static gint
lasso_server_add_provider_helper(LassoServer *server, LassoProviderRole role,
const gchar *metadata, const gchar *public_key, const gchar *ca_cert_chain,
LassoProvider *(*provider_constructor)(LassoProviderRole role,
const char *metadata, const char *public_key, const char *ca_cert_chain))
{
LassoProvider *provider;
g_return_val_if_fail(LASSO_IS_SERVER(server), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(metadata != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
provider = provider_constructor(role, metadata, public_key, ca_cert_chain);
if (provider == NULL) {
return critical_error(LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED);
}
provider->role = role;
if (LASSO_PROVIDER(server)->private_data->conformance == LASSO_PROTOCOL_SAML_2_0 &&
provider->private_data->conformance != LASSO_PROTOCOL_SAML_2_0) {
lasso_node_destroy(LASSO_NODE(provider));
return LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH;
}
if (LASSO_PROVIDER(server)->private_data->conformance == LASSO_PROTOCOL_LIBERTY_1_2 &&
provider->private_data->conformance > LASSO_PROTOCOL_LIBERTY_1_2) {
lasso_node_destroy(LASSO_NODE(provider));
return LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH;
}
g_hash_table_insert(server->providers, g_strdup(provider->ProviderID), provider);
return 0;
}
END_TEST
START_TEST(test06_lib_statuscode)
{
/* check status code value in samlp:Response; it is a QName, if it
* starts with lib:, that namespace must be defined. (was bug#416)
*/
LassoSamlpResponse *response = LASSO_SAMLP_RESPONSE(lasso_samlp_response_new());
char *dump = NULL;
lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_SUCCESS);
dump = lasso_node_dump(LASSO_NODE(response));
fail_unless(strstr(dump, "xmlns:lib=") == NULL,
"liberty namespace should not be defined");
lasso_release_string(dump);
lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_RESPONDER);
response->Status->StatusCode->StatusCode = lasso_samlp_status_code_new();
response->Status->StatusCode->StatusCode->Value = g_strdup(
LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL);
dump = lasso_node_dump(LASSO_NODE(response));
fail_unless(strstr(dump, "xmlns:lib=") != NULL,
"liberty namespace should be defined");
lasso_release_string(dump);
g_object_unref(response);
}
END_TEST
START_TEST(test03_server_new_from_dump)
{
LassoServer *server1, *server2;
char *dump;
server1 = lasso_server_new(
TESTSDATADIR "/idp1-la/metadata.xml",
TESTSDATADIR "/idp1-la/private-key-raw.pem",
NULL, /* Secret key to unlock private key */
TESTSDATADIR "/idp1-la/certificate.pem");
lasso_server_add_provider(
server1,
LASSO_PROVIDER_ROLE_SP,
TESTSDATADIR "/sp1-la/metadata.xml",
TESTSDATADIR "/sp1-la/public-key.pem",
TESTSDATADIR "/ca1-la/certificate.pem");
dump = lasso_node_dump(LASSO_NODE(server1));
server2 = lasso_server_new_from_dump(dump);
g_free(dump);
dump = lasso_node_dump(LASSO_NODE(server2));
g_object_unref(server1);
g_object_unref(server2);
g_free(dump);
}
END_TEST
START_TEST(test02_server_add_provider)
{
LassoServer *server;
char *dump;
server = lasso_server_new(
TESTSDATADIR "/idp1-la/metadata.xml",
TESTSDATADIR "/idp1-la/private-key-raw.pem",
NULL, /* Secret key to unlock private key */
TESTSDATADIR "/idp1-la/certificate.pem");
fail_unless(LASSO_IS_SERVER(server));
fail_unless(server->private_key != NULL);
fail_unless(! server->private_key_password);
fail_unless(server->certificate != NULL);
fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
fail_unless(server->providers != NULL);
lasso_server_add_provider(
server,
LASSO_PROVIDER_ROLE_SP,
TESTSDATADIR "/sp1-la/metadata.xml",
TESTSDATADIR "/sp1-la/public-key.pem",
TESTSDATADIR "/ca1-la/certificate.pem");
fail_unless(g_hash_table_size(server->providers) == 1);
dump = lasso_node_dump(LASSO_NODE(server));
g_object_unref(server);
lasso_release_string(dump);
}
/**
* lasso_server_new_from_buffers:
* @metadata: NULL terminated string containing the content of an ID-FF 1.2 metadata file
* @private_key_content:(allow-none): NULL terminated string containing a PEM formatted private key
* @private_key_password:(allow-none): a NULL terminated string which is the optional password of
* the private key
* @certificate_content:(allow-none): NULL terminated string containing a PEM formatted X509
* certificate
*
* Creates a new #LassoServer.
