summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lasso/Attic/protocols/authn_response.c148
-rw-r--r--lasso/Attic/protocols/authn_response.h31
2 files changed, 145 insertions, 34 deletions
diff --git a/lasso/Attic/protocols/authn_response.c b/lasso/Attic/protocols/authn_response.c
index aa2e9534..2529cfbc 100644
--- a/lasso/Attic/protocols/authn_response.c
+++ b/lasso/Attic/protocols/authn_response.c
@@ -26,9 +26,113 @@
#include <lasso/protocols/authn_response.h>
/*****************************************************************************/
+/* functions */
+/*****************************************************************************/
+
+xmlChar *
+lasso_authn_response_get_protocolProfile(xmlChar *query)
+{
+ xmlChar *protocolProfile;
+
+ protocolProfile = lasso_g_ptr_array_index(lasso_query_get_value(query, "ProtocolProfile"), 0);
+ if (protocolProfile == NULL)
+ protocolProfile = lassoLibProtocolProfileArtifact;
+
+ return (protocolProfile);
+}
+
+/*****************************************************************************/
/* public methods */
/*****************************************************************************/
+void
+lasso_authn_response_add_assertion(LassoAuthnResponse *response,
+ LassoAssertion *assertion,
+ const xmlChar *private_key_file,
+ const xmlChar *certificate_file)
+{
+ xmlDocPtr doc;
+ LassoNode *signature;
+
+ /* FIXME : Signature */
+ doc = xmlNewDoc("1.0"); // <---
+ xmlAddChild((xmlNodePtr)doc,
+ LASSO_NODE_GET_CLASS(response)->get_xmlNode(response));
+
+ signature = lasso_ds_signature_new(doc, xmlSecTransformRsaSha1Id);
+ lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion),
+ LASSO_DS_SIGNATURE(signature));
+ lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(response),
+ LASSO_LIB_ASSERTION(assertion));
+ lasso_ds_signature_sign(LASSO_DS_SIGNATURE(signature),
+ private_key_file,
+ certificate_file);
+}
+
+gboolean
+lasso_authn_response_must_authenticate(LassoAuthnResponse *response,
+ gboolean is_authenticated)
+{
+ GData *gd;
+ gboolean must_authenticate = FALSE;
+ /* default values for ForceAuthn and IsPassive */
+ gboolean forceAuthn = FALSE;
+ gboolean isPassive = TRUE;
+
+ gd = lasso_query_to_dict(LASSO_AUTHN_RESPONSE(response)->query);
+ /* Get ForceAuthn and IsPassive */
+ if (xmlStrEqual(lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ForceAuthn"), 0), "true")) {
+ forceAuthn = TRUE;
+ }
+ if (xmlStrEqual((xmlChar *)lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "IsPassive"), 0), "false")) {
+ isPassive = FALSE;
+ }
+
+ if ((forceAuthn == TRUE || is_authenticated == FALSE) && isPassive == FALSE) {
+ must_authenticate = TRUE;
+ }
+
+ g_datalist_clear(&gd);
+ return (must_authenticate);
+}
+
+gboolean
+lasso_authn_response_verify_signature(LassoAuthnResponse *response,
+ xmlChar *public_key_file,
+ xmlChar *private_key_file)
+{
+ g_return_val_if_fail(LASSO_IS_AUTHN_RESPONSE(response), 0);
+
+ LassoNode *status, *status_code;
+ gboolean signature_status;
+
+ signature_status = lasso_query_verify_signature(LASSO_AUTHN_RESPONSE(response)->query,
+ public_key_file,
+ private_key_file);
+
+ /* Status & StatusCode */
+ if (signature_status == 0 || signature_status == 2) {
+ status = lasso_samlp_status_new();
+ status_code = lasso_samlp_status_code_new();
+ switch (signature_status) {
+ case 0:
+ lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code),
+ lassoLibStatusCodeInvalidSignature);
+ break;
+ case 2:
+ lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code),
+ lassoLibStatusCodeUnsignedAuthnRequest);
+ break;
+ }
+ lasso_samlp_status_set_statusCode(LASSO_SAMLP_STATUS(status),
+ LASSO_SAMLP_STATUS_CODE(status_code));
+ lasso_samlp_response_set_status(LASSO_SAMLP_RESPONSE(response),
+ LASSO_SAMLP_STATUS(status));
+ }
+
+ return (signature_status);
+}
+
/*****************************************************************************/
/* instance and class init functions */
/*****************************************************************************/
@@ -75,11 +179,12 @@ lasso_authn_response_new(xmlChar *query,
GData *gd;
LassoNode *response, *status, *status_code;
const xmlChar *nameIDPolicy;
- gint status_code_value = 1;
- gd = lasso_query_to_dict(query);
response = LASSO_NODE(g_object_new(LASSO_TYPE_AUTHN_RESPONSE, NULL));
+ gd = lasso_query_to_dict(query);
+ LASSO_AUTHN_RESPONSE(response)->query = query;
+
/* ResponseID */
lasso_samlp_response_abstract_set_responseID(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
(const xmlChar *)lasso_build_unique_id(32));
@@ -98,47 +203,36 @@ lasso_authn_response_new(xmlChar *query,
providerID);
/* RelayState */
- if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "RelayState"), 0) != NULL) {
