diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-09-03 19:07:08 +0200 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-09-03 19:07:08 +0200 |
commit | 3f336a8e83515b7136a04361199be082cd3d8555 (patch) | |
tree | 8a3dbd55b0950cf25898300f8f55cb6749aff4c7 /lasso | |
parent | 9ab6b944f14556422fd4f279be5f568b0b18cfe4 (diff) | |
parent | aaca9ce9927d9ea1568dfa89ba05a41b40333e9b (diff) | |
download | lasso-3f336a8e83515b7136a04361199be082cd3d8555.tar.gz lasso-3f336a8e83515b7136a04361199be082cd3d8555.tar.xz lasso-3f336a8e83515b7136a04361199be082cd3d8555.zip |
Merge branch 'develop' into hotfixes-2.3.1
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/id-ff/provider.c | 1 | ||||
-rw-r--r-- | lasso/saml-2.0/profile.c | 53 | ||||
-rw-r--r-- | lasso/saml-2.0/profileprivate.h | 1 | ||||
-rw-r--r-- | lasso/saml-2.0/provider.c | 6 | ||||
-rw-r--r-- | lasso/xml/strings.h | 42 | ||||
-rw-r--r-- | lasso/xml/tools.c | 4 | ||||
-rw-r--r-- | lasso/xml/xml.c | 75 | ||||
-rw-r--r-- | lasso/xml/xml.h | 6 |
8 files changed, 161 insertions, 27 deletions
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index 07176952..91abebcc 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -1028,6 +1028,7 @@ _lasso_provider_load_metadata_from_doc(LassoProvider *provider, xmlDoc *doc) g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE); if (doc == NULL) { + warning("Metadata is not an XML document"); return FALSE; } diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index bcefee3c..98698762 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -46,6 +46,7 @@ #include "../xml/saml-2.0/samlp2_status_response.h" #include "../xml/saml-2.0/samlp2_response.h" #include "../xml/saml-2.0/saml2_assertion.h" +#include "../xml/misc_text_node.h" #include "../utils.h" #include "../debug.h" @@ -62,6 +63,7 @@ static gint lasso_profile_saml20_build_artifact_post_response_msg(LassoProfile * const char *service); static gboolean has_signature(LassoNode *node, LassoSignatureMethod *signature_method, char **private_key_file, char **private_key_password); +static char* lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part); #define check_msg_body \ if (! profile->msg_body) { \ @@ -152,20 +154,24 @@ http_method_to_binding(LassoHttpMethod method) { * * Return value: the generated artifact (internally allocated, don't free) **/ -char* +static char* lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part) { + LassoNode *what = NULL; lasso_assign_new_string(profile->private_data->artifact, lasso_saml20_profile_build_artifact(&profile->server->parent)); if (part == 0) { - lasso_assign_new_string(profile->private_data->artifact_message, - lasso_node_dump(profile->request)); + what = profile->request; } else if (part == 1) { - lasso_assign_new_string(profile->private_data->artifact_message, - lasso_node_dump(profile->response)); + what = profile->response; } else { /* XXX: RequestDenied here? */ } + /* Remove signature at the response level, if needed if will be on the ArtifactResponse */ + lasso_node_remove_signature(what); + /* Keep an XML copy of the response for later retrieval */ + lasso_assign_new_string(profile->private_data->artifact_message, + lasso_node_export_to_xml(what)); return profile->private_data->artifact; } @@ -378,34 +384,43 @@ int lasso_saml20_profile_build_artifact_response(LassoProfile *profile) { LassoSamlp2StatusResponse *response = NULL; - LassoNode *resp = NULL; int rc = 0; if ( ! LASSO_IS_SAMLP2_REQUEST_ABSTRACT(profile->request)) { return LASSO_PROFILE_ERROR_MISSING_REQUEST; } + /* Setup the response */ response = LASSO_SAMLP2_STATUS_RESPONSE(lasso_samlp2_artifact_response_new()); - if (profile->private_data->artifact_message) { - resp = lasso_node_new_from_dump(profile->private_data->artifact_message); - lasso_assign_new_gobject(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any, resp); - } + lasso_assign_new_gobject(profile->response, response); response->ID = lasso_build_unique_id(32); lasso_assign_string(response->Version, "2.0"); response->Issuer = LASSO_SAML2_NAME_ID(lasso_saml2_name_id_new_with_string( LASSO_PROVIDER(profile->server)->ProviderID)); response->IssueInstant = lasso_get_current_time(); lasso_assign_string(response->InResponseTo, LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->ID); + /* Add content */ + if (profile->private_data->artifact_message) { + xmlDoc *doc; + xmlNode *node; + char *content = profile->private_data->artifact_message; + doc = lasso_xml_parse_memory(content, strlen(content)); + if (doc) { + node = xmlDocGetRootElement(doc); + lasso_assign_new_gobject(LASSO_SAMLP2_ARTIFACT_RESPONSE(response)->any, + lasso_misc_text_node_new_with_xml_node(node)); + lasso_release_doc(doc); + lasso_saml20_profile_set_response_status(profile, + LASSO_SAML2_STATUS_CODE_SUCCESS, NULL); + } else { + lasso_saml20_profile_set_response_status(profile, + LASSO_SAML2_STATUS_CODE_RESPONDER, + LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT); + } + } + /* Setup the signature */ lasso_check_good_rc(lasso_profile_saml20_setup_message_signature(profile, (LassoNode*)response)); - lasso_assign_new_gobject(profile->response, LASSO_NODE(response)); - - if (resp == NULL) { - lasso_saml20_profile_set_response_status(profile, - LASSO_SAML2_STATUS_CODE_REQUESTER, NULL); - } else { - lasso_saml20_profile_set_response_status(profile, - LASSO_SAML2_STATUS_CODE_SUCCESS, NULL); - } + /* Serialize the message */ lasso_assign_new_string(profile->msg_body, lasso_node_export_to_soap(profile->response)); cleanup: return rc; diff --git a/lasso/saml-2.0/profileprivate.h b/lasso/saml-2.0/profileprivate.h index c3968aa3..54e3a336 100644 --- a/lasso/saml-2.0/profileprivate.h +++ b/lasso/saml-2.0/profileprivate.h @@ -40,7 +40,6 @@ extern "C" { int lasso_saml20_profile_init_request(LassoProfile *profile, const char *remote_provider_id, gboolean first_in_session, LassoSamlp2RequestAbstract *request_abstract, LassoHttpMethod http_method, LassoMdProtocolType protocol_type); -char* lasso_saml20_profile_generate_artifact(LassoProfile *profile, int part); #define lasso_saml20_profile_set_response_status_success(profile, code2) \ lasso_saml20_profile_set_response_status(profile, LASSO_SAML2_STATUS_CODE_SUCCESS, code2) #define lasso_saml20_profile_set_response_status_responder(profile, code2) \ diff --git a/lasso/saml-2.0/provider.c b/lasso/saml-2.0/provider.c index b532259e..064fe24e 100644 --- a/lasso/saml-2.0/provider.c +++ b/lasso/saml-2.0/provider.c @@ -477,6 +477,12 @@ lasso_saml20_provider_load_metadata(LassoProvider *provider, xmlNode *root_node) (! loaded_one_or_more_descriptor || (pdata->roles & provider->role) == 0)) { /* We must at least load one descriptor, and we must load a descriptor for our * assigned role or we fail. */ + if (! loaded_one_or_more_descriptor) { + warning("No descriptor was loaded, failing"); + } + if ((pdata->roles & provider->role) == 0) { + warning("Loaded roles and prescribed role does not intersect"); + } return FALSE; } diff --git a/lasso/xml/strings.h b/lasso/xml/strings.h index 9638e9c1..e3610316 100644 --- a/lasso/xml/strings.h +++ b/lasso/xml/strings.h @@ -107,6 +107,13 @@ */ #define LASSO_SOAP_FAULT_CODE_VERSION_MISMATCH "s:VersionMismatch" +/** + * LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT: + * + * An artifact content is present but Lasso failed to rebuild the corresponding XML content. + */ +#define LASSO_PRIVATE_STATUS_CODE_FAILED_TO_RESTORE_ARTIFACT "FailedToRestoreArtifact" + /*****************************************************************************/ /* Lasso */ /*****************************************************************************/ @@ -131,6 +138,41 @@ */ #define LASSO_PYTHON_HREF "http://www.entrouvert.org/namespaces/python/0.0" +/** + * LASSO_SIGNATURE_TYPE_ATTRIBUTE: + * + * Attribute name for the Lasso signature type attribute. + */ +#define LASSO_SIGNATURE_TYPE_ATTRIBUTE BAD_CAST "SignatureType" + +/** + * LASSO_SIGNATURE_METHOD_ATTRIBUTE: + * + * Attribute name for the Lasso signature type attribute. + */ +#define LASSO_SIGNATURE_METHOD_ATTRIBUTE BAD_CAST "SignatureMethod" + +/** + * LASSO_PRIVATE_KEY_ATTRIBUTE: + * + * Attribute name for the Lasso private key attribute. + */ +#define LASSO_PRIVATE_KEY_ATTRIBUTE BAD_CAST "PrivateKey" + +/** + * LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE: + * + * Attribute name for the Lasso private key attribute. + */ +#define LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE BAD_CAST "PrivateKeyPassword" + +/** + * LASSO_CERTIFICATE_ATTRIBUTE: + * + * Attribute name for the Lasso private key attribute. + */ +#define LASSO_CERTIFICATE_ATTRIBUTE BAD_CAST "Certificate" + /*****************************************************************************/ /* Liberty Alliance ID-FF */ /*****************************************************************************/ diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 523a7dda..38f81dd6 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -518,6 +518,8 @@ lasso_query_sign(char *query, LassoSignatureMethod sign_method, const char *priv new_query = g_strdup_printf("%s&SigAlg=%s", query, t); xmlFree(t); break; + case LASSO_SIGNATURE_METHOD_LAST: + g_assert_not_reached(); } /* build buffer digest */ @@ -568,6 +570,8 @@ lasso_query_sign(char *query, LassoSignatureMethod sign_method, const char *priv case LASSO_SIGNATURE_METHOD_DSA_SHA1: s_new_query = g_strdup_printf("%s&Signature=%s", new_query, e_b64_sigret); break; + case LASSO_SIGNATURE_METHOD_LAST: + g_assert_not_reached(); } done: diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index db20ac25..eff4e98c 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -1129,6 +1129,27 @@ _lasso_node_collect_namespaces(GHashTable **namespaces, xmlNode *node) } } +gboolean +lasso_get_integer_attribute(xmlNode *node, xmlChar *attribute_name, xmlChar *ns_href, int *integer, long int low, long int high) { + xmlChar *content = NULL; + gboolean rc = FALSE; + long int what; + + g_assert (integer); + content = xmlGetNsProp(node, attribute_name, ns_href); + if (! content) + goto cleanup; + if (! lasso_string_to_xsd_integer((char*)content, &what)) + goto cleanup; + if (*integer < low || *integer >= high) + goto cleanup; + *integer = what; + rc = TRUE; +cleanup: + lasso_release_xml_string(content); + return rc; +} + /** FIXME: return a real error code */ static int lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) @@ -1141,6 +1162,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) struct XmlSnippet *snippet_any = NULL; struct XmlSnippet *snippet_any_attribute = NULL; struct XmlSnippet *snippet_collect_namespaces = NULL; + struct XmlSnippet *snippet_signature = NULL; GSList *unknown_nodes = NULL; GSList *known_attributes = NULL; gboolean keep_xmlnode = FALSE; @@ -1350,6 +1372,10 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) snippet_collect_namespaces = snippet; } + if (type == SNIPPET_SIGNATURE) { + snippet_signature = snippet; + } + if (type == SNIPPET_ATTRIBUTE) { if (snippet->type & SNIPPET_ANY) { snippet_any_attribute = snippet; @@ -1406,6 +1432,44 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) _lasso_node_collect_namespaces(value, xmlnode); } + /* Collect signature parameters */ + { + LassoSignatureMethod method; + LassoSignatureType type; + xmlChar *private_key = NULL; + xmlChar *private_key_password = NULL; + xmlChar *certificate = NULL; + + while (snippet_signature) { + int what; + if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE, + BAD_CAST LASSO_LIB_HREF, &what, + LASSO_SIGNATURE_METHOD_RSA_SHA1, + LASSO_SIGNATURE_METHOD_LAST)) + break; + method = what; + if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE, + BAD_CAST LASSO_LIB_HREF, &what, LASSO_SIGNATURE_TYPE_NONE+1, + LASSO_SIGNATURE_TYPE_LAST)) + break; + type = what; + private_key = xmlGetNsProp(xmlnode, LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE, + BAD_CAST LASSO_LIB_HREF); + if (! private_key) + break; + private_key = xmlGetNsProp(xmlnode, LASSO_PRIVATE_KEY_ATTRIBUTE, BAD_CAST + LASSO_LIB_HREF); + certificate = xmlGetNsProp(xmlnode, LASSO_CERTIFICATE_ATTRIBUTE, BAD_CAST + LASSO_LIB_HREF); + lasso_node_set_signature(node, type, + method, (char*) private_key, (char*) private_key_password, (char*) certificate); + } + lasso_release_xml_string(private_key); + lasso_release_xml_string(private_key_password); + lasso_release_xml_string(certificate); + } + + /* Collect other children */ if (unknown_nodes && snippet_any) { xmlNode *t = unknown_nodes->data; void *tmp; @@ -1414,6 +1478,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode) (*(char**)value) = tmp; } + /* Collect other attributes */ if (snippet_any_attribute) { GHashTable **any_attribute; GSList *tmp_attr; @@ -1633,15 +1698,15 @@ lasso_node_impl_get_xmlNode(LassoNode *node, gboolean lasso_dump) if (private_key) { ns = get_or_define_ns(xmlnode, BAD_CAST LASSO_LASSO_HREF); sprintf(buffer, "%u", type); - xmlSetNsProp(xmlnode, ns, BAD_CAST "SignatureType", BAD_CAST buffer); + xmlSetNsProp(xmlnode, ns, LASSO_SIGNATURE_TYPE_ATTRIBUTE, BAD_CAST buffer); sprintf(buffer, "%u", method); - xmlSetNsProp(xmlnode, ns, BAD_CAST "SignatureMethod", BAD_CAST buffer); - xmlSetNsProp(xmlnode, ns, BAD_CAST "PrivateKey", BAD_CAST private_key); + xmlSetNsProp(xmlnode, ns, LASSO_SIGNATURE_METHOD_ATTRIBUTE, BAD_CAST buffer); + xmlSetNsProp(xmlnode, ns, LASSO_PRIVATE_KEY_ATTRIBUTE, BAD_CAST private_key); if (private_key_password) { - xmlSetNsProp(xmlnode, ns, BAD_CAST "PrivateKeyPassword", BAD_CAST private_key_password); + xmlSetNsProp(xmlnode, ns, LASSO_PRIVATE_KEY_PASSWORD_ATTRIBUTE, BAD_CAST private_key_password); } if (certificate) { - xmlSetNsProp(xmlnode, ns, BAD_CAST "Certificate", BAD_CAST certificate); + xmlSetNsProp(xmlnode, ns, LASSO_CERTIFICATE_ATTRIBUTE, BAD_CAST certificate); } } } diff --git a/lasso/xml/xml.h b/lasso/xml/xml.h index 06709c02..d4283956 100644 --- a/lasso/xml/xml.h +++ b/lasso/xml/xml.h @@ -84,7 +84,8 @@ typedef enum { typedef enum { LASSO_SIGNATURE_TYPE_NONE = 0, LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_TYPE_WITHX509 + LASSO_SIGNATURE_TYPE_WITHX509, + LASSO_SIGNATURE_TYPE_LAST } LassoSignatureType; @@ -97,7 +98,8 @@ typedef enum { **/ typedef enum { LASSO_SIGNATURE_METHOD_RSA_SHA1 = 1, - LASSO_SIGNATURE_METHOD_DSA_SHA1 + LASSO_SIGNATURE_METHOD_DSA_SHA1, + LASSO_SIGNATURE_METHOD_LAST } LassoSignatureMethod; |