summaryrefslogtreecommitdiffstats
path: root/lasso/id-wsf/wsf_profile.c
diff options
context:
space:
mode:
Diffstat (limited to 'lasso/id-wsf/wsf_profile.c')
-rw-r--r--lasso/id-wsf/wsf_profile.c126
1 files changed, 70 insertions, 56 deletions
diff --git a/lasso/id-wsf/wsf_profile.c b/lasso/id-wsf/wsf_profile.c
index 92a9e5a0..fe2a34eb 100644
--- a/lasso/id-wsf/wsf_profile.c
+++ b/lasso/id-wsf/wsf_profile.c
@@ -45,6 +45,8 @@
#include <lasso/id-ff/server.h>
#include <lasso/id-ff/providerprivate.h>
+#include <lasso/id-wsf/wsf_profile_private.h>
+
struct _LassoWsfProfilePrivate
{
gboolean dispose_has_run;
@@ -56,6 +58,21 @@ struct _LassoWsfProfilePrivate
gint lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile,
xmlDoc *doc, xmlSecKey *public_key);
+static gboolean lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile);
+static gboolean lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile);
+static gint lasso_wsf_profile_verify_credential_signature(
+ LassoWsfProfile *profile, xmlDoc *doc, xmlNode *credential);
+static gint lasso_wsf_profile_add_credential_signature(LassoWsfProfile *profile,
+ xmlDoc *doc, xmlNode *credential, LassoSignatureMethod sign_method);
+static xmlSecKey* lasso_wsf_profile_get_public_key_from_credential(
+ LassoWsfProfile *profile, xmlNode *credential);
+static gint lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile, xmlDoc *doc);
+static gint lasso_wsf_profile_add_soap_signature(LassoWsfProfile *profile,
+ xmlDoc *doc, xmlNode *envelope_node, LassoSignatureMethod sign_method);
+static int lasso_wsf_profile_ensure_soap_credentials_signature(
+ LassoWsfProfile *profile, xmlDoc *doc, xmlNode *soap_envelope);
+static LassoDiscoDescription* lasso_wsf_profile_get_description_auto(
+ LassoDiscoServiceInstance *si, const gchar *security_mech_id);
/*****************************************************************************/
/* private methods */
@@ -94,7 +111,7 @@ lasso_wsf_profile_set_public_key(LassoWsfProfile *profile, const char *public_ke
profile->private_data->public_key = g_strdup(public_key);
}
-LassoDiscoDescription*
+static LassoDiscoDescription*
lasso_wsf_profile_get_description_auto(LassoDiscoServiceInstance *si, const gchar *security_mech_id)
{
GList *iter, *iter2;
@@ -124,7 +141,7 @@ lasso_wsf_profile_get_fault(LassoWsfProfile *profile)
return profile->private_data->fault;
}
-gboolean
+static gboolean
lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile)
{
GList *iter;
@@ -136,11 +153,11 @@ lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile)
iter = profile->private_data->description->SecurityMechID;
while(iter) {
security_mech_id = iter->data;
- if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 || \
- strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 || \
- strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0) {
- return TRUE;
- break;
+ if (strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0 ||
+ strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 ||
+ strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0) {
+ return TRUE;
+ break;
}
iter = iter->next;
}
@@ -148,7 +165,7 @@ lasso_wsf_profile_has_saml_authentication(LassoWsfProfile *profile)
return FALSE;
}
-gboolean
+static gboolean
lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile)
{
GList *iter;
@@ -158,13 +175,12 @@ lasso_wsf_profile_has_x509_authentication(LassoWsfProfile *profile)
return FALSE;
iter = profile->private_data->description->SecurityMechID;
- while(iter) {
+ while (iter) {
security_mech_id = iter->data;
- if (strcmp(security_mech_id, LASSO_SECURITY_MECH_X509) == 0 || \
- strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_X509) == 0 || \
- strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_X509) == 0) {