+ if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RelayState"), 0) != NULL) {
lasso_lib_authn_response_set_relayState(LASSO_LIB_AUTHN_RESPONSE(response),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "RelayState"), 0));
+ lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RelayState"), 0));
}
/* InResponseTo */
- if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "RequestID"), 0) != NULL) {
+ if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RequestID"), 0) != NULL) {
lasso_samlp_response_abstract_set_inResponseTo(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "RequestID"), 0));
+ lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RequestID"), 0));
+ LASSO_AUTHN_RESPONSE(response)->requestID = lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "RequestID"), 0);
}
/* consent */
- if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "consent"), 0) != NULL) {
+ if (lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "consent"), 0) != NULL) {
lasso_lib_authn_response_set_consent(LASSO_LIB_AUTHN_RESPONSE(response),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "consent"), 0));
+ lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "consent"), 0));
}
/* Recipient */
lasso_samlp_response_abstract_set_recipient(LASSO_SAMLP_RESPONSE_ABSTRACT(response),
- lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "ProviderID"), 0));
+ lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&gd, "ProviderID"), 0));
/* Status & StatusCode */
- /* StatusCode */
- if (authentication_status == TRUE) {
- nameIDPolicy = lasso_g_ptr_array_index((GPtrArray *)g_datalist_get_data(&(gd), "NameIDPolicy"), 0);
- if (xmlStrEqual(nameIDPolicy, "none") || nameIDPolicy == NULL) {
- printf("no NameIDPolicy or none value\n");
- status_code_value = 0;
- }
- }
- else
- status_code_value = 0;
-
- /* Add Status */
status = lasso_samlp_status_new();
status_code = lasso_samlp_status_code_new();
- if (status_code_value == 0)
- lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code), lassoSamlStatusCodeRequestDenied);
- else
- lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code), lassoSamlStatusCodeSuccess);
- lasso_samlp_status_set_statusCode(LASSO_SAMLP_STATUS(status), LASSO_SAMLP_STATUS_CODE(status_code));
- lasso_samlp_response_set_status(LASSO_SAMLP_RESPONSE(response), LASSO_SAMLP_STATUS(status));
+ lasso_samlp_status_code_set_value(LASSO_SAMLP_STATUS_CODE(status_code),
+ lassoSamlStatusCodeSuccess);
+ lasso_samlp_status_set_statusCode(LASSO_SAMLP_STATUS(status),
+ LASSO_SAMLP_STATUS_CODE(status_code));
+ lasso_samlp_response_set_status(LASSO_SAMLP_RESPONSE(response),
+ LASSO_SAMLP_STATUS(status));
return (response);
}
diff --git a/lasso/Attic/protocols/authn_response.h b/lasso/Attic/protocols/authn_response.h
index b4bceaf7..2413ad9b 100644
--- a/lasso/Attic/protocols/authn_response.h
+++ b/lasso/Attic/protocols/authn_response.h
@@ -31,6 +31,7 @@ extern "C" {
#endif /* __cplusplus */
#include <lasso/xml/lib_authn_response.h>
+#include <lasso/protocols/elements/assertion.h>
#define LASSO_TYPE_AUTHN_RESPONSE (lasso_authn_response_get_type())
#define LASSO_AUTHN_RESPONSE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_AUTHN_RESPONSE, LassoAuthnResponse))
@@ -45,20 +46,36 @@ typedef struct _LassoAuthnResponseClass LassoAuthnResponseClass;
struct _LassoAuthnResponse {
LassoLibAuthnResponse parent;
/*< public >*/
- xmlChar *request_query;
- gboolean mustAuthenticate;
+ xmlChar *requestID;
/*< private >*/
+ xmlChar *query;
};
struct _LassoAuthnResponseClass {
LassoLibAuthnResponseClass parent;
};
-LASSO_EXPORT GType lasso_authn_response_get_type (void);
-LASSO_EXPORT LassoNode* lasso_authn_response_new (xmlChar *query,
- const xmlChar *providerID,
- gboolean signature_status,
- gboolean authentication_status);
+LASSO_EXPORT xmlChar* lasso_authn_response_get_protocolProfile (xmlChar *query);
+
+
+LASSO_EXPORT GType lasso_authn_response_get_type (void);
+
+LASSO_EXPORT LassoNode* lasso_authn_response_new (xmlChar *query,
+ const xmlChar *providerID,
+ gboolean signature_status,
+ gboolean authentication_status);
+
+LASSO_EXPORT void lasso_authn_response_add_assertion (LassoAuthnResponse *response,
+ LassoAssertion *assertion,
+ const xmlChar *private_key_file,
+ const xmlChar *certificate_file);
+
+LASSO_EXPORT gboolean lasso_authn_response_must_authenticate (LassoAuthnResponse *response,
+ gboolean is_authenticated);
+
+LASSO_EXPORT gboolean lasso_authn_response_verify_signature (LassoAuthnResponse *response,
+ xmlChar *public_key_file,
+ xmlChar *private_key_file);
#ifdef __cplusplus
}
generated by cgit (git 2.34.1) at 2026-01-06 13:07:01 +0000