqual(request_protocolProfile, lassoLibProtocolProfileSSOGet)) { - /* GET -> query */ - url = lasso_provider_get_singleSignOnServiceUrl(provider); - if (must_sign) { - query = lasso_node_export_to_query(LASSO_PROFILE_CONTEXT(authn)->request, - 1, LASSO_PROFILE_CONTEXT(authn)->server->private_key); - } - else { - query = lasso_node_export_to_query(LASSO_PROFILE_CONTEXT(authn)->request, 0, NULL); - } - /* alloc returned string +2 for the ? and \0 */ - msg = (gchar *) g_new(gchar, strlen(url) + strlen(query) + 2); - g_sprintf(msg, "%s?%s", url, query); - g_free(url); - g_free(query); - } - else if (xmlStrEqual(request_protocolProfile, lassoLibProtocolProfileSSOPost)) { - /* POST -> formular */ - printf("TODO - export the AuthnRequest in a formular\n"); - } - - return (msg); -} - -static void -lasso_authentication_process_request(LassoAuthentication *authn, - gchar *request_msg) -{ - LassoProvider *provider, *sp; - gboolean must_verify_signature, signature_status; - - provider = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server); - - /* rebuild request */ - switch (authn->request_method) { - case lassoProfileContextMethodGet: - LASSO_PROFILE_CONTEXT(authn)->request = LASSO_NODE(lasso_authn_request_new_from_query(request_msg)); - break; - case lassoProfileContextMethodPost: - /* request_msg is a LibAuthnRequest send by method POST */ - printf("TODO - lasso_authentication_process_authnRequest() - implement the parsing of the post request\n"); - break; - case lassoProfileContextMethodSoap: - /* TODO request_msg is a SamlpRequest -> get SamlpResponse in user part */ - //LASSO_PROFILE_CONTEXT(authn)->response = ; - return; - break; - } - - authn->protocolProfile = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(authn)->request, - "ProtocolProfile", NULL); - if (authn->protocolProfile == NULL) { - authn->protocolProfile = g_strdup(lassoLibProtocolProfileArtifact); - } - - LASSO_PROFILE_CONTEXT(authn)->remote_providerID = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(authn)->request, - "ProviderID", NULL); - sp = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(authn)->server, - LASSO_PROFILE_CONTEXT(authn)->remote_providerID); - must_verify_signature = xmlStrEqual(lasso_node_get_child_content(sp->metadata, "AuthnRequestsSigned", NULL), "true"); - - /* build response */ - if (xmlStrEqual(authn->protocolProfile, lassoLibProtocolProfilePost)) { - /* create LibAuthnResponse */ - LASSO_PROFILE_CONTEXT(authn)->response = lasso_authn_response_new(lasso_provider_get_providerID(provider), - LASSO_PROFILE_CONTEXT(authn)->request); - } - else if (xmlStrEqual(authn->protocolProfile, lassoLibProtocolProfileArtifact)) { - /* create SamlpResponse */ - LASSO_PROFILE_CONTEXT(authn)->response = lasso_response_new(); - } - - /* verify signature */ - if (must_verify_signature) { - switch (authn->request_method) { - case lassoProfileContextMethodGet: - signature_status = lasso_query_verify_signature(request_msg, - sp->public_key, - LASSO_PROFILE_CONTEXT(authn)->server->private_key); - break; - case lassoProfileContextMethodPost: - // TODO use lasso_node_verify_signature - break; - } - - /* Modify StatusCode if signature is not OK */ - if (signature_status == 0 || signature_status == 2) { - switch (signature_status) { - case 0: // Invalid Signature - lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(authn), - lassoLibStatusCodeInvalidSignature); - break; - case 2: // Unsigned AuthnRequest - lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(authn), - lassoLibStatusCodeUnsignedAuthnRequest); - break; - } - } - } -} - -gboolean -lasso_authentication_must_authenticate(LassoAuthentication *authn, - gboolean is_user_authenticated) -{ - gboolean must_authenticate = TRUE; - gboolean isPassive = TRUE; - gboolean forceAuthn = FALSE; - - /* verify if the user must be authenticated or not */ - if (xmlStrEqual(lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(authn)->request, "IsPassive", NULL), "false")) { - isPassive = FALSE; - } - - if (xmlStrEqual(lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(authn)->request, "ForceAuthn", NULL), "true")) { - forceAuthn = TRUE; - } - - /* complex test to authentication process */ - if ((forceAuthn == TRUE || is_user_authenticated == FALSE) && isPassive == FALSE) { - must_authenticate = TRUE; - } - else if (is_user_authenticated == FALSE && isPassive == TRUE) { - lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(authn), - lassoLibStatusCodeNoPassive); - must_authenticate = FALSE; - } - - return (must_authenticate); -} - -gchar * -lasso_authentication_build_response_msg(LassoAuthentication *authn, - gint authentication_result, - const gchar *authenticationMethod, - const gchar *reauthenticateOnOrAfter, - gint method) -{ - LassoUser *user; - gchar *msg = g_new(gchar, 1024), *samlArt; - xmlChar *nameIDPolicy, *relayState, *providerID; - xmlChar *assertionHandle, *identityProviderSuccinctID; - LassoNode *assertion=NULL, *authentication_statement, *idpProvidedNameIdentifier; - LassoIdentity *identity; - - providerID = lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server)); - - switch (authn->request_method) { - case lassoProfileContextMethodGet: - case lassoProfileContextMethodPost: - /* federation */ - /* verify if a user context exists else create it */ - if (LASSO_PROFILE_CONTEXT(authn)->user == NULL) { - LASSO_PROFILE_CONTEXT(authn)->user = lasso_user_new(""); - } - identity = lasso_user_get_identity(LASSO_PROFILE_CONTEXT(authn)->user, - LASSO_PROFILE_CONTEXT(authn)->remote_providerID); - nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(authn)->request, - "NameIDPolicy", NULL); - printf("NameIDPolicy %s\n", nameIDPolicy); - if (nameIDPolicy == NULL || xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone)) { - if (identity == NULL) { - lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(authn), - lassoLibStatusCodeFederationDoesNotExist); - } - } - else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated)) { - printf("DEBUG - NameIDPolicy is federated\n"); - if (identity == NULL) { - identity = lasso_identity_new(LASSO_PROFILE_CONTEXT(authn)->remote_providerID); - idpProvidedNameIdentifier = LASSO_NODE(lasso_lib_idp_provided_name_identifier_new(lasso_build_unique_id(32))); - /* TODO: set nameQualifier and Format */ - lasso_identity_set_local_nameIdentifier(identity, idpProvidedNameIdentifier); - lasso_user_add_identity(LASSO_PROFILE_CONTEXT(authn)->user, - LASSO_PROFILE_CONTEXT(authn)->remote_providerID, - identity); - } - } - else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) { - - } - - /* fill the response with the assertion */ - if (identity != NULL && authentication_result == 1) { - printf("DEBUG - an identity found, so build an assertion\n"); - assertion = lasso_assertion_new(providerID, - lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE_CONTEXT(authn)->request), "RequestID")); - authentication_statement = lasso_authentication_statement_new(authenticationMethod, - reauthenticateOnOrAfter, - identity->remote_nameIdentifier, - identity->local_nameIdentifier); - lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion), - LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement)); - lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), - lassoSignatureMethodRsaSha1, - LASSO_PROFILE_CONTEXT(authn)->server->private_key, - LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server)->certificate); - lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE_CONTEXT(authn)->response), - assertion); - } - else { - printf("No identity or authentication failed !!!\n"); - if (authentication_result == 0) { - lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(authn), - lassoSamlStatusCodeRequestDenied); - } - } - - if (xmlStrEqual(authn->protocolProfile, lassoLibProtocolProfilePost)) { - /* return an authnResponse (base64 encoded) */ - msg = lasso_node_export_to_base64(LASSO_PROFILE_CONTEXT(authn)->response); - } - else if (xmlStrEqual(authn->protocolProfile, lassoLibProtocolProfileArtifact)) { - - /* return an artifact */ - switch (method) { - case lassoProfileContextMethodRedirect: - /* return query (base64 encoded) */ - /* liberty-idff-bindings-profiles-v1.2.pdf p.25 */ - samlArt = g_new(gchar, 2+20+20+1); - identityProviderSuccinctID = lasso_str_hash(providerID, - LASSO_PROFILE_CONTEXT(authn)->server->private_key); - assertionHandle = lasso_build_random_sequence(20); - sprintf(samlArt, "%c%c%s%s", 0, 3, identityProviderSuccinctID, assertionHandle); - //printf("%s\n", identityProviderSuccinctID); - //printf("%s\n", assertionHandle); - g_free(assertionHandle); - xmlFree(identityProviderSuccinctID); - samlArt = xmlSecBase64Encode(samlArt, 42, 0); - sprintf(msg, "SAMLArt=%s", samlArt); - /* store response */ - lasso_user_store_response(LASSO_PROFILE_CONTEXT(authn)->user, - samlArt, - LASSO_PROFILE_CONTEXT(authn)->response); - g_free(samlArt); - relayState = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(authn)->request, - "RelayState", NULL); - if (relayState != NULL) { - sprintf(msg, "%s&RelayState=%s", msg, relayState); - } - break; - case lassoProfileContextMethodPost: - /* TODO: return a formular */ - break; - } - } - break; - case lassoProfileContextMethodSoap: - /* return an SamlpResponse (in a dict indexed with artifact in user) */ - break; - } - - return (msg); -} - -xmlChar* -lasso_authentication_process_artifact(LassoAuthentication *authn, - gchar *artifact) -{ - LASSO_PROFILE_CONTEXT(authn)->request = lasso_request_new(artifact); - return (lasso_node_export_to_soap(LASSO_PROFILE_CONTEXT(authn)->request)); -} - -static gboolean -lasso_authentication_process_response(LassoAuthentication *authn, - xmlChar *response_msg) -{ - LassoNode *statusCode, *assertion; - LassoNode *nameIdentifier, *idpProvidedNameIdentifier; - char *artifact, *statusCodeValue; - - printf("DEBUG - POST response, process the authnResponse\n"); - LASSO_PROFILE_CONTEXT(authn)->response = LASSO_NODE(lasso_authn_response_new_from_export(response_msg, 0)); - - /* process the assertion */ - assertion = lasso_node_get_child(LASSO_PROFILE_CONTEXT(authn)->response, "Assertion", NULL); - if (!assertion) { - /* TODO ??? */ - return (FALSE); - } - else { - /* TODO verify signature , res in authn->signature_status ? */ - - } - - return(TRUE); -} - -/*****************************************************************************/ -/* instance and class init functions */ -/*****************************************************************************/ - -static void -lasso_authentication_instance_init(LassoAuthentication *authn) -{ -} - -static void -lasso_authentication_class_init(LassoAuthenticationClass *class) -{ -} - -GType lasso_authentication_get_type() { - static GType this_type = 0; - - if (!this_type) { - static const GTypeInfo this_info = { - sizeof (LassoAuthenticationClass), - NULL, - NULL, - (GClassInitFunc) lasso_authentication_class_init, - NULL, - NULL, - sizeof(LassoAuthentication), - 0, - (GInstanceInitFunc) lasso_authentication_instance_init, - }; - - this_type = g_type_register_static(LASSO_TYPE_PROFILE_CONTEXT, - "LassoAuthentication", - &this_info, 0); - } - return this_type; -} - -LassoProfileContext* -lasso_authentication_new(LassoServer *server, - LassoUser *user, - gchar *remote_providerID, - gchar *request_msg, - gint request_method, - gchar *response_msg, - gint response_method) -{ - g_return_val_if_fail(remote_providerID != NULL, NULL); - - LassoProfileContext *authn; - - authn = LASSO_PROFILE_CONTEXT(g_object_new(LASSO_TYPE_AUTHENTICATION, - "server", server, - "user", user, - "remote_providerID", remote_providerID, - NULL)); - - LASSO_AUTHENTICATION(authn)->request_method = request_method; - LASSO_AUTHENTICATION(authn)->response_method = response_method; - - if (request_msg == NULL && response_msg == NULL) { - /* build the request object */ - authn->request = lasso_authn_request_new(lasso_provider_get_providerID(LASSO_PROVIDER(server))); - } - else if (request_msg != NULL) { - lasso_authentication_process_request(LASSO_AUTHENTICATION(authn), request_msg); - } - else if (response_msg != NULL) { - lasso_authentication_process_response(authn, response_msg); - } - - return (authn); -} diff --git a/lasso/id-ff/authentication.h b/lasso/id-ff/authentication.h deleted file mode 100644 index 87c631f1..00000000 --- a/lasso/id-ff/authentication.h +++ /dev/null @@ -1,89 +0,0 @@ -/* $Id$ - * - * Lasso - A free implementation of the Liberty Alliance specifications. - * - * Copyright (C) 2004 Entr'ouvert - * http://lasso.entrouvert.org - * - * Authors: Valery Febvre <vfebvre@easter-eggs.com> - * Nicolas Clapies <nclapies@entrouvert.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - */ - -#ifndef __LASSO_AUTHENTIFICATION_H__ -#define __LASSO_AUTHENTIFICATION_H__ - -#ifdef __cplusplus -extern "C" { - -#endif /* __cplusplus */ - -#include <lasso/xml/xml.h> -#include <lasso/protocols/provider.h> -#include <lasso/environs/profile_context.h> -#include <lasso/environs/server.h> -#include <lasso/environs/user.h> - -#define LASSO_TYPE_AUTHENTICATION (lasso_authentication_get_type()) -#define LASSO_AUTHENTICATION(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_AUTHENTICATION, LassoAuthentication)) -#define LASSO_AUTHENTICATION_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_AUTHENTICATION, LassoAuthenticationClass)) -#define LASSO_IS_AUTHENTICATION(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_AUTHENTICATION)) -#define LASSP_IS_AUTHENTICATION_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_AUTHENTICATION)) -#define LASSO_AUTHENTICATION_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_AUTHENTICATION, LassoAuthenticationClass)) - -typedef struct _LassoAuthentication LassoAuthentication; -typedef struct _LassoAuthenticationClass LassoAuthenticationClass; - -struct _LassoAuthentication { - LassoProfileContext parent; - /*< public >*/ - /*< private >*/ - gchar *protocolProfile; - gint request_method; - gint response_method; -}; - -struct _LassoAuthenticationClass { - LassoProfileContextClass parent; -}; - -LASSO_EXPORT GType lasso_authentication_get_type (void); - -LASSO_EXPORT LassoProfileContext* lasso_authentication_new (LassoServer *server, - LassoUser *user, - gchar *remote_providerID, - gchar *request_msg, - gint request_method, - gchar *response_msg, - gint response_method); - -LASSO_EXPORT gchar* lasso_authentication_build_request_msg (LassoAuthentication *authn); - -LASSO_EXPORT gchar* lasso_authentication_process_authentication_result (LassoAuthentication *authn, - gint authentication_result, - const char *authentication_method); - -LASSO_EXPORT gchar* lasso_authentication_build_response_msg (LassoAuthentication *authn, - gint authentication_result, - const gchar *authenticationMethod, - const gchar *reauthenticateOnOrAfter, - gint method); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* __LASSO_AUTHENTICATION_H__ */ diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c new file mode 100644 index 00000000..ce98fb73 --- /dev/null +++ b/lasso/id-ff/login.c @@ -0,0 +1,433 @@ +/* $Id$ + * + * Lasso - A free implementation of the Liberty Alliance specifications. + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Author: Valery Febvre <vfebvre@easter-eggs.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#include <lasso/protocols/request.h> +#include <lasso/protocols/response.h> +#include <lasso/protocols/artifact.h> +#include <lasso/protocols/authn_response.h> + +#include <lasso/environs/login.h> + +/*****************************************************************************/ +/* functions */ +/*****************************************************************************/ + +/*****************************************************************************/ +/* public methods */ +/*****************************************************************************/ + +gint +lasso_login_build_authn_request_msg(LassoLogin *login) +{ + LassoProvider *provider, *remote_provider; + xmlChar *request_protocolProfile, *url, *query; + gchar *msg; + gboolean must_sign; + + provider = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server); + must_sign = xmlStrEqual(lasso_node_get_child_content(provider->metadata, "AuthnRequestsSigned", NULL), "true"); + + /* export request depending on the request ProtocolProfile */ + request_protocolProfile = lasso_provider_get_singleSignOnProtocolProfile(provider); + if (xmlStrEqual(request_protocolProfile, lassoLibProtocolProfileSSOGet)) { + /* GET -> query */ + remote_provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server, + LASSO_PROFILE_CONTEXT(login)->remote_providerID); + url = lasso_provider_get_singleSignOnServiceUrl(remote_provider); + if (must_sign) { + query = lasso_node_export_to_query(LASSO_PROFILE_CONTEXT(login)->request, + LASSO_PROFILE_CONTEXT(login)->server->signature_method, + LASSO_PROFILE_CONTEXT(login)->server->private_key); + } + else { + query = lasso_node_export_to_query(LASSO_PROFILE_CONTEXT(login)->request, 0, NULL); + } + /* alloc msg_url (+2 for the ? and \0) */ + LASSO_PROFILE_CONTEXT(login)->msg_url = (gchar *) g_new(gchar, strlen(url) + strlen(query) + 2); + g_sprintf(LASSO_PROFILE_CONTEXT(login)->msg_url, "%s?%s", url, query); + g_free(url); + g_free(query); + } + else if (xmlStrEqual(request_protocolProfile, lassoLibProtocolProfileSSOPost)) { + /* POST -> formular */ + printf("TODO - export the AuthnRequest in a formular\n"); + } + + return (0); +} + +gint +lasso_login_build_authn_response_msg(LassoLogin *login, + gint authentication_result, + const gchar *authenticationMethod, + const gchar *reauthenticateOnOrAfter) +{ + LassoUser *user; + LassoIdentity *identity; + gchar *msg = g_new(gchar, 1024), *samlArt; + xmlChar *nameIDPolicy, *relayState, *providerID; + xmlChar *assertionHandle, *identityProviderSuccinctID; + LassoNode *assertion=NULL, *authentication_statement, *idpProvidedNameIdentifier; + + /* ProtocolProfile must be BrwsPost */ + if (login->protocolProfile != lassoLoginProtocolPorfileBrwsPost) { + return (-1); + } + + providerID = lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server)); + + /* federation */ + /* verify if a user context exists else create it */ + if (LASSO_PROFILE_CONTEXT(login)->user == NULL) { + LASSO_PROFILE_CONTEXT(login)->user = lasso_user_new(""); + } + identity = lasso_user_get_identity(LASSO_PROFILE_CONTEXT(login)->user, + LASSO_PROFILE_CONTEXT(login)->remote_providerID); + nameIDPolicy = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request, + "NameIDPolicy", NULL); + printf("NameIDPolicy %s\n", nameIDPolicy); + if (nameIDPolicy == NULL || xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeNone)) { + if (identity == NULL) { + lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login), + lassoLibStatusCodeFederationDoesNotExist); + } + } + else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeFederated)) { + printf("DEBUG - NameIDPolicy is federated\n"); + if (identity == NULL) { + identity = lasso_identity_new(LASSO_PROFILE_CONTEXT(login)->remote_providerID); + idpProvidedNameIdentifier = lasso_lib_idp_provided_name_identifier_new(lasso_build_unique_id(32)); + /* TODO: set nameQualifier and Format */ + lasso_identity_set_local_nameIdentifier(identity, idpProvidedNameIdentifier); + lasso_user_add_identity(LASSO_PROFILE_CONTEXT(login)->user, + LASSO_PROFILE_CONTEXT(login)->remote_providerID, + identity); + } + } + else if (xmlStrEqual(nameIDPolicy, lassoLibNameIDPolicyTypeOneTime)) { + // TODO + } + + /* fill the response with the assertion */ + if (identity != NULL && authentication_result == 1) { + printf("DEBUG - an identity found, so build an assertion\n"); + assertion = lasso_assertion_new(providerID, + lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE_CONTEXT(login)->request), "RequestID")); + authentication_statement = lasso_authentication_statement_new(authenticationMethod, + reauthenticateOnOrAfter, + identity->remote_nameIdentifier, + identity->local_nameIdentifier); + lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion), + LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement)); + lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), + LASSO_PROFILE_CONTEXT(login)->server->signature_method, + LASSO_PROFILE_CONTEXT(login)->server->private_key, + LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server)->certificate); + lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE_CONTEXT(login)->response), + assertion); + } + else { + printf("No identity or login failed !!!\n"); + if (authentication_result == 0) { + lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login), + lassoSamlStatusCodeRequestDenied); + } + } + + /* return an authnResponse (base64 encoded) */ + LASSO_PROFILE_CONTEXT(login)->msg_body = lasso_node_export_to_base64(LASSO_PROFILE_CONTEXT(login)->response); + + return (0); +} + +gint +lasso_login_init_authn_request(LassoLogin *login, + const gchar *remote_providerID) +{ + LassoProvider *server; + + server = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(login)->server); + LASSO_PROFILE_CONTEXT(login)->request = lasso_authn_request_new(lasso_provider_get_providerID(server)); + LASSO_PROFILE_CONTEXT(login)->remote_providerID = remote_providerID; + + if (LASSO_PROFILE_CONTEXT(login)->request == NULL) { + return (-1); + } + + return (0); +} + +gint +lasso_login_init_from_authn_request_msg(LassoLogin *login, + gchar *authn_request_msg, + gint authn_request_method) +{ + LassoServer *server; + LassoProvider *sp; + gchar *protocolProfile; + gboolean must_verify_signature, signature_status; + + server = LASSO_PROFILE_CONTEXT(login)->server; + + /* rebuild request */ + switch (authn_request_method) { + case lassoHttpMethodGet: + case lassoHttpMethodRedirect: + /* LibAuthnRequest send by method GET */ + LASSO_PROFILE_CONTEXT(login)->request = lasso_authn_request_new_from_query(authn_request_msg); + break; + case lassoHttpMethodPost: + /* TODO LibAuthnRequest send by method POST */ + break; + } + + /* get ProtocolProfile */ + protocolProfile = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request, + "ProtocolProfile", NULL); + if (protocolProfile == NULL) { + login->protocolProfile = lassoLoginProtocolPorfileBrwsArt; + } + else if (xmlStrEqual(protocolProfile, lassoLibProtocolProfileBrwsArt)) { + login->protocolProfile = lassoLoginProtocolPorfileBrwsArt; + } + else if (xmlStrEqual(protocolProfile, lassoLibProtocolProfileBrwsPost)) { + login->protocolProfile = lassoLoginProtocolPorfileBrwsPost; + } + + /* build response */ + switch (login->protocolProfile) { + case lassoLoginProtocolPorfileBrwsPost: + /* create LibAuthnResponse */ + LASSO_PROFILE_CONTEXT(login)->response = lasso_authn_response_new(lasso_provider_get_providerID(LASSO_PROVIDER(server)), + LASSO_PROFILE_CONTEXT(login)->request); + break; + case lassoLoginProtocolPorfileBrwsArt: + /* create SamlpResponse */ + LASSO_PROFILE_CONTEXT(login)->response = lasso_response_new(); + break; + } + + /* get SP ProviderID */ + LASSO_PROFILE_CONTEXT(login)->remote_providerID = lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request, + "ProviderID", NULL); + sp = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server, + LASSO_PROFILE_CONTEXT(login)->remote_providerID); + /* Is authnRequest signed ? */ + must_verify_signature = xmlStrEqual(lasso_node_get_child_content(sp->metadata, "AuthnRequestsSigned", NULL), "true"); + + /* verify request signature */ + if (must_verify_signature) { + switch (authn_request_method) { + case lassoHttpMethodGet: + case lassoHttpMethodRedirect: + signature_status = lasso_query_verify_signature(authn_request_msg, + sp->public_key, + LASSO_PROFILE_CONTEXT(login)->server->private_key); + break; + case lassoHttpMethodPost: + signature_status = lasso_node_verify_signature(LASSO_PROFILE_CONTEXT(login)->request, + sp->certificate); + break; + } + + /* Modify StatusCode if signature is not OK */ + if (signature_status == 0 || signature_status == 2) { + switch (signature_status) { + case 0: // Invalid Signature + lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login), + lassoLibStatusCodeInvalidSignature); + break; + case 2: // Unsigned AuthnRequest + lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login), + lassoLibStatusCodeUnsignedAuthnRequest); + break; + } + return (-1); + } + } + return (0); +} + +gint +lasso_login_init_request(LassoLogin *login, + xmlChar *response_msg, + gint response_method) +{ + xmlChar *artifact; + + /* rebuild response (artifact) */ + switch (response_method = 1) { + case lassoHttpMethodGet: + case lassoHttpMethodRedirect: + /* artifact by REDIRECT */ + LASSO_PROFILE_CONTEXT(login)->response = lasso_artifact_new_from_query(response_msg); + break; + case lassoHttpMethodPost: + /* artifact by POST */ + LASSO_PROFILE_CONTEXT(login)->response = lasso_artifact_new_from_lares(response_msg, NULL); + break; + } + + /* create SamlpRequest */ + artifact = lasso_artifact_get_samlArt(LASSO_ARTIFACT(LASSO_PROFILE_CONTEXT(login)->response)); + LASSO_PROFILE_CONTEXT(login)->request = lasso_request_new(artifact); + xmlFree(artifact); + + return (0); +} + +gint +lasso_login_init_response(LassoLogin *login, + xmlChar *response_msg, + gint response_method) +{ + // TODO + + return (0); +} + +gint +lasso_handle_authn_response_msg(LassoLogin *login, + gchar *authn_response_msg) +{ + LassoNode *assertion, *status, *statusCode; + LassoProvider *idp; + gchar *statusCode_value; + + LASSO_PROFILE_CONTEXT(authn)->response = lasso_authn_response_new_from_export(AUTHN_response_msg, 0); + assertion = lasso_node_get_child(LASSO_PROFILE_CONTEXT(authn)->response, + "Assertion", + lassoLibHRef); + idp = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(login)->server, + LASSO_PROFILE_CONTEXT(login)->remote_providerID); + if (assertion != NULL) { + lasso_node_verify_signature(assertion, idp->certificate); + } + else { + return (-1); + } + status = lasso_node_get_child(LASSO_PROFILE_CONTEXT(authn)->response, + "Status", + lassoSamlProtocolHRef); + if (status != NULL) { + statusCode = lasso_node_get_child(status, + "StatusCode", + lassoSamlProtocolHRef); + + if (statusCode) { + statusCode_value = lasso_node_get_content(statusCode); + if (xmlStrEqual(statusCode_value, lassoSamlStatusCodeSuccess)) { + return (-4); + } + } + else { + return (-3); + } + } + else { + return (-2); + } + return (0); +} + +gboolean +lasso_login_must_authenticate(LassoLogin *login, + gboolean is_user_authenticated) +{ + gboolean must_authenticate = TRUE; + gboolean isPassive = TRUE; + gboolean forceAuthn = FALSE; + + /* verify if the user must be authenticated or not */ + if (xmlStrEqual(lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request, "IsPassive", NULL), "false")) { + isPassive = FALSE; + } + + if (xmlStrEqual(lasso_node_get_child_content(LASSO_PROFILE_CONTEXT(login)->request, "ForceAuthn", NULL), "true")) { + forceAuthn = TRUE; + } + + /* complex test to login process */ + if ((forceAuthn == TRUE || is_user_authenticated == FALSE) && isPassive == FALSE) { + must_authenticate = TRUE; + } + else if (is_user_authenticated == FALSE && isPassive == TRUE) { + lasso_profile_context_set_response_status(LASSO_PROFILE_CONTEXT(login), + lassoLibStatusCodeNoPassive); + must_authenticate = FALSE; + } + + return (must_authenticate); +} + +/*****************************************************************************/ +/* instance and class init functions */ +/*****************************************************************************/ + +static void +lasso_login_instance_init(LassoLogin *login) +{ +} + +static void +lasso_login_class_init(LassoLoginClass *class) +{ +} + +GType lasso_login_get_type() { + static GType this_type = 0; + + if (!this_type) { + static const GTypeInfo this_info = { + sizeof (LassoLoginClass), + NULL, + NULL, + (GClassInitFunc) lasso_login_class_init, + NULL, + NULL, + sizeof(LassoLogin), + 0, + (GInstanceInitFunc) lasso_login_instance_init, + }; + + this_type = g_type_register_static(LASSO_TYPE_PROFILE_CONTEXT, + "LassoLogin", + &this_info, 0); + } + return this_type; +} + +LassoProfileContext* +lasso_login_new(LassoServer *server, + LassoUser *user) +{ + LassoProfileContext *login; + + login = LASSO_PROFILE_CONTEXT(g_object_new(LASSO_TYPE_LOGIN, + "server", server, + "user", user, + NULL)); + + return (login); +} diff --git a/lasso/id-ff/login.h b/lasso/id-ff/login.h new file mode 100644 index 00000000..b825c110 --- /dev/null +++ b/lasso/id-ff/login.h @@ -0,0 +1,88 @@ +/* $Id$ + * + * Lasso - A free implementation of the Liberty Alliance specifications. + * + * Copyright (C) 2004 Entr'ouvert + * http://lasso.entrouvert.org + * + * Authors: Valery Febvre <vfebvre@easter-eggs.com> + * Nicolas Clapies <nclapies@entrouvert.