- return TRUE;
- break;
+ if (strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_X509) == 0 ||
+ strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_X509) == 0 ||
+ strcmp(security_mech_id, LASSO_SECURITY_MECH_X509) == 0) {
+ return TRUE;
}
iter = iter->next;
}
@@ -178,9 +194,9 @@ lasso_security_mech_id_is_saml_authentication(const gchar *security_mech_id)
if (!security_mech_id)
return FALSE;
- if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 || \
- strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 || \
- strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0)
+ if (strcmp(security_mech_id, LASSO_SECURITY_MECH_SAML) == 0 ||
+ strcmp(security_mech_id, LASSO_SECURITY_MECH_TLS_SAML) == 0 ||
+ strcmp(security_mech_id, LASSO_SECURITY_MECH_CLIENT_TLS_SAML) == 0)
return TRUE;
return FALSE;
@@ -192,9 +208,9 @@ lasso_wsf_profile_set_description(LassoWsfProfile *profile, LassoDiscoDescriptio
profile->private_data->description = g_object_ref(description);
}
-gint
-lasso_wsf_profile_verify_credential_signature(LassoWsfProfile *profile,
- xmlDoc *doc, xmlNode *credential)
+static gint
+lasso_wsf_profile_verify_credential_signature(
+ LassoWsfProfile *profile, xmlDoc *doc, xmlNode *credential)
{
LassoProvider *lasso_provider;
@@ -273,10 +289,9 @@ lasso_wsf_profile_verify_credential_signature(LassoWsfProfile *profile,
return 0;
}
-gint
+static gint
lasso_wsf_profile_add_credential_signature(LassoWsfProfile *profile,
- xmlDoc *doc, xmlNode *credential,
- LassoSignatureMethod sign_method)
+ xmlDoc *doc, xmlNode *credential, LassoSignatureMethod sign_method)
{
xmlNode *signature = NULL, *sign_tmpl, *reference, *key_info;
char *uri;
@@ -342,7 +357,7 @@ lasso_wsf_profile_add_credential_signature(LassoWsfProfile *profile,
return 0;
}
-xmlSecKey*
+static xmlSecKey*
lasso_wsf_profile_get_public_key_from_credential(LassoWsfProfile *profile, xmlNode *credential)
{
xmlNode *authentication_statement, *subject, *subject_confirmation, *key_info;
@@ -352,8 +367,9 @@ lasso_wsf_profile_get_public_key_from_credential(LassoWsfProfile *profile, xmlNo
/* get AuthenticationStatement element */
authentication_statement = credential->children;
while (authentication_statement) {
- if (authentication_statement->type == XML_ELEMENT_NODE && \
- strcmp((char*)authentication_statement->name, "AuthenticationStatement") == 0)
+ if (authentication_statement->type == XML_ELEMENT_NODE &&
+ strcmp((char*)authentication_statement->name,
+ "AuthenticationStatement") == 0)
break;
authentication_statement = authentication_statement->next;
}
@@ -458,7 +474,7 @@ lasso_wsf_profile_get_public_key_from_credential(LassoWsfProfile *profile, xmlNo
return public_key;
}
-gint
+static gint
lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile, xmlDoc *doc)
{
xmlXPathContext *xpathCtx = NULL;
@@ -475,34 +491,31 @@ lasso_wsf_profile_verify_saml_authentication(LassoWsfProfile *profile, xmlDoc *d
xpathObj = xmlXPathEvalExpression((xmlChar*)"//wsse:Security/saml:Assertion", xpathCtx);
/* FIXME: Need to consider more every credentials. */
- if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr)
- printf("OK ca a l'air bon ...\n");
- else
+ if (xpathObj->nodesetval == NULL || xpathObj->nodesetval->nodeNr == 0) {
return LASSO_ERROR_UNDEFINED;
+ }
credential = xpathObj->nodesetval->nodeTab[0];
res = lasso_wsf_profile_verify_credential_signature(profile, doc, credential);
- if (res < 0) return res;
- printf("credential signature is ok\n");
+ if (res < 0)
+ return res;
public_key = lasso_wsf_profile_get_public_key_from_credential(profile, credential);
- if (!public_key)
+ if (public_key == NULL)
return LASSO_ERROR_UNDEFINED;
- printf("Xml sec public key found\n");
res = lasso_wsf_profile_verify_x509_authentication(profile, doc, public_key);
