diff options
| -rw-r--r-- | auth_mellon.h | 2 | ||||
| -rw-r--r-- | auth_mellon_config.c | 25 | ||||
| -rw-r--r-- | auth_mellon_handler.c | 6 |
3 files changed, 31 insertions, 2 deletions
diff --git a/auth_mellon.h b/auth_mellon.h index e4671a0..b86c921 100644 --- a/auth_mellon.h +++ b/auth_mellon.h @@ -139,8 +139,10 @@ typedef struct am_dir_cfg_rec { /* Lasso configuration variables. */ const char *sp_metadata_file; const char *sp_private_key_file; + const char *sp_cert_file; const char *idp_metadata_file; const char *idp_public_key_file; + const char *idp_ca_file; /* Maximum number of seconds a session is valid for. */ int session_length; diff --git a/auth_mellon_config.c b/auth_mellon_config.c index 250bb8f..e3f46bb 100644 --- a/auth_mellon_config.c +++ b/auth_mellon_config.c @@ -372,6 +372,13 @@ const command_rec auth_mellon_commands[] = { "Full path to pem file with the private key for the SP." ), AP_INIT_TAKE1( + "MellonSPCertFile", + ap_set_string_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, sp_cert_file), + OR_AUTHCFG, + "Full path to pem file with certificate for the SP." + ), + AP_INIT_TAKE1( "MellonIdPMetadataFile", ap_set_string_slot, (void *)APR_OFFSETOF(am_dir_cfg_rec, idp_metadata_file), @@ -386,6 +393,13 @@ const command_rec auth_mellon_commands[] = { "Full path to pem file with the public key for the IdP." ), AP_INIT_TAKE1( + "MellonIdPCAFile", + ap_set_string_slot, + (void *)APR_OFFSETOF(am_dir_cfg_rec, idp_ca_file), + OR_AUTHCFG, + "Full path to pem file with CA chain for the IdP." + ), + AP_INIT_TAKE1( "MellonEndpointPath", am_set_endpoint_path, NULL, @@ -431,8 +445,10 @@ void *auth_mellon_dir_config(apr_pool_t *p, char *d) dir->sp_metadata_file = NULL; dir->sp_private_key_file = NULL; + dir->sp_cert_file = NULL; dir->idp_metadata_file = NULL; dir->idp_public_key_file = NULL; + dir->idp_ca_file = NULL; apr_thread_mutex_create(&dir->server_mutex, APR_THREAD_MUTEX_DEFAULT, p); @@ -515,6 +531,10 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->sp_private_key_file : base_cfg->sp_private_key_file); + new_cfg->sp_cert_file = (add_cfg->sp_cert_file ? + add_cfg->sp_cert_file : + base_cfg->sp_cert_file); + new_cfg->idp_metadata_file = (add_cfg->idp_metadata_file ? add_cfg->idp_metadata_file : base_cfg->idp_metadata_file); @@ -523,6 +543,11 @@ void *auth_mellon_dir_merge(apr_pool_t *p, void *base, void *add) add_cfg->idp_public_key_file : base_cfg->idp_public_key_file); + new_cfg->idp_ca_file = (add_cfg->idp_ca_file ? + add_cfg->idp_ca_file : + base_cfg->idp_ca_file); + + apr_thread_mutex_create(&new_cfg->server_mutex, APR_THREAD_MUTEX_DEFAULT, p); diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 1e403bf..5e7dc2a 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -34,7 +34,8 @@ static LassoServer *am_get_lasso_server(request_rec *r) if(cfg->server == NULL) { cfg->server = lasso_server_new(cfg->sp_metadata_file, cfg->sp_private_key_file, - NULL, NULL); + NULL, + cfg->sp_cert_file); if(cfg->server == NULL) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error initializing lasso server object. Please" @@ -48,7 +49,8 @@ static LassoServer *am_get_lasso_server(request_rec *r) ret = lasso_server_add_provider(cfg->server, LASSO_PROVIDER_ROLE_IDP, cfg->idp_metadata_file, - cfg->idp_public_key_file, NULL); + cfg->idp_public_key_file, + cfg->idp_ca_file); if(ret != 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Error adding IdP to lasso server object. Please" |