diff options
| author | Valery Febvre <vfebvre at easter-eggs.com> | 2004-09-27 14:29:54 +0000 |
|---|---|---|
| committer | Valery Febvre <vfebvre at easter-eggs.com> | 2004-09-27 14:29:54 +0000 |
| commit | 4ab34ba6b2ca1ed04284daddf8e5bea8c49af4e1 (patch) | |
| tree | 46ce10083d7eed76f5271c20adc17cc49c3326a9 /lasso | |
| parent | 7f231e253bcc321ff6a4787082b8ce47b9dfb694 (diff) | |
| download | lasso-4ab34ba6b2ca1ed04284daddf8e5bea8c49af4e1.tar.gz lasso-4ab34ba6b2ca1ed04284daddf8e5bea8c49af4e1.tar.xz lasso-4ab34ba6b2ca1ed04284daddf8e5bea8c49af4e1.zip | |
Renamed 'ca_certificate' property of LassoProvider object to 'ca_cert_chain'
Added a new property 'secret_key' in LassoServer object
Changed prototype of lasso_server_new() method
BEFORE:
LassoServer *
lasso_server_new(gchar *metadata,
gchar *public_key,
gchar *private_key,
gchar *certificate,
lassoSignatureMethod signature_method)
AFTER:
LassoServer *
lasso_server_new(const gchar *metadata,
const gchar *private_key,
const gchar *secret_key,
const gchar *certificate)
public_key param was removed because it was useless.
secret_key was added to decrypt private_key
signature_method was removed (default value is lassoSignatureMethodRsaSha1).
2 new methods was added to access 'signature_method' property of LassoServer:
lasso_server_get_signature_method() and lasso_server_set_signature_method()
Update Lasso.i
Diffstat (limited to 'lasso')
| -rw-r--r-- | lasso/Attic/protocols/provider.c | 32 | ||||
| -rw-r--r-- | lasso/Attic/protocols/provider.h | 14 | ||||
| -rw-r--r-- | lasso/id-ff/login.c | 9 | ||||
| -rw-r--r-- | lasso/id-ff/logout.c | 5 | ||||
| -rw-r--r-- | lasso/id-ff/server.c | 97 | ||||
| -rw-r--r-- | lasso/id-ff/server.h | 51 |
6 files changed, 128 insertions, 80 deletions
diff --git a/lasso/Attic/protocols/provider.c b/lasso/Attic/protocols/provider.c index 22493906..2ccc5569 100644 --- a/lasso/Attic/protocols/provider.c +++ b/lasso/Attic/protocols/provider.c @@ -46,8 +46,8 @@ lasso_provider_copy(LassoProvider *provider) copy = LASSO_PROVIDER(g_object_new(LASSO_TYPE_PROVIDER, NULL)); copy->metadata = lasso_node_copy(provider->metadata); - copy->public_key = g_strdup(provider->public_key); - copy->ca_certificate = g_strdup(provider->ca_certificate); + copy->public_key = g_strdup(provider->public_key); + copy->ca_cert_chain = g_strdup(provider->ca_cert_chain); return copy; } @@ -67,7 +67,7 @@ lasso_provider_dump(LassoProvider *provider) provider_node = lasso_node_new(); - /* set the public key, ca_certificate, metadata */ + /* set the public key, ca_cert_chain, metadata */ provider_class = LASSO_NODE_GET_CLASS(provider_node); provider_class->set_name(provider_node, LASSO_PROVIDER_NODE); provider_class->set_ns(provider_node, lassoLassoHRef, NULL); @@ -79,9 +79,9 @@ lasso_provider_dump(LassoProvider *provider) provider_class->set_prop(provider_node, LASSO_PROVIDER_PUBLIC_KEY_NODE, provider->public_key); } - if(provider->ca_certificate != NULL) { - provider_class->set_prop(provider_node, LASSO_PROVIDER_CA_CERTIFICATE_NODE, - provider->ca_certificate); + if(provider->ca_cert_chain != NULL) { + provider_class->set_prop(provider_node, LASSO_PROVIDER_CA_CERT_CHAIN_NODE, + provider->ca_cert_chain); } provider_dump = lasso_node_export(provider_node); @@ -573,10 +573,10 @@ lasso_provider_set_public_key(LassoProvider *provider, } void -lasso_provider_set_ca_certificate(LassoProvider *provider, - gchar *ca_certificate) +lasso_provider_set_ca_cert_chain(LassoProvider *provider, + gchar *ca_cert_chain) { - provider->ca_certificate = g_strdup(ca_certificate); + provider->ca_cert_chain = g_strdup(ca_cert_chain); } /*****************************************************************************/ @@ -625,7 +625,7 @@ lasso_provider_finalize(LassoProvider *provider) debug("Provider object 0x%x finalized ...