diff options
| -rw-r--r-- | lasso/id-ff/logout.c | 23 | ||||
| -rw-r--r-- | lasso/xml/lib_logout_request.c | 12 | ||||
| -rw-r--r-- | lasso/xml/lib_logout_response.c | 8 | ||||
| -rw-r--r-- | lasso/xml/samlp_request_abstract.c | 4 | ||||
| -rw-r--r-- | lasso/xml/samlp_response_abstract.c | 93 | ||||
| -rw-r--r-- | lasso/xml/samlp_response_abstract.h | 4 |
6 files changed, 56 insertions, 88 deletions
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index a4384207..ec679af7 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -86,16 +86,10 @@ lasso_logout_build_request_msg(LassoLogout *logout) /* build the logout request message */ if (logout->initial_http_request_method == LASSO_HTTP_METHOD_SOAP) { -#if 0 /* XXX: signatures are done differently */ - /* sign the request message */ - lasso_samlp_request_abstract_sign_signature_tmpl( - LASSO_SAMLP_REQUEST_ABSTRACT(profile->request), - profile->server->private_key, - profile->server->certificate); -#endif /* build the logout request message */ profile->msg_url = lasso_provider_get_metadata_one(remote_provider, "SoapEndpoint"); - profile->msg_body = lasso_node_export_to_soap(profile->request, NULL, NULL); + profile->msg_body = lasso_node_export_to_soap(profile->request, + profile->server->private_key, profile->server->certificate); } if (logout->initial_http_request_method == LASSO_HTTP_METHOD_REDIRECT) { /* build and optionaly sign the logout request QUERY message */ @@ -176,18 +170,9 @@ lasso_logout_build_response_msg(LassoLogout *logout) /* build logout response message */ switch (profile->http_request_method) { case LASSO_HTTP_METHOD_SOAP: - /* optionaly sign the response message */ - if (profile->server->private_key) { -#if 0 /* XXX: signature different now */ - lasso_samlp_response_abstract_set_signature(LASSO_SAMLP_RESPONSE_ABSTRACT(profile->response), - profile->server->signature_method, - profile->server->private_key, - profile->server->certificate); -#endif - } - profile->msg_url = NULL; - profile->msg_body = lasso_node_export_to_soap(profile->response, NULL, NULL); + profile->msg_body = lasso_node_export_to_soap(profile->response, + profile->server->private_key, profile->server->certificate); break; case LASSO_HTTP_METHOD_REDIRECT: url = lasso_provider_get_metadata_one(provider, "SingleLogoutServiceReturnURL"); diff --git a/lasso/xml/lib_logout_request.c b/lasso/xml/lib_logout_request.c index 07cdf968..e724ba0d 100644 --- a/lasso/xml/lib_logout_request.c +++ b/lasso/xml/lib_logout_request.c @@ -270,16 +270,8 @@ lasso_lib_logout_request_new_full(char *providerID, LassoSamlNameIdentifier *nam request->MajorVersion = LASSO_LIB_MAJOR_VERSION_N; request->MinorVersion = LASSO_LIB_MINOR_VERSION_N; request->IssueInstant = lasso_get_current_time(); - - /* set the signature template */ - if (sign_type != LASSO_SIGNATURE_TYPE_NONE) { -#if 0 /* XXX: signatures are done differently */ - lasso_samlp_request_abstract_set_signature_tmpl( - request, sign_type, sign_method, NULL); -#endif - } - - /* ProviderID */ + request->sign_type = sign_type; + request->sign_method = sign_method; LASSO_LIB_LOGOUT_REQUEST(request)->ProviderID = g_strdup(providerID); LASSO_LIB_LOGOUT_REQUEST(request)->NameIdentifier = g_object_ref(nameIdentifier); diff --git a/lasso/xml/lib_logout_response.c b/lasso/xml/lib_logout_response.c index eb59f46e..eb8199c2 100644 --- a/lasso/xml/lib_logout_response.c +++ b/lasso/xml/lib_logout_response.c @@ -112,12 +112,8 @@ lasso_lib_logout_response_new_full(char *providerID, const char *statusCodeValue LASSO_SAMLP_RESPONSE_ABSTRACT(response), LASSO_SAMLP_REQUEST_ABSTRACT(request)->RequestID, request->ProviderID); -#if 0 /* XXX: signature to do */ - /* set the signature template */ - if (sign_type != LASSO_SIGNATURE_TYPE_NONE) { - lasso_samlp_response_abstract_set_signature_tmpl(response, sign_type, sign_method); - } -#endif + LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_type = sign_type; + LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_method = sign_method; response->ProviderID = g_strdup(providerID); response->RelayState = g_strdup(request->RelayState); diff --git a/lasso/xml/samlp_request_abstract.c b/lasso/xml/samlp_request_abstract.c index 2f1ad213..e64c771d 100644 --- a/lasso/xml/samlp_request_abstract.c +++ b/lasso/xml/samlp_request_abstract.c @@ -23,8 +23,6 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "errors.h" - #include <xmlsec/xmldsig.h> #include <xmlsec/templates.h> @@ -174,7 +172,7 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) } -char* +static char* get_sign_attr_name() { return "RequestID"; diff --git a/lasso/xml/samlp_response_abstract.c b/lasso/xml/samlp_response_abstract.c index 4f382cbf..25f2e171 100644 --- a/lasso/xml/samlp_response_abstract.c +++ b/lasso/xml/samlp_response_abstract.c @@ -23,7 +23,8 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -#include "errors.h" +#include <xmlsec/xmldsig.h> +#include <xmlsec/templates.h> #include <lasso/xml/samlp_response_abstract.h> @@ -52,55 +53,6 @@ From oasis-sstc-saml-schema-assertion-1.0.xsd: */ /*****************************************************************************/ -/* public methods */ -/*****************************************************************************/ - -#if 0 -gint -lasso_samlp_response_abstract_set_signature(LassoSamlpResponseAbstract *node, - gint sign_method, - const xmlChar *private_key_file, - const xmlChar *certificate_file) -{ - return 0; -} - -gint -lasso_samlp_response_abstract_set_signature_tmpl(LassoSamlpResponseAbstract *node, - lassoSignatureType sign_type, - lassoSignatureMethod sign_method) -{ - LassoNodeClass *class; - - return 0; /* FIXME: signature disabled for now */ - - g_return_val_if_fail(LASSO_IS_SAMLP_RESPONSE_ABSTRACT(node), - LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); - - class = LASSO_NODE_GET_CLASS(node); - - return class->add_signature_tmpl(LASSO_NODE (node), sign_type, sign_method, NULL); -} - -gint -lasso_samlp_response_abstract_sign_signature_tmpl(LassoSamlpResponseAbstract *node, - const xmlChar *private_key_file, const xmlChar *certificate_file) -{ - LassoNodeClass *class; - - return 0; /* FIXME: signature disabled for now */ - - g_return_val_if_fail(LASSO_IS_SAMLP_RESPONSE_ABSTRACT(node), - LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ); - - class = LASSO_NODE_GET_CLASS(node); - - return class->sign_signature_tmpl(LASSO_NODE (node), private_key_file, - certificate_file); -} -#endif - -/*****************************************************************************/ /* private methods */ /*****************************************************************************/ @@ -141,6 +93,38 @@ get_xmlNode(LassoNode *node) if (response->Recipient) xmlSetProp(xmlnode, "Recipient", t); + /* signature stuff */ + if (response->sign_type != LASSO_SIGNATURE_TYPE_NONE) { + xmlDoc *doc; + xmlNode *signature = NULL, *reference, *key_info; + char *uri; + + if (response->sign_method == LASSO_SIGNATURE_METHOD_RSA_SHA1) { + signature = xmlSecTmplSignatureCreate(NULL, xmlSecTransformExclC14NId, + xmlSecTransformRsaSha1Id, NULL); + } + if (response->sign_method == LASSO_SIGNATURE_METHOD_DSA_SHA1) { + signature = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId, + xmlSecTransformDsaSha1Id, NULL); + } + /* get out if signature == NULL ? */ + xmlAddChild(xmlnode, signature); + + uri = g_strdup_printf("#%s", response->ResponseID); + reference = xmlSecTmplSignatureAddReference(signature, + xmlSecTransformSha1Id, NULL, uri, NULL); + g_free(uri); + + /* add enveloped transform */ + xmlSecTmplReferenceAddTransform(reference, xmlSecTransformEnvelopedId); + /* add <dsig:KeyInfo/> */ + key_info = xmlSecTmplSignatureEnsureKeyInfo(signature, NULL); + if (response->sign_type == LASSO_SIGNATURE_TYPE_WITHX509) { + xmlSecTmplKeyInfoAddX509Data(key_info); + } + } + + return xmlnode; } @@ -204,6 +188,13 @@ init_from_xml(LassoNode *node, xmlNode *xmlnode) } } +static char* +get_sign_attr_name() +{ + return "ResponseID"; +} + + /*****************************************************************************/ /* instance and class init functions */ @@ -218,6 +209,7 @@ instance_init(LassoSamlpResponseAbstract *node) node->IssueInstant = NULL; node->InResponseTo = NULL; node->Recipient = NULL; + node->sign_type = LASSO_SIGNATURE_TYPE_NONE; } static void @@ -228,6 +220,7 @@ class_init(LassoSamlpResponseAbstractClass *klass) LASSO_NODE_CLASS(klass)->init_from_xml = init_from_xml; LASSO_NODE_CLASS(klass)->build_query = build_query; LASSO_NODE_CLASS(klass)->init_from_query = init_from_query; + LASSO_NODE_CLASS(klass)->get_sign_attr_name = get_sign_attr_name; } GType diff --git a/lasso/xml/samlp_response_abstract.h b/lasso/xml/samlp_response_abstract.h index 737bfef2..af70675f 100644 --- a/lasso/xml/samlp_response_abstract.h +++ b/lasso/xml/samlp_response_abstract.h @@ -57,6 +57,10 @@ struct _LassoSamlpResponseAbstract { char *IssueInstant; /* <attribute name="Recipient" type="anyURI" use="optional"/> */ char *Recipient; + + /* ds:Signature stuffs */ + lassoSignatureType sign_type; + lassoSignatureMethod sign_method; }; struct _LassoSamlpResponseAbstractClass { |