diff options
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/Attic/protocols/provider.h | 6 | ||||
-rw-r--r-- | lasso/id-ff/authentication.c | 37 | ||||
-rw-r--r-- | lasso/id-ff/authentication.h | 1 | ||||
-rw-r--r-- | lasso/id-ff/profile_context.c | 32 | ||||
-rw-r--r-- | lasso/id-ff/profile_context.h | 5 | ||||
-rw-r--r-- | lasso/id-ff/server.c | 31 | ||||
-rw-r--r-- | lasso/id-ff/server.h | 13 | ||||
-rw-r--r-- | lasso/xml/tools.c | 22 | ||||
-rw-r--r-- | lasso/xml/tools.h | 2 |
9 files changed, 63 insertions, 86 deletions
diff --git a/lasso/Attic/protocols/provider.h b/lasso/Attic/protocols/provider.h index 3d15c407..5cca277a 100644 --- a/lasso/Attic/protocols/provider.h +++ b/lasso/Attic/protocols/provider.h @@ -46,8 +46,8 @@ struct _LassoProvider { LassoNode *metadata; - char *public_key; - char *certificate; + gchar *public_key; + gchar *certificate; /*< private >*/ }; @@ -61,8 +61,6 @@ LASSO_EXPORT LassoProvider* lasso_provider_new (gch const gchar *public_key, const gchar *certificate); -LASSO_EXPORT LassoProvider *lasso_provider_new_from_filename (char *filename); - LASSO_EXPORT xmlChar *lasso_provider_get_providerID (LassoProvider *provider); LASSO_EXPORT xmlChar *lasso_provider_get_singleSignOnProtocolProfile (LassoProvider *provider); diff --git a/lasso/id-ff/authentication.c b/lasso/id-ff/authentication.c index b435ae8b..cb17adcf 100644 --- a/lasso/id-ff/authentication.c +++ b/lasso/id-ff/authentication.c @@ -44,11 +44,7 @@ lasso_authentication_build_request_msg(LassoAuthentication *authn) gchar *msg; gboolean must_sign; - provider = lasso_server_get_provider(LASSO_PROFILE_CONTEXT(authn)->server, - LASSO_PROFILE_CONTEXT(authn)->local_providerID); - if (provider == NULL) { - return (NULL); - } + provider = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server); must_sign = xmlStrEqual(lasso_node_get_child_content(provider->metadata, "AuthnRequestsSigned", NULL), "true"); /* export request depending on the request ProtocolProfile */ @@ -81,9 +77,11 @@ static void lasso_authentication_process_request(LassoAuthentication *authn, gchar *request_msg) { - LassoProvider *sp; + LassoProvider *provider, *sp; gboolean must_verify_signature, signature_status; + provider = LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server); + /* rebuild request */ switch (authn->request_method) { case lassoProfileContextMethodGet: @@ -115,7 +113,7 @@ lasso_authentication_process_request(LassoAuthentication *authn, /* build response */ if (xmlStrEqual(authn->protocolProfile, lassoLibProtocolProfilePost)) { /* create LibAuthnResponse */ - LASSO_PROFILE_CONTEXT(authn)->response = lasso_authn_response_new(LASSO_PROFILE_CONTEXT(authn)->local_providerID, + LASSO_PROFILE_CONTEXT(authn)->response = lasso_authn_response_new(lasso_provider_get_providerID(provider), LASSO_PROFILE_CONTEXT(authn)->request); } else if (xmlStrEqual(authn->protocolProfile, lassoLibProtocolProfileArtifact)) { @@ -191,7 +189,7 @@ lasso_authentication_build_response_msg(LassoAuthentication *authn, { LassoUser *user; gchar *msg; - xmlChar *nameIDPolicy, *protocolProfile; + xmlChar *nameIDPolicy, *protocolProfile, *assertionHandle; LassoNode *assertion, *authentication_statement, *idpProvidedNameIdentifier; LassoIdentity *identity; @@ -231,15 +229,18 @@ lasso_authentication_build_response_msg(LassoAuthentication *authn, /* fill the response with the assertion */ if (identity != NULL && authentication_result == 1) { printf("DEBUG - an identity found, so build an assertion\n"); - assertion = lasso_assertion_new(LASSO_PROFILE_CONTEXT(authn)->local_providerID, + assertion = lasso_assertion_new(lasso_provider_get_providerID(LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server)), lasso_node_get_attr_value(LASSO_NODE(LASSO_PROFILE_CONTEXT(authn)->request), "RequestID")); authentication_statement = lasso_authentication_statement_new(authenticationMethod, reauthenticateOnOrAfter, identity->remote_nameIdentifier, identity->local_nameIdentifier); - lasso_saml_assertion_add_authenticationStatement(assertion, - authentication_statement); - printf(lasso_node_export(assertion)); + lasso_saml_assertion_add_authenticationStatement(LASSO_SAML_ASSERTION(assertion), + LASSO_SAML_AUTHENTICATION_STATEMENT(authentication_statement)); + lasso_saml_assertion_set_signature(LASSO_SAML_ASSERTION(assertion), + lassoSignatureMethodRsaSha1, + LASSO_PROFILE_CONTEXT(authn)->server->private_key, + LASSO_PROVIDER(LASSO_PROFILE_CONTEXT(authn)->server)->certificate); lasso_samlp_response_add_assertion(LASSO_SAMLP_RESPONSE(LASSO_PROFILE_CONTEXT(authn)->response), assertion); } @@ -256,8 +257,9 @@ lasso_authentication_build_response_msg(LassoAuthentication *authn, /* return query (base64 encoded) */ /* liberty-idff-bindings-profiles-v1.2.pdf p.25 */ msg = g_new(gchar, 2+20+20+1); - sprintf(msg, "%c%c%s%s", 0, 3, "01234567890123456789", "01234567890123456789"); - msg = xmlSecBase64Encode(msg, 42, 0); + assertionHandle = lasso_build_random_sequence(20); + sprintf(msg, "%c%c%s%s", 1, 3, "01234567890123456789", assertionHandle); + //msg = xmlSecBase64Encode(msg, 42, 0); break; case lassoProfileContextMethodPost: /* return a formular */ @@ -281,7 +283,7 @@ lasso_authentication_process_artifact(LassoAuthentication *authn, return (lasso_node_export_to_soap(LASSO_PROFILE_CONTEXT(authn)->request)); } -gboolean +static gboolean lasso_authentication_process_response(LassoAuthentication *authn, xmlChar *response_msg) { @@ -346,14 +348,12 @@ GType lasso_authentication_get_type() { LassoProfileContext* lasso_authentication_new(LassoServer *server, LassoUser *user, - gchar *local_providerID, gchar *remote_providerID, gchar *request_msg, gint request_method, gchar *response_msg, gint response_method) { - g_return_val_if_fail(local_providerID != NULL, NULL); g_return_val_if_fail(remote_providerID != NULL, NULL); LassoProfileContext *authn; @@ -361,7 +361,6 @@ lasso_authentication_new(LassoServer *server, authn = LASSO_PROFILE_CONTEXT(g_object_new(LASSO_TYPE_AUTHENTICATION, "server", server, "user", user, - "local_providerID", local_providerID, "remote_providerID", remote_providerID, NULL)); @@ -370,7 +369,7 @@ lasso_authentication_new(LassoServer *server, if (request_msg == NULL && response_msg == NULL) { /* build the request object */ - authn->request = lasso_authn_request_new(authn->local_providerID); + authn->request = lasso_authn_request_new(lasso_provider_get_providerID(LASSO_PROVIDER(server))); } else if (request_msg != NULL) { lasso_authentication_process_request(LASSO_AUTHENTICATION(authn), request_msg); diff --git a/lasso/id-ff/authentication.h b/lasso/id-ff/authentication.h index 27cb377f..87c631f1 100644 --- a/lasso/id-ff/authentication.h +++ b/lasso/id-ff/authentication.h @@ -64,7 +64,6 @@ LASSO_EXPORT GType lasso_authentication_get_type (v LASSO_EXPORT LassoProfileContext* lasso_authentication_new (LassoServer *server, LassoUser *user, - gchar *local_providerID, gchar *remote_providerID, gchar *request_msg, gint request_method, diff --git a/lasso/id-ff/profile_context.c b/lasso/id-ff/profile_context.c index 9a1e9e29..d02320b2 100644 --- a/lasso/id-ff/profile_context.c +++ b/lasso/id-ff/profile_context.c @@ -37,19 +37,6 @@ /*****************************************************************************/ gint -lasso_profile_context_set_local_providerID(LassoProfileContext *ctx, - gchar *providerID) -{ - if (ctx->local_providerID) { - free(ctx->local_providerID); - } - ctx->local_providerID = (char *)malloc(strlen(providerID)+1); - strcpy(ctx->local_providerID, providerID); - - return (1); -} - -gint lasso_profile_context_set_remote_providerID(LassoProfileContext *ctx, gchar *providerID) { @@ -90,7 +77,6 @@ lasso_profile_context_set_response_status(LassoProfileContext *ctx, enum { LASSO_PROFILE_CONTEXT_SERVER = 1, LASSO_PROFILE_CONTEXT_USER, - LASSO_PROFILE_CONTEXT_LOCAL_PROVIDERID, LASSO_PROFILE_CONTEXT_REMOTE_PROVIDERID, }; @@ -104,7 +90,6 @@ lasso_profile_context_instance_init(GTypeInstance *instance, ctx->user = NULL; ctx->request = NULL; ctx->response = NULL; - ctx->local_providerID = NULL; ctx->remote_providerID = NULL; } @@ -131,11 +116,6 @@ lasso_profile_context_set_property (GObject *object, self->user = g_value_get_pointer (value); } break; - case LASSO_PROFILE_CONTEXT_LOCAL_PROVIDERID: { - g_free (self->local_providerID); - self->local_providerID = g_value_dup_string (value); - } - break; case LASSO_PROFILE_CONTEXT_REMOTE_PROVIDERID: { g_free (self->remote_providerID); self->remote_providerID = g_value_dup_string (value); @@ -182,15 +162,6 @@ lasso_profile_context_class_init(gpointer g_class, LASSO_PROFILE_CONTEXT_USER, pspec); - pspec = g_param_spec_string ("local_providerID", - "local ProviderID", - "Set local ProviderID", - NULL, - G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE); - g_object_class_install_property (gobject_class, - LASSO_PROFILE_CONTEXT_LOCAL_PROVIDERID, - pspec); - pspec = g_param_spec_string ("remote_providerID", "remote ProviderID", "Set remote ProviderID", @@ -227,11 +198,9 @@ GType lasso_profile_context_get_type() { LassoProfileContext* lasso_profile_context_new(LassoServer *server, LassoUser *user, - gchar *local_providerID, gchar *remote_providerID) { g_return_val_if_fail(server != NULL, NULL); - g_return_val_if_fail(local_providerID != NULL, NULL); g_return_val_if_fail(remote_providerID != NULL, NULL); LassoProfileContext *ctx; @@ -239,7 +208,6 @@ lasso_profile_context_new(LassoServer *server, ctx = LASSO_PROFILE_CONTEXT(g_object_new(LASSO_TYPE_PROFILE_CONTEXT, "server", server, "user", user, - "local_providerID", local_providerID, "remote_providerID", remote_providerID, NULL)); diff --git a/lasso/id-ff/profile_context.h b/lasso/id-ff/profile_context.h index 7f0c49da..bd6375ea 100644 --- a/lasso/id-ff/profile_context.h +++ b/lasso/id-ff/profile_context.h @@ -63,7 +63,6 @@ struct _LassoProfileContext { LassoNode *request; LassoNode *response; - gchar *local_providerID; gchar *remote_providerID; /*< private >*/ @@ -77,12 +76,8 @@ LASSO_EXPORT GType lasso_profile_context_get_type (vo LASSO_EXPORT LassoProfileContext* lasso_profile_context_new (LassoServer *server, LassoUser *user, - gchar *local_providerID, gchar *remote_providerID); -LASSO_EXPORT gint lasso_profile_context_set_local_providerID (LassoProfileContext *ctx, - gchar *providerID); - LASSO_EXPORT gint lasso_profile_context_set_remote_providerID(LassoProfileContext *ctx, gchar *providerID); diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c index e47d05ad..9f4aebf0 100644 --- a/lasso/id-ff/server.c +++ b/lasso/id-ff/server.c @@ -63,17 +63,6 @@ lasso_server_get_provider(LassoServer *server, return(NULL); } -gint -lasso_server_set_security(gchar *private_key, - gchar *public_key, - gchar *certificate) -{ - g_return_if_fail(private_key); - g_return_if_fail(public_key); - g_return_if_fail(certificate); - -} - /*****************************************************************************/ /* instance and class init functions */ /*****************************************************************************/ @@ -83,9 +72,7 @@ lasso_server_instance_init(LassoServer *server) { server->providers = g_ptr_array_new(); - server->public_key = NULL; server->private_key = NULL; - server->certificate = NULL; } static void @@ -108,7 +95,7 @@ GType lasso_server_get_type() { (GInstanceInitFunc) lasso_server_instance_init, }; - this_type = g_type_register_static(G_TYPE_OBJECT, + this_type = g_type_register_static(LASSO_TYPE_PROVIDER, "LassoServer", &this_info, 0); } @@ -116,17 +103,27 @@ GType lasso_server_get_type() { } LassoServer * -lasso_server_new(const gchar *public_key, +lasso_server_new(const gchar *metadata, + const gchar *public_key, const gchar *private_key, const gchar *certificate) { LassoServer *server; + xmlDocPtr doc; + xmlNodePtr root; server = LASSO_SERVER(g_object_new(LASSO_TYPE_SERVER, NULL)); - server->public_key = public_key; + LASSO_PROVIDER(server)->public_key = public_key; + LASSO_PROVIDER(server)->certificate = certificate; server->private_key = private_key; - server->certificate = certificate; + + doc = xmlParseFile(metadata); + root = xmlCopyNode(xmlDocGetRootElement(doc), 1); + xmlFreeDoc(doc); + //LASSO_PROVIDER(server)->metadata = lasso_node_new(); + //LASSO_NODE_CLASS(LASSO_PROVIDER(server)->metadata)->set_xmlNode(LASSO_PROVIDER(server)->metadata, root); + LASSO_PROVIDER(server)->metadata = lasso_node_new_from_xmlNode(root); return(server); } diff --git a/lasso/id-ff/server.h b/lasso/id-ff/server.h index 8bfd17d1..0286b5aa 100644 --- a/lasso/id-ff/server.h +++ b/lasso/id-ff/server.h @@ -30,7 +30,6 @@ extern "C" { #endif /* __cplusplus */ -#include <lasso/xml/xml.h> #include <lasso/protocols/provider.h> #define LASSO_TYPE_SERVER (lasso_server_get_type()) @@ -44,23 +43,21 @@ typedef struct _LassoServer LassoServer; typedef struct _LassoServerClass LassoServerClass; struct _LassoServer { - GObject parent; + LassoProvider parent; GPtrArray *providers; - - gchar *public_key; - gchar *private_key; - gchar *certificate; + gchar *private_key; /*< private >*/ }; struct _LassoServerClass { - GObjectClass parent; + LassoProviderClass parent; }; LASSO_EXPORT GType lasso_server_get_type (void); -LASSO_EXPORT LassoServer* lasso_server_new (const gchar *public_key, +LASSO_EXPORT LassoServer* lasso_server_new (const gchar *metadata, + const gchar *public_key, const gchar *private_key, const gchar *certificate); diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index 2909c667..b61cf037 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -24,6 +24,28 @@ #include <lasso/xml/tools.h> +xmlChar * +lasso_build_random_sequence(guint8 size) +{ + g_return_val_if_fail(size > 0, NULL); + + int i, val; + xmlChar *seq; + + seq = g_malloc(size+1); + + for (i=0; i<size; i++) { + val = g_random_int_range(0, 16); + if (val < 10) + seq[i] = 48 + val; + else + seq[i] = 65 + val-10; + } + seq[size] = '\0'; + + return (seq); +} + /** * lasso_build_unique_id: * @size: the ID's lenght (between 32 and 40) diff --git a/lasso/xml/tools.h b/lasso/xml/tools.h index c5a79c96..4a70e23b 100644 --- a/lasso/xml/tools.h +++ b/lasso/xml/tools.h @@ -44,6 +44,8 @@ typedef enum { lassoSignatureMethodDsaSha1 } lassoSignatureMethod; +LASSO_EXPORT xmlChar* lasso_build_random_sequence (guint8 size); + LASSO_EXPORT xmlChar* lasso_build_unique_id (guint8 size); LASSO_EXPORT xmlChar* lasso_doc_get_node_content (xmlDocPtr doc, |