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ + +#ifndef __LASSO_LOGIN_H__ +#define __LASSO_LOGIN_H__ + +#ifdef __cplusplus +extern "C" { + +#endif /* __cplusplus */ + +#include <lasso/xml/xml.h> +#include <lasso/protocols/provider.h> +#include <lasso/environs/profile_context.h> +#include <lasso/environs/server.h> +#include <lasso/environs/user.h> + +#define LASSO_TYPE_LOGIN (lasso_login_get_type()) +#define LASSO_LOGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_LOGIN, LassoLogin)) +#define LASSO_LOGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_LOGIN, LassoLoginClass)) +#define LASSO_IS_LOGIN(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_LOGIN)) +#define LASSP_IS_LOGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_LOGIN)) +#define LASSO_LOGIN_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_LOGIN, LassoLoginClass)) + +typedef struct _LassoLogin LassoLogin; +typedef struct _LassoLoginClass LassoLoginClass; + +typedef enum { + lassoLoginProtocolPorfileBrwsArt = 1, + lassoLoginProtocolPorfileBrwsPost, +} lassoLoginProtocolProfiles; + +struct _LassoLogin { + LassoProfileContext parent; + /*< public >*/ + /*< private >*/ + gint protocolProfile; + gchar *msg_relayState; +}; + +struct _LassoLoginClass { + LassoProfileContextClass parent; +}; + +LASSO_EXPORT GType lasso_login_get_type (void); + +LASSO_EXPORT LassoProfileContext* lasso_login_new (LassoServer *server, + LassoUser *user); + +LASSO_EXPORT gchar* lasso_login_build_request_msg (LassoLogin *authn); + +LASSO_EXPORT gchar* lasso_login_process_login_result (LassoLogin *authn, + gint login_result, + const char *login_method); + +LASSO_EXPORT gchar* lasso_login_build_response_msg (LassoLogin *authn, + gint login_result, + const gchar *loginMethod, + const gchar *reauthenticateOnOrAfter, + gint method); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __LASSO_LOGIN_H__ */ diff --git a/lasso/id-ff/profile_context.c b/lasso/id-ff/profile_context.c index d02320b2..7cdd6eb4 100644 --- a/lasso/id-ff/profile_context.c +++ b/lasso/id-ff/profile_context.c @@ -77,7 +77,6 @@ lasso_profile_context_set_response_status(LassoProfileContext *ctx, enum { LASSO_PROFILE_CONTEXT_SERVER = 1, LASSO_PROFILE_CONTEXT_USER, - LASSO_PROFILE_CONTEXT_REMOTE_PROVIDERID, }; static void @@ -90,7 +89,11 @@ lasso_profile_context_instance_init(GTypeInstance *instance, ctx->user = NULL; ctx->request = NULL; ctx->response = NULL; + ctx->remote_providerID = NULL; + + ctx->msg_url = NULL; + ctx->msg_body = NULL; } static void @@ -116,11 +119,6 @@ lasso_profile_context_set_property (GObject *object, self->user = g_value_get_pointer (value); } break; - case LASSO_PROFILE_CONTEXT_REMOTE_PROVIDERID: { - g_free (self->remote_providerID); - self->remote_providerID = g_value_dup_string (value); - } - break; default: /* We don't have any other property... */ g_assert (FALSE); @@ -161,15 +159,6 @@ lasso_profile_context_class_init(gpointer g_class, g_object_class_install_property (gobject_class, LASSO_PROFILE_CONTEXT_USER, pspec); - - pspec = g_param_spec_string ("remote_providerID", - "remote ProviderID", - "Set remote ProviderID", - NULL, - G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE); - g_object_class_install_property (gobject_class, - LASSO_PROFILE_CONTEXT_REMOTE_PROVIDERID, - pspec); } GType lasso_profile_context_get_type() { @@ -197,18 +186,15 @@ GType lasso_profile_context_get_type() { LassoProfileContext* lasso_profile_context_new(LassoServer *server, - LassoUser *user, - gchar *remote_providerID) + LassoUser *user) { g_return_val_if_fail(server != NULL, NULL); - g_return_val_if_fail(remote_providerID != NULL, NULL); LassoProfileContext *ctx; ctx = LASSO_PROFILE_CONTEXT(g_object_new(LASSO_TYPE_PROFILE_CONTEXT, "server", server, "user", user, - "remote_providerID", remote_providerID, NULL)); return (ctx); diff --git a/lasso/id-ff/profile_context.h b/lasso/id-ff/profile_context.h index bd6375ea..444d5942 100644 --- a/lasso/id-ff/profile_context.h +++ b/lasso/id-ff/profile_context.h @@ -46,12 +46,10 @@ typedef struct _LassoProfileContext LassoProfileContext; typedef struct _LassoProfileContextClass LassoProfileContextClass; typedef enum { - lassoProfileContextMethodGet = 