\n", provider); g_free(provider->public_key); - g_free(provider->ca_certificate); + g_free(provider->ca_cert_chain); g_free(provider->private); parent_class->finalize(G_OBJECT(provider)); @@ -640,9 +640,9 @@ lasso_provider_instance_init(LassoProvider *provider) { provider->private = g_new (LassoProviderPrivate, 1); provider->private->dispose_has_run = FALSE; - provider->metadata = NULL; - provider->public_key = NULL; - provider->ca_certificate = NULL; + provider->metadata = NULL; + provider->public_key = NULL; + provider->ca_cert_chain = NULL; } static void @@ -681,14 +681,14 @@ GType lasso_provider_get_type() { LassoProvider* lasso_provider_new(gchar *metadata, gchar *public_key, - gchar *ca_certificate) + gchar *ca_cert_chain) { LassoProvider *provider; provider = lasso_provider_new_metadata_filename(metadata); if (provider != NULL) { - provider->public_key = g_strdup(public_key); - provider->ca_certificate = g_strdup(ca_certificate); + provider->public_key = g_strdup(public_key); + provider->ca_cert_chain = g_strdup(ca_cert_chain); } return provider; diff --git a/lasso/Attic/protocols/provider.h b/lasso/Attic/protocols/provider.h index 12c98126..71c11973 100644 --- a/lasso/Attic/protocols/provider.h +++ b/lasso/Attic/protocols/provider.h @@ -39,9 +39,9 @@ extern "C" { #define LASSO_IS_PROVIDER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_PROVIDER)) #define LASSO_PROVIDER_GET_CLASS(o) (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_PROVIDER, LassoProviderClass)) -#define LASSO_PROVIDER_NODE "Provider" -#define LASSO_PROVIDER_PUBLIC_KEY_NODE "PublicKey" -#define LASSO_PROVIDER_CA_CERTIFICATE_NODE "CaCertificate" +#define LASSO_PROVIDER_NODE "Provider" +#define LASSO_PROVIDER_PUBLIC_KEY_NODE "PublicKey" +#define LASSO_PROVIDER_CA_CERT_CHAIN_NODE "CaCertChain" typedef struct _LassoProvider LassoProvider; typedef struct _LassoProviderClass LassoProviderClass; @@ -59,7 +59,7 @@ struct _LassoProvider { LassoNode *metadata; gchar *public_key; - gchar *ca_certificate; + gchar *ca_cert_chain; /*< private >*/ LassoProviderPrivate *private; @@ -73,7 +73,7 @@ LASSO_EXPORT GType lasso_provider_get_type LASSO_EXPORT LassoProvider* lasso_provider_new (gchar *metadata, gchar *public_key, - gchar *ca_certificate); + gchar *ca_cert_chain); LASSO_EXPORT LassoProvider* lasso_provider_new_from_metadata_node (LassoNode *metadata_node); @@ -147,8 +147,8 @@ LASSO_EXPORT gchar* lasso_provider_get_soapEndpoint LASSO_EXPORT void lasso_provider_set_public_key (LassoProvider *provider, gchar *public_key); -LASSO_EXPORT void lasso_provider_set_ca_certificate (LassoProvider *provider, - gchar *ca_certificate); +LASSO_EXPORT void lasso_provider_set_ca_cert_chain (LassoProvider *provider, + gchar *ca_cert_chain); #ifdef __cplusplus } diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index e9833aff..a56897a3 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -241,7 +241,7 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) { /* verify signature */ if (idp != NULL) { /* FIXME detect X509Data ? */ - ret = lasso_node_verify_signature(assertion, idp->public_key); + ret = lasso_node_verify_signature(assertion, idp->public_key, idp->ca_cert_chain); if (ret < 0) { goto done; } @@ -753,7 +753,8 @@ lasso_login_build_response_msg(LassoLogin *login, NULL); /* FIXME verify the SOAP request signature */ ret = lasso_node_verify_signature(LASSO_PROFILE(login)->request, - remote_provider->public_key); + remote_provider->public_key, + remote_provider->ca_cert_chain); /* changed status code into RequestDenied if signature is invalid or not found if an error occurs during verification */ @@ -1020,6 +1021,7 @@ lasso_login_process_authn_request_msg(LassoLogin *login, } else { message(G_LOG_LEVEL_CRITICAL, "Unknown protocol profile : %s\n", protocolProfile); + xmlFree(protocolProfile); return -2; } xmlFree(protocolProfile); @@ -1064,7 +1066,8 @@ lasso_login_process_authn_request_msg(LassoLogin *login, case lassoHttpMethodSoap: /* FIXME detect X509Data ? */ ret = lasso_node_verify_signature(LASSO_PROFILE(login)->request, - remote_provider->public_key); + remote_provider->public_key, + remote_provider->ca_cert_chain); break; } LASSO_PROFILE(login)->signature_status = ret; diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 7f558866..89219341 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -630,8 +630,9 @@ gint lasso_logout_process_request_msg(LassoLogout *logout, g_error_free(err); goto done; } - if (provider->ca_certificate != NULL) { - ret = lasso_node_verify_x509_signature(profile->request, provider->ca_certificate); + if (provider->ca_cert_chain != NULL) { + ret = lasso_node_verify_signature(profile->request, provider->public_key, + provider->ca_cert_chain); } break; case lassoHttpMethodRedirect: diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index f3b38cf9..28d1fc8e 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -37,6 +37,7 @@ #define LASSO_SERVER_PROVIDERS_NODE "Providers" #define LASSO_SERVER_PROVIDERID_NODE "ProviderID" #define LASSO_SERVER_PRIVATE_KEY_NODE "PrivateKey" +#define LASSO_SERVER_SECRET_KEY_NODE "SecretKey" #define LASSO_SERVER_CERTIFICATE_NODE "Certificate" #define LASSO_SERVER_SIGNATURE_METHOD_NODE "SignatureMethod" @@ -67,18 +68,29 @@ lasso_server_add_lasso_provider(LassoServer *server, /* public methods */ /*****************************************************************************/ +/** + * lasso_server_add_provider: + * @server: a LassoServer + * @metadata: the provider metadata file + * @public_key: the provider public key file (may be a certificate) or NULL + * @ca_cert_chain: the provider CA certificate chain file or NULL + * + * Adds a provider in a server. + * + * Return value: 0 on success or a negative value if an error occurs. + **/ gint lasso_server_add_provider(LassoServer *server, gchar *metadata, gchar *public_key, - gchar *ca_certificate) + gchar *ca_cert_chain) { LassoProvider *provider; g_return_val_if_fail(LASSO_IS_SERVER(server), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); g_return_val_if_fail(metadata != NULL, LASSO_PARAM_ERROR_INVALID_VALUE); - provider = lasso_provider_new(metadata, public_key, ca_certificate); + provider = lasso_provider_new(metadata, public_key, ca_cert_chain); if (provider != NULL) { g_ptr_array_add(server->providers, provider); } @@ -103,8 +115,8 @@ lasso_server_copy(LassoServer *server) /* herited provider attrs */ LASSO_PROVIDER(copy)->metadata = lasso_node_copy(LASSO_PROVIDER(server)->metadata); - LASSO_PROVIDER(copy)->public_key = g_strdup(LASSO_PROVIDER(server)->public_key); - LASSO_PROVIDER(copy)->ca_certificate = g_strdup(LASSO_PROVIDER(server)->ca_certificate); + LASSO_PROVIDER(copy)->public_key = g_strdup(LASSO_PROVIDER(server)->public_key); + LASSO_PROVIDER(copy)->ca_cert_chain = g_strdup(LASSO_PROVIDER(server)->ca_cert_chain); /* server attrs */ copy->providers = g_ptr_array_new(); for (i=0; i<server->providers->len; i++) { @@ -113,6 +125,7 @@ lasso_server_copy(LassoServer *server) } copy->providerID = g_strdup(server->providerID); copy->private_key = g_strdup(server->private_key); + copy->secret_key = g_strdup(server->secret_key); copy->certificate = g_strdup(server->certificate); copy->signature_method = server->signature_method; @@ -158,6 +171,10 @@ lasso_server_dump(LassoServer *server) if (server->private_key != NULL) { server_class->set_prop(server_node, LASSO_SERVER_PRIVATE_KEY_NODE, server->private_key); } + /* secret key */ + if (server->secret_key != NULL) { + server_class->set_prop(server_node, LASSO_SERVER_SECRET_KEY_NODE, server->secret_key); + } /* certificate */ if (server->certificate != NULL) { server_class->set_prop(server_node, LASSO_SERVER_CERTIFICATE_NODE, server->certificate); @@ -176,14 +193,6 @@ lasso_server_dump(LassoServer *server) server_class->add_child(server_node, metadata_node, FALSE); } - /* public key */ - if (provider->public_key != NULL) { - server_class->set_prop(server_node, LASSO_PROVIDER_PUBLIC_KEY_NODE, provider->public_key); - } - /* ca_certificate */ - if (provider->ca_certificate != NULL) { - server_class->set_prop(server_node, LASSO_PROVIDER_CA_CERTIFICATE_NODE, provider->ca_certificate); - } /* providers */ providers_node = lasso_node_new(); providers_class = LASSO_NODE_GET_CLASS(providers_node); @@ -335,6 +344,19 @@ lasso_server_get_providerID_from_hash(LassoServer *server, return NULL; } +lassoSignatureMethod +lasso_server_get_signature_method(LassoServer *server) +{ + return server->signature_method; +} + +void +lasso_server_set_signature_method(LassoServer *server, + lassoSignatureMethod signature_method) +{ + server->signature_method = signature_method; +} + /*****************************************************************************/ /* overrided parent class methods */ /*****************************************************************************/ @@ -367,6 +389,7 @@ lasso_server_finalize(LassoServer *server) g_free(server->providerID); g_free(server->private_key); + g_free(server->secret_key); g_free(server->certificate); g_free(server->private); @@ -387,6 +410,7 @@ lasso_server_instance_init(LassoServer *server) server->providers = g_ptr_array_new(); server->providerID = NULL; server->private_key = NULL; + server->secret_key = NULL; server->certificate = NULL; server->signature_method = lassoSignatureMethodRsaSha1; } @@ -424,12 +448,23 @@ GType lasso_server_get_type() { return this_type; } +/** + * lasso_server_new: + * @metadata: the server metadata file + * @private_key: the server private key or NULL + * @secret_key: the server secret key (to decrypt the private key) + * @certificate: the server certificate + * + * Creates a server. The caller is responsible for destroying returned + * object by calling #lasso_server_destroy method. + * + * Return value: a newly allocated #LassoServer object or NULL if an error occurs. + **/ LassoServer * -lasso_server_new(gchar *metadata, - gchar *public_key, - gchar *private_key, - gchar *certificate, - lassoSignatureMethod signature_method) +lasso_server_new(const gchar *metadata, + const gchar *private_key, + const gchar *secret_key, + const gchar *certificate) { LassoServer *server; xmlDocPtr doc; @@ -441,8 +476,12 @@ lasso_server_new(gchar *metadata, /* metadata can be NULL (if server is a LECP) */ /* put server metadata in a LassoNode */ - if (metadata) { + if (metadata != NULL) { doc = xmlParseFile(metadata); + if (doc == NULL) { + message(G_LOG_LEVEL_CRITICAL, "Failed to parse file \"%s\"\n", metadata); + return NULL; + } root = xmlCopyNode(xmlDocGetRootElement(doc), 1); xmlFreeDoc(doc); md_node = lasso_node_new(); @@ -468,11 +507,8 @@ lasso_server_new(gchar *metadata, server->providerID = providerID; } server->private_key = g_strdup(private_key); + server->secret_key = g_strdup(secret_key); server->certificate = g_strdup(certificate); - server->signature_method = signature_method; - - LASSO_PROVIDER(server)->public_key = g_strdup(public_key); - LASSO_PROVIDER(server)->ca_certificate = NULL; return server; } @@ -485,7 +521,7 @@ lasso_server_new_from_dump(gchar *dump) LassoServer *server; LassoProvider *provider; xmlNodePtr providers_xmlNode, provider_xmlNode; - xmlChar *public_key, *ca_certificate, *signature_method; + xmlChar *public_key, *ca_cert_chain, *signature_method; server = LASSO_SERVER(g_object_new(LASSO_TYPE_SERVER, NULL)); @@ -507,6 +543,9 @@ lasso_server_new_from_dump(gchar *dump) /* private key */ server->private_key = lasso_node_get_attr_value(server_node, LASSO_SERVER_PRIVATE_KEY_NODE, NULL); + /* secret key */ + server->secret_key = lasso_node_get_attr_value(server_node, LASSO_SERVER_SECRET_KEY_NODE, NULL); + /* certificate */ server->certificate = lasso_node_get_attr_value(server_node, LASSO_SERVER_CERTIFICATE_NODE, NULL); @@ -528,8 +567,8 @@ lasso_server_new_from_dump(gchar *dump) /* public key */ LASSO_PROVIDER(server)->public_key = lasso_node_get_attr_value(server_node, LASSO_PROVIDER_PUBLIC_KEY_NODE, NULL); - /* ca_certificate */ - LASSO_PROVIDER(server)->ca_certificate = lasso_node_get_attr_value(server_node, LASSO_PROVIDER_CA_CERTIFICATE_NODE, NULL); + /* ca_cert_chain */ + LASSO_PROVIDER(server)->ca_cert_chain = lasso_node_get_attr_value(server_node, LASSO_PROVIDER_CA_CERT_CHAIN_NODE, NULL); /* providers */ providers_node = lasso_node_get_child(server_node, LASSO_SERVER_PROVIDERS_NODE, lassoLassoHRef, NULL); @@ -551,7 +590,7 @@ lasso_server_new_from_dump(gchar *dump) public_key = lasso_node_get_attr_value(provider_node, LASSO_PROVIDER_PUBLIC_KEY_NODE, NULL); /* ca certificate */ - ca_certificate = lasso_node_get_attr_value(provider_node, LASSO_PROVIDER_CA_CERTIFICATE_NODE, NULL); + ca_cert_chain = lasso_node_get_attr_value(provider_node, LASSO_PROVIDER_CA_CERT_CHAIN_NODE, NULL); /* add provider */ provider = lasso_provider_new_from_metadata_node(entity_node); @@ -560,9 +599,9 @@ lasso_server_new_from_dump(gchar *dump) lasso_provider_set_public_key(provider, public_key); xmlFree(public_key); } - if (ca_certificate != NULL) { - lasso_provider_set_ca_certificate(provider, ca_certificate); - xmlFree(ca_certificate); + if (ca_cert_chain != NULL) { + lasso_provider_set_ca_cert_chain(provider, ca_cert_chain); + xmlFree(ca_cert_chain); } lasso_server_add_lasso_provider(server, provider); diff --git a/lasso/id-ff/server.h b/lasso/id-ff/server.h index c163e921..f35783ff 100644 --- a/lasso/id-ff/server.h +++ b/lasso/id-ff/server.h @@ -50,6 +50,7 @@ struct _LassoServer { gchar *providerID; gchar *private_key; + gchar *secret_key; gchar *certificate; lassoSignatureMethod signature_method; /*< private >*/ @@ -60,39 +61,43 @@ struct _LassoServerClass { LassoProviderClass parent; }; -LASSO_EXPORT GType lasso_server_get_type (void); +LASSO_EXPORT GType lasso_server_get_type (void); -LASSO_EXPORT LassoServer* lasso_server_new (gchar *metadata, - gchar *public_key, - gchar *private_key, - gchar *certificate, - lassoSignatureMethod signature_method); +LASSO_EXPORT LassoServer* lasso_server_new (const gchar *metadata, + const gchar *private_key, + const gchar *secret_key, + const gchar *certificate); -LASSO_EXPORT LassoServer* lasso_server_new_from_dump (gchar *dump); +LASSO_EXPORT LassoServer* lasso_server_new_from_dump (gchar *dump); -LASSO_EXPORT gint lasso_server_add_provider (LassoServer *server, - gchar *metadata, - gchar *public_key, - gchar *ca_certificate); +LASSO_EXPORT gint lasso_server_add_provider (LassoServer *server, + gchar *metadata, + gchar *public_key, + gchar *ca_cert_chain); -LASSO_EXPORT LassoServer* lasso_server_copy (LassoServer *server); +LASSO_EXPORT LassoServer* lasso_server_copy (LassoServer *server); -LASSO_EXPORT void lasso_server_destroy (LassoServer *server); +LASSO_EXPORT void lasso_server_destroy (LassoServer *server); -LASSO_EXPORT gchar* lasso_server_dump (LassoServer *server); +LASSO_EXPORT gchar* lasso_server_dump (LassoServer *server); -LASSO_EXPORT gchar* lasso_server_get_first_providerID (LassoServer *server); +LASSO_EXPORT gchar* lasso_server_get_first_providerID (LassoServer *server); -LASSO_EXPORT LassoProvider* lasso_server_get_provider (LassoServer *server, - gchar *providerID, - GError **err); +LASSO_EXPORT LassoProvider* lasso_server_get_provider (LassoServer *server, + gchar *providerID, + GError **err); -LASSO_EXPORT LassoProvider* lasso_server_get_provider_ref (LassoServer *server, - gchar *providerID, - GError **err); +LASSO_EXPORT LassoProvider* lasso_server_get_provider_ref (LassoServer *server, + gchar *providerID, + GError **err); -LASSO_EXPORT gchar* lasso_server_get_providerID_from_hash (LassoServer *server, - gchar *b64_hash); +LASSO_EXPORT gchar* lasso_server_get_providerID_from_hash (LassoServer *server, + gchar *b64_hash); + +LASSO_EXPORT lassoSignatureMethod lasso_server_get_signature_method (LassoServer *server); + +LASSO_EXPORT void lasso_server_set_signature_method (LassoServer *server, + lassoSignatureMethod signature_method); #ifdef __cplusplus } |