if (res != 0)
return res;
- printf("soap signature is ok\n");
return 0;
}
-gint
-lasso_wsf_profile_add_soap_signature(LassoWsfProfile *profile, xmlDoc *doc, xmlNode *envelope_node,
- LassoSignatureMethod sign_method)
+static gint
+lasso_wsf_profile_add_soap_signature(LassoWsfProfile *profile,
+ xmlDoc *doc, xmlNode *envelope_node, LassoSignatureMethod sign_method)
{
xmlNode *signature = NULL, *sign_tmpl, *reference, *key_info, *t;
xmlNode *header = NULL, *provider = NULL, *correlation = NULL, *security = NULL;
@@ -744,7 +757,6 @@ lasso_wsf_profile_verify_x509_authentication(LassoWsfProfile *profile,
xmlSecDSigCtxDestroy(dsigCtx);
return LASSO_DS_ERROR_INVALID_SIGNATURE;
}
- printf("ok\n");
return 0;
}
@@ -1023,16 +1035,15 @@ lasso_wsf_profile_build_soap_request_msg(LassoWsfProfile *profile)
LassoSoapHeader *header;
LassoWsseSecurity *security = NULL;
int ret;
-
- GList *iter;
-
+ GList *iter = NULL;
xmlNode *security_xmlNode, *credential;
-
xmlOutputBuffer *buf;
xmlCharEncodingHandler *handler;
-
- xmlDoc *doc;
+ xmlDoc *doc = NULL;
xmlNode *envelope_node = NULL;
+ xmlXPathContext *xpathCtx = NULL;
+ xmlXPathObject *xpathObj = NULL;
+
g_return_val_if_fail(LASSO_IS_WSF_PROFILE(profile),
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
@@ -1040,8 +1051,8 @@ lasso_wsf_profile_build_soap_request_msg(LassoWsfProfile *profile)
envelope = profile->soap_envelope_request;
/* FIXME: find a better way to add needed security element */
- if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||\
- lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
+ if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||
+ lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
security = lasso_wsse_security_new();
header = envelope->Header;
header->Other = g_list_append(header->Other, security);
@@ -1054,10 +1065,6 @@ lasso_wsf_profile_build_soap_request_msg(LassoWsfProfile *profile)
if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE) {
if (profile->private_data->credentials) {
- printf("Y a du credential dans l'air ...\n");
- xmlXPathContext *xpathCtx = NULL;
- xmlXPathObject *xpathObj;
-
xpathCtx = xmlXPathNewContext(doc);
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"wsse", (xmlChar*)LASSO_WSSE_HREF);
@@ -1084,6 +1091,11 @@ lasso_wsf_profile_build_soap_request_msg(LassoWsfProfile *profile)
credential list */
g_list_free(profile->private_data->credentials);
}
+
+ xmlXPathFreeContext(xpathCtx);
+ xmlXPathFreeObject(xpathObj);
+ xpathCtx = NULL;
+ xpathObj = NULL;
}
/* FIXME: do we need to sign if SAML authentication or X509 authentication ? */
@@ -1112,10 +1124,9 @@ lasso_wsf_profile_build_soap_request_msg(LassoWsfProfile *profile)
return 0;
}
-int
+static int
lasso_wsf_profile_ensure_soap_credentials_signature(LassoWsfProfile *profile,
- xmlDoc *doc,
- xmlNode *soap_envelope)
+ xmlDoc *doc, xmlNode *soap_envelope)
{
xmlXPathContext *xpathCtx = NULL;
xmlXPathObject *xpathObj;
@@ -1135,6 +1146,9 @@ lasso_wsf_profile_ensure_soap_credentials_signature(LassoWsfProfile *profile,
}
}
+ xmlXPathFreeContext(xpathCtx);
+ xmlXPathFreeObject(xpathObj);
+
return 0;
}
@@ -1156,8 +1170,8 @@ lasso_wsf_profile_build_soap_response_msg(LassoWsfProfile *profile)
/* FIXME: find a better way to add needed security element */
envelope = profile->soap_envelope_response;
- if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||\
- lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
+ if (lasso_wsf_profile_has_saml_authentication(profile) == TRUE ||
+ lasso_wsf_profile_has_x509_authentication(profile) == TRUE) {
security = lasso_wsse_security_new();
header = envelope->Header;
header->Other = g_list_append(header->Other, security);
generated by cgit (git 2.34.1) at 2024-10-02 14:29:32 +0000