*
* Return value: a newly created #LassoServer object; or NULL if an error occured
*/
LassoServer*
lasso_server_new_from_buffers(const char *metadata, const char *private_key_content, const char
*private_key_password, const char *certificate_content)
{
LassoServer *server;
server = g_object_new(LASSO_TYPE_SERVER, NULL);
/* metadata can be NULL (if server is a LECP) */
if (metadata != NULL) {
if (lasso_provider_load_metadata_from_buffer(LASSO_PROVIDER(server), metadata) == FALSE) {
message(G_LOG_LEVEL_CRITICAL,
"Failed to load metadata from preloaded buffer");
lasso_node_destroy(LASSO_NODE(server));
return NULL;
}
}
lasso_assign_string(server->certificate, certificate_content);
if (private_key_content) {
lasso_assign_string(server->private_key, private_key_content);
lasso_assign_string(server->private_key_password, private_key_password);
server->private_data->encryption_private_key =
lasso_xmlsec_load_private_key_from_buffer(private_key_content,
strlen(private_key_content), private_key_password);
if (! server->private_data->encryption_private_key) {
message(G_LOG_LEVEL_WARNING, "Cannot load the private key");
lasso_release_gobject(server);
}
}
lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_SIGNING);
lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_ENCRYPTION);
return server;
}
/**
* lasso_identity_destroy:
* @identity: a #LassoIdentity
*
* Destroys an identity.
**/
void
lasso_identity_destroy(LassoIdentity *identity)
{
if (identity == NULL)
return;
lasso_node_destroy(LASSO_NODE(identity));
}
LassoSoapHeader*
lasso_soap_header_new_from_message(const gchar *message)
{
LassoSoapHeader *node;
g_return_val_if_fail(message != NULL, NULL);
node = g_object_new(LASSO_TYPE_SOAP_HEADER, NULL);
lasso_node_init_from_message(LASSO_NODE(node), message);
return node;
}
LassoSoapBody*
lasso_soap_body_new_from_message(const gchar *message)
{
LassoSoapBody *node;
g_return_val_if_fail(message != NULL, NULL);
node = g_object_new(LASSO_TYPE_SOAP_BODY, NULL);
lasso_node_init_from_message(LASSO_NODE(node), message);
return node;
}
END_TEST
START_TEST(test05_xsi_type)
{
/* check lib:AuthnContext element is not converted to
* saml:AuthnContext xsi:type="lib:AuthnContextType" and
* lib:AuthenticationStatement is converted to
* saml:AuthenticationStatement * xsi:type="lib:AuthenticationStatementType"
*/
LassoSamlAssertion *assertion;
LassoLibAuthenticationStatement *stmt;
LassoSamlNameIdentifier *name_identifier;
char *dump;
name_identifier = lasso_saml_name_identifier_new();
assertion = LASSO_SAML_ASSERTION(lasso_lib_assertion_new_full("", "", "", "", ""));
assertion->AuthenticationStatement = LASSO_SAML_AUTHENTICATION_STATEMENT(
lasso_lib_authentication_statement_new_full(
"toto", "toto", "toto",
NULL,
name_identifier));
g_object_unref(name_identifier);
stmt = LASSO_LIB_AUTHENTICATION_STATEMENT(assertion->AuthenticationStatement);
stmt->AuthnContext = LASSO_LIB_AUTHN_CONTEXT(lasso_lib_authn_context_new());
stmt->AuthnContext->AuthnContextClassRef = g_strdup("urn:toto");
dump = lasso_node_dump(LASSO_NODE(assertion));
fail_unless(strstr(dump, "xsi:type=\"lib:AuthnContextType\"") == NULL,
"AuthnContext got a xsi:type");
g_free(dump);
dump = lasso_node_dump(LASSO_NODE(assertion));
fail_unless(strstr(dump, "xsi:type=\"lib:AuthenticationStatementType\"") != NULL,
"AuthenticationStatement didn't get a xsi:type");
g_free(dump);
g_object_unref(assertion);
}
END_TEST
START_TEST(test01_server_new)
{
LassoServer *server;
LassoProvider *provider;
char *dump;
char *content = NULL;
size_t len;
server = lasso_server_new(
TESTSDATADIR "/idp1-la/metadata.xml",
TESTSDATADIR "/idp1-la/private-key-raw.pem",
NULL, /* Secret key to unlock private key */
TESTSDATADIR "/idp1-la/certificate.pem");
fail_unless(LASSO_IS_SERVER(server));
provider = LASSO_PROVIDER(server);
fail_unless(server->private_key != NULL);
fail_unless(server->private_key_password == NULL);
fail_unless(server->certificate != NULL);
fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
fail_unless(provider->ProviderID != NULL);
fail_unless(provider->role == 0);
fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
fail_unless(strcmp(provider->metadata_filename, content) == 0);
g_free(content);
fail_unless(provider->public_key == NULL);
fail_unless(provider->ca_cert_chain == NULL);
dump = lasso_node_dump(LASSO_NODE(server));
fail_unless(dump != NULL);
