diff options
| -rw-r--r-- | lasso/saml-2.0/login.c | 20 | ||||
| -rw-r--r-- | lasso/xml/private.h | 1 | ||||
| -rw-r--r-- | lasso/xml/saml-2.0/saml2_encrypted_element.c | 2 | ||||
| -rw-r--r-- | lasso/xml/saml-2.0/saml2_encrypted_element.h | 2 | ||||
| -rw-r--r-- | lasso/xml/xml.c | 6 |
5 files changed, 28 insertions, 3 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 2e93877f..283295e5 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -39,7 +39,6 @@ #include <lasso/xml/saml-2.0/saml2_audience_restriction.h> #include <lasso/xml/saml-2.0/saml2_authn_statement.h> - static int lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obtained); static gboolean lasso_saml20_login_must_ask_for_consent_private(LassoLogin *login); static gint lasso_saml20_login_process_response_status_and_assertion(LassoLogin *login); @@ -497,6 +496,7 @@ lasso_saml20_login_process_federation(LassoLogin *login, gboolean is_consent_obt return 0; } + int lasso_saml20_login_build_assertion(LassoLogin *login, const char *authenticationMethod, @@ -512,6 +512,9 @@ lasso_saml20_login_build_assertion(LassoLogin *login, LassoSamlp2NameIDPolicy *name_id_policy; LassoSaml2NameID *name_id = NULL; LassoSaml2AuthnStatement *authentication_statement; + LassoProvider *provider = NULL; + xmlNode *encrypted_node = NULL; + LassoSaml2EncryptedElement *encrypted_name_id = NULL; federation = g_hash_table_lookup(profile->identity->federations, profile->remote_providerID); @@ -558,6 +561,21 @@ lasso_saml20_login_build_assertion(LassoLogin *login, federation->local_nameIdentifier); } } + + provider = g_hash_table_lookup(profile->server->providers, profile->remote_providerID); + + /* If there is a key, encrypt. Maybe there should be another condition ? */ + if (provider && provider->private_data->encryption_public_key != NULL) { + encrypted_node = lasso_node_encrypt(LASSO_NODE(assertion->Subject->NameID), + provider->private_data->encryption_public_key); + if (encrypted_node != NULL) { + encrypted_name_id = LASSO_SAML2_ENCRYPTED_ELEMENT( + lasso_saml2_encrypted_element_new()); + encrypted_name_id->EncryptedData = encrypted_node; + assertion->Subject->EncryptedID = encrypted_name_id; + assertion->Subject->NameID = NULL; + } + } authentication_statement = LASSO_SAML2_AUTHN_STATEMENT(lasso_saml2_authn_statement_new()); authentication_statement->AuthnInstant = g_strdup(authenticationInstant); diff --git a/lasso/xml/private.h b/lasso/xml/private.h index 267bde4b..4345bd03 100644 --- a/lasso/xml/private.h +++ b/lasso/xml/private.h @@ -44,6 +44,7 @@ typedef enum { SNIPPET_EXTENSION, SNIPPET_SIGNATURE, SNIPPET_LIST_XMLNODES, + SNIPPET_XMLNODE, /* transformers for content transformation */ SNIPPET_STRING = 1 << 0, /* default, can be omitted */ diff --git a/lasso/xml/saml-2.0/saml2_encrypted_element.c b/lasso/xml/saml-2.0/saml2_encrypted_element.c index 84b69923..ba7558a1 100644 --- a/lasso/xml/saml-2.0/saml2_encrypted_element.c +++ b/lasso/xml/saml-2.0/saml2_encrypted_element.c @@ -41,7 +41,7 @@ static struct XmlSnippet schema_snippets[] = { - { "EncryptedData", SNIPPET_NODE, + { "EncryptedData", SNIPPET_XMLNODE, G_STRUCT_OFFSET(LassoSaml2EncryptedElement, EncryptedData) }, { "EncryptedKey", SNIPPET_NODE, G_STRUCT_OFFSET(LassoSaml2EncryptedElement, EncryptedKey) }, diff --git a/lasso/xml/saml-2.0/saml2_encrypted_element.h b/lasso/xml/saml-2.0/saml2_encrypted_element.h index 8ef58871..c48da752 100644 --- a/lasso/xml/saml-2.0/saml2_encrypted_element.h +++ b/lasso/xml/saml-2.0/saml2_encrypted_element.h @@ -55,7 +55,7 @@ struct _LassoSaml2EncryptedElement { /*< public >*/ /* elements */ - /* XXX */ void *EncryptedData; + xmlNode *EncryptedData; /* XXX */ void *EncryptedKey; }; diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c index c131a4e3..7e83c140 100644 --- a/lasso/xml/xml.c +++ b/lasso/xml/xml.c @@ -746,6 +746,9 @@ lasso_node_dispose(GObject *object) case SNIPPET_NODE_IN_CHILD: lasso_node_destroy(*value); break; + case SNIPPET_XMLNODE: + xmlFreeNode(*value); + break; case SNIPPET_EXTENSION: case SNIPPET_LIST_NODES: case SNIPPET_LIST_CONTENT: @@ -1265,6 +1268,9 @@ lasso_node_build_xmlNode_from_snippets(LassoNode *node, xmlNode *xmlnode, elem = g_list_next(elem); } break; + case SNIPPET_XMLNODE: + xmlAddChild(xmlnode, xmlCopyNode((xmlNode *)value, 1)); + break; case SNIPPET_SIGNATURE: lasso_node_add_signature_template(node, xmlnode, snippet); break; |