1, - lassoProfileContextMethodRedirect, - lassoProfileContextMethodPost, - lassoProfileContextMethodSoap, - lassoProfileContextMethodArtifact, -} lassoProfileContextMethods; + lassoHttpMethodGet = 1, + lassoHttpMethodPost, + lassoHttpMethodRedirect, +} lassoHttpMethods; struct _LassoProfileContext { GObject parent; @@ -63,8 +61,14 @@ struct _LassoProfileContext { LassoNode *request; LassoNode *response; + gint request_method; + gint response_method; + gchar *remote_providerID; + gchar *msg_url; + gchar *msg_body; + /*< private >*/ }; @@ -75,8 +79,7 @@ struct _LassoProfileContextClass { LASSO_EXPORT GType lasso_profile_context_get_type (void); LASSO_EXPORT LassoProfileContext* lasso_profile_context_new (LassoServer *server, - LassoUser *user, - gchar *remote_providerID); + LassoUser *user); LASSO_EXPORT gint lasso_profile_context_set_remote_providerID(LassoProfileContext *ctx, gchar *providerID); diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index 9f4aebf0..34e3c093 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -106,7 +106,8 @@ LassoServer * lasso_server_new(const gchar *metadata, const gchar *public_key, const gchar *private_key, - const gchar *certificate) + const gchar *certificate, + guint signature_method) { LassoServer *server; xmlDocPtr doc; @@ -117,6 +118,7 @@ lasso_server_new(const gchar *metadata, LASSO_PROVIDER(server)->public_key = public_key; LASSO_PROVIDER(server)->certificate = certificate; server->private_key = private_key; + server->signature_method = signature_method; doc = xmlParseFile(metadata); root = xmlCopyNode(xmlDocGetRootElement(doc), 1); diff --git a/lasso/id-ff/server.h b/lasso/id-ff/server.h index 0286b5aa..b1e1422c 100644 --- a/lasso/id-ff/server.h +++ b/lasso/id-ff/server.h @@ -47,7 +47,7 @@ struct _LassoServer { GPtrArray *providers; gchar *private_key; - + guint signature_method; /*< private >*/ }; @@ -59,7 +59,8 @@ LASSO_EXPORT GType lasso_server_get_type (void); LASSO_EXPORT LassoServer* lasso_server_new (const gchar *metadata, const gchar *public_key, const gchar *private_key, - const gchar *certificate); + const gchar *certificate, + guint signature_method); LASSO_EXPORT gint lasso_server_add_provider (LassoServer *server, gchar *metadata, diff --git a/lasso/xml/lib_idp_provided_name_identifier.c b/lasso/xml/lib_idp_provided_name_identifier.c index 793b03a6..8b7951ac 100644 --- a/lasso/xml/lib_idp_provided_name_identifier.c +++ b/lasso/xml/lib_idp_provided_name_identifier.c @@ -71,7 +71,9 @@ GType lasso_lib_idp_provided_name_identifier_get_type() { return this_type; } -LassoNode* lasso_lib_idp_provided_name_identifier_new(const xmlChar *content) { +LassoNode* +lasso_lib_idp_provided_name_identifier_new(const xmlChar *content) +{ LassoNode *node; g_assert(content != NULL); diff --git a/lasso/xml/strings.c b/lasso/xml/strings.c index 6256159d..3ef44af4 100644 --- a/lasso/xml/strings.c +++ b/lasso/xml/strings.c @@ -71,8 +71,8 @@ const xmlChar lassoLibStatusCodeUnsignedAuthnRequest[] = "lib:Un /* ProtocolProfile */ const xmlChar lassoLibProtocolProfileSSOGet[] = "http://projectliberty.org/profiles/sso-get"; const xmlChar lassoLibProtocolProfileSSOPost[] = "http://projectliberty.org/profiles/sso-post"; -const xmlChar lassoLibProtocolProfileArtifact[] = "http://projectliberty.org/profiles/brws-art"; -const xmlChar lassoLibProtocolProfilePost[] = "http://projectliberty.org/profiles/brws-post"; +const xmlChar lassoLibProtocolProfileBrwsArt[] = "http://projectliberty.org/profiles/brws-art"; +const xmlChar lassoLibProtocolProfileBrwsPost[] = "http://projectliberty.org/profiles/brws-post"; const xmlChar lassoLibProtocolProfileFedTermIdpHttp[] = "http://projectliberty.org/profiles/fedterm-idp-http"; const xmlChar lassoLibProtocolProfileFedTermIdpSoap[] = "http://projectliberty.org/profiles/fedterm-idp-soap"; const xmlChar lassoLibProtocolProfileFedTermSpHttp[] = "http://projectliberty.org/profiles/fedterm-sp-http"; diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h index 510d9adc..30c7da4d 100644 --- a/lasso/xml/strings.h +++ b/lasso/xml/strings.h @@ -78,8 +78,8 @@ LASSO_EXPORT_VAR const xmlChar lassoLibStatusCodeUnsignedAuthnRequest[]; /* ProtocolProfile */ LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileSSOGet[]; LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileSSOPost[]; -LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileArtifact[]; -LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfilePost[]; +LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileBrwsArt[]; +LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileBrwsPost[]; LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileFedTermIdpHttp[]; LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileFedTermIdpSoap[]; LASSO_EXPORT_VAR const xmlChar lassoLibProtocolProfileFedTermSpHttp[]; |