diff options
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/Attic/protocols/elements/authentication_statement.c | 60 | ||||
-rw-r--r-- | lasso/Attic/protocols/elements/authentication_statement.h | 2 | ||||
-rw-r--r-- | lasso/id-ff/login.c | 71 |
3 files changed, 32 insertions, 101 deletions
diff --git a/lasso/Attic/protocols/elements/authentication_statement.c b/lasso/Attic/protocols/elements/authentication_statement.c index 110e8f6f..32d16e87 100644 --- a/lasso/Attic/protocols/elements/authentication_statement.c +++ b/lasso/Attic/protocols/elements/authentication_statement.c @@ -69,7 +69,7 @@ GType lasso_authentication_statement_get_type() { LassoNode* lasso_authentication_statement_new(const xmlChar *authenticationMethod, const xmlChar *reauthenticateOnOrAfter, - LassoSamlNameIdentifier *identifier, + LassoSamlNameIdentifier *sp_identifier, LassoSamlNameIdentifier *idp_identifier) { LassoNode *statement; @@ -78,12 +78,8 @@ lasso_authentication_statement_new(const xmlChar *authenticationMethod gchar *str; xmlChar *time; - if (identifier != NULL) { - g_return_val_if_fail(LASSO_IS_SAML_NAME_IDENTIFIER(identifier), NULL); - } g_return_val_if_fail(LASSO_IS_SAML_NAME_IDENTIFIER(idp_identifier), NULL); - statement = LASSO_NODE(g_object_new(LASSO_TYPE_AUTHENTICATION_STATEMENT, NULL)); lasso_saml_authentication_statement_set_authenticationMethod(LASSO_SAML_AUTHENTICATION_STATEMENT(statement), @@ -96,46 +92,42 @@ lasso_authentication_statement_new(const xmlChar *authenticationMethod reauthenticateOnOrAfter); subject = lasso_lib_subject_new(); - if (identifier == NULL) { - /* create a new NameIdentifier and use idp_identifier data to fill it */ - str = lasso_node_get_content(LASSO_NODE(idp_identifier), NULL); - new_identifier = lasso_saml_name_identifier_new(str); - xmlFree(str); - str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "NameQualifier", NULL); - if (str != NULL) { - lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(new_identifier), str); - xmlFree(str); + if (sp_identifier == NULL) { + if (idp_identifier != NULL) { + new_identifier = lasso_node_copy(LASSO_NODE(idp_identifier)); } - str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "Format", NULL); - if (str != NULL) { - lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(new_identifier), str); - xmlFree(str); + else { + message(G_LOG_LEVEL_CRITICAL, "Failed to create the authentication statement, both name identifiers are NULL\n"); + lasso_node_destroy(statement); + return (NULL); } } else { - new_identifier = lasso_node_copy(LASSO_NODE(identifier)); + new_identifier = lasso_node_copy(LASSO_NODE(sp_identifier)); } lasso_saml_subject_set_nameIdentifier(LASSO_SAML_SUBJECT(subject), LASSO_SAML_NAME_IDENTIFIER(new_identifier)); lasso_node_destroy(new_identifier); - /* create a new IdpProvidedNameIdentifier and use idp_identifier data to fill it */ - str = lasso_node_get_content(LASSO_NODE(idp_identifier), NULL); - new_idp_identifier = lasso_lib_idp_provided_name_identifier_new(str); - xmlFree(str); - str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "NameQualifier", NULL); - if (str != NULL) { - lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str); - xmlFree(str); - } - str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "Format", NULL); - if (str != NULL) { - lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str); + if (sp_identifier != NULL) { + /* create a new IdpProvidedNameIdentifier and use idp_identifier data to fill it */ + str = lasso_node_get_content(LASSO_NODE(idp_identifier), NULL); + new_idp_identifier = lasso_lib_idp_provided_name_identifier_new(str); xmlFree(str); + str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "NameQualifier", NULL); + if (str != NULL) { + lasso_saml_name_identifier_set_nameQualifier(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str); + xmlFree(str); + } + str = lasso_node_get_attr_value(LASSO_NODE(idp_identifier), "Format", NULL); + if (str != NULL) { + lasso_saml_name_identifier_set_format(LASSO_SAML_NAME_IDENTIFIER(new_idp_identifier), str); + xmlFree(str); + } + lasso_lib_subject_set_idpProvidedNameIdentifier(LASSO_LIB_SUBJECT(subject), + LASSO_LIB_IDP_PROVIDED_NAME_IDENTIFIER(new_idp_identifier)); + lasso_node_destroy(new_idp_identifier); } - lasso_lib_subject_set_idpProvidedNameIdentifier(LASSO_LIB_SUBJECT(subject), - LASSO_LIB_IDP_PROVIDED_NAME_IDENTIFIER(new_idp_identifier)); - lasso_node_destroy(new_idp_identifier); /* SubjectConfirmation & Subject */ subject_confirmation = lasso_saml_subject_confirmation_new(); diff --git a/lasso/Attic/protocols/elements/authentication_statement.h b/lasso/Attic/protocols/elements/authentication_statement.h index 4ee99c59..0b354349 100644 --- a/lasso/Attic/protocols/elements/authentication_statement.h +++ b/lasso/Attic/protocols/elements/authentication_statement.h @@ -55,7 +55,7 @@ struct _LassoAuthenticationStatementClass { LASSO_EXPORT GType lasso_authentication_statement_get_type (void); LASSO_EXPORT LassoNode* lasso_authentication_statement_new (const xmlChar *authenticationMethod, const xmlChar *reauthenticateOnOrAfter, - LassoSamlNameIdentifier *identifier, + LassoSamlNameIdentifier *sp_identifier, LassoSamlNameIdentifier *idp_identifier); #ifdef __cplusplus diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 4489028b..67bb64aa 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -47,61 +47,6 @@ struct _LassoLoginPrivate /*****************************************************************************/ /** - * lasso_login_get_assertion_nameIdentifier: - * @assertion: an assertion - * @err: return location for an allocated GError, or NULL to ignore errors - * - * An assertion may contain 2 NameIdentifier elements (one called NameIdentifier - * and the other called IDPProvidedNameIdentifier). - * If contents of the 2 name identifiers are equal then returns one of both - * else returns the NameIdentifier content. - * If both contents are NULL or NameIdentifier elements are missing then - * returns NULL. - * - * Return value: a newly allocated string or NULL - **/ -static gchar* -lasso_login_get_assertion_nameIdentifier(LassoNode *assertion, - GError **err) -{ - xmlChar *ni, *idp_ni; - - if (err != NULL && *err != NULL) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_ERR_CHECK_FAILED, - lasso_strerror(LASSO_PARAM_ERROR_ERR_CHECK_FAILED)); - g_return_val_if_fail (err == NULL || *err == NULL, NULL); - } - if (LASSO_IS_NODE(assertion) == FALSE) { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ, - lasso_strerror(LASSO_PARAM_ERROR_BADTYPE_OR_NULL_OBJ)); - g_return_val_if_fail(LASSO_IS_NODE(assertion), NULL); - } - - ni = lasso_node_get_child_content(assertion, "NameIdentifier", NULL, NULL); - idp_ni = lasso_node_get_child_content(assertion, "IDPProvidedNameIdentifier", - NULL, NULL); - - if (xmlStrEqual(ni, idp_ni) && idp_ni != NULL) { - xmlFree(ni); - return (idp_ni); - } - else { - xmlFree(idp_ni); - if (ni != NULL) { - return (ni); - } - else { - g_set_error(err, g_quark_from_string("Lasso"), - LASSO_ERROR_UNDEFINED, - "NameIdentifier value not found in Assertion element.\n"); - return (NULL); - } - } -} - -/** * lasso_login_add_response_assertion: * @login: a Login * @federation: a Federation @@ -153,20 +98,10 @@ lasso_login_add_response_assertion(LassoLogin *login, LASSO_SAML_AUTHENTICATION_STATEMENT(as)); } else { - message(G_LOG_LEVEL_CRITICAL, "Failed to build the AuthenticationStatement element of the Assertion.\n"); ret = -2; goto done; } - /* store NameIdentifier */ - LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err); - if (LASSO_PROFILE(login)->nameIdentifier == NULL) { - message(G_LOG_LEVEL_CRITICAL, err->message); - ret = err->code; - g_error_free(err); - goto done; - } - /* FIXME : How to know if the assertion must be signed or unsigned ? */ /* signature should be added at end */ ret = lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), @@ -267,6 +202,9 @@ lasso_login_process_federation(LassoLogin *login) /* TODO */ } + /* store the IDP name identifier */ + LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_content(federation->local_nameIdentifier, NULL); + done: lasso_federation_destroy(federation); xmlFree(nameIDPolicy); @@ -312,7 +250,8 @@ lasso_login_process_response_status_and_assertion(LassoLogin *login) { } /* store NameIdentifier */ - LASSO_PROFILE(login)->nameIdentifier = lasso_login_get_assertion_nameIdentifier(assertion, &err); + LASSO_PROFILE(login)->nameIdentifier = lasso_node_get_child_content(assertion, "NameIdentifier", + NULL, &err); if (LASSO_PROFILE(login)->nameIdentifier == NULL) { message(G_LOG_LEVEL_CRITICAL, err->message); ret = err->code; |