g_object_unref(server);
server = lasso_server_new_from_dump(dump);
fail_unless(LASSO_IS_SERVER(server));
provider = LASSO_PROVIDER(server);
fail_unless(server->private_key != NULL);
fail_unless(server->private_key_password == NULL);
fail_unless(server->certificate != NULL);
fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
fail_unless(server->providers != NULL);
fail_unless(provider->ProviderID != NULL);
fail_unless(provider->role == 0, "provider->role != 0 => provider := %d", provider->role);
fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
fail_unless(strcmp(provider->metadata_filename, content) == 0);
fail_unless(provider->public_key == NULL);
fail_unless(provider->ca_cert_chain == NULL);
g_object_unref(server);
lasso_release_string(dump);
lasso_release_string(content);
}
END_TEST
START_TEST(test02_provider_new_from_dump)
{
LassoProvider *provider1, *provider2;
char *dump;
provider1 = lasso_provider_new(LASSO_PROVIDER_ROLE_SP,
TESTSDATADIR "/sp1-la/metadata.xml",
TESTSDATADIR "/sp1-la/public-key.pem",
TESTSDATADIR "/ca1-la/certificate.pem");
fail_unless(LASSO_IS_PROVIDER(provider1));
dump = lasso_node_dump(LASSO_NODE(provider1));
fail_unless(dump != NULL);
provider2 = lasso_provider_new_from_dump(dump);
fail_unless(LASSO_IS_PROVIDER(provider2));
lasso_release_string(dump);
dump = lasso_node_dump(LASSO_NODE(provider2));
fail_unless(dump != NULL);
g_object_unref(provider1);
g_object_unref(provider2);
lasso_release_string(dump);
}
void
lasso_server_init_id_wsf_services(LassoServer *server, xmlNode *t) {
xmlNode *t2 = t->children;
/* Services */
if (strcmp((char*)t->name, "Services") == 0) {
while (t2) {
LassoDiscoServiceInstance *s;
if (t2->type != XML_ELEMENT_NODE) {
t2 = t2->next;
continue;
}
s = g_object_new(LASSO_TYPE_DISCO_SERVICE_INSTANCE, NULL);
LASSO_NODE_GET_CLASS(s)->init_from_xml(LASSO_NODE(s), t2);
g_hash_table_insert(server->services, g_strdup(s->ServiceType), s);
t2 = t2->next;
}
}
}
void
lasso_server_init_id_wsf20_svcmds(LassoServer *server, xmlNode *t)
{
xmlNode *t2 = t->children;
if (strcmp((char*)t->name, "SvcMDs") == 0) {
while (t2) {
LassoIdWsf2DiscoSvcMetadata *svcMD;
if (t2->type != XML_ELEMENT_NODE) {
t2 = t2->next;
continue;
}
svcMD = lasso_idwsf2_disco_svc_metadata_new();
LASSO_NODE_GET_CLASS(svcMD)->init_from_xml(LASSO_NODE(svcMD), t2);
server->private_data->svc_metadatas = g_list_append(
server->private_data->svc_metadatas, svcMD);
t2 = t2->next;
}
}
}
/**
* lasso_lib_name_identifier_mapping_response_new_full:
* @providerID: the providerID of the responder
* @statusCodeValue: a response status code
* @request: the request which is asnwered by this response
* @sign_type: a #LassoSignatureType value
* @sign_method: a #LassoSignatureMethod value
*
* Creates a new #LassoLibNameIdentifierMappingResponse object and initializes
* it with the parameters.
*
* Return value: a newly created #LassoLibNameIdentifierMappingResponse object
**/
LassoNode*
lasso_lib_name_identifier_mapping_response_new_full(char *providerID, const char *statusCodeValue,
LassoLibNameIdentifierMappingRequest *request,
LassoSignatureType sign_type, LassoSignatureMethod sign_method)
{
LassoLibNameIdentifierMappingResponse *response;
response = g_object_new(LASSO_TYPE_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE, NULL);
lasso_samlp_response_abstract_fill(
LASSO_SAMLP_RESPONSE_ABSTRACT(response),
LASSO_SAMLP_REQUEST_ABSTRACT(request)->RequestID,
request->ProviderID);
LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_type = sign_type;
LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_method = sign_method;
response->ProviderID = g_strdup(providerID);
response->Status = lasso_samlp_status_new();
response->Status->StatusCode = lasso_samlp_status_code_new();
response->Status->StatusCode->Value = g_strdup(statusCodeValue);
return LASSO_NODE(response);
}
/**
* lasso_samlp_response_new:
*
* Creates a new #LassoSamlpResponse object.
*
* Return value: a newly created #LassoSamlpResponse object
**/
LassoNode*
lasso_samlp_response_new()
{
LassoSamlpResponseAbstract *response;
LassoSamlpStatusCode *status_code;
LassoSamlpStatus *status;
response = g_object_new(LASSO_TYPE_SAMLP_RESPONSE, NULL);
response->ResponseID = lasso_build_unique_id(32);
response->MajorVersion = LASSO_SAML_MAJOR_VERSION_N;
response->MinorVersion = LASSO_SAML_MINOR_VERSION_N;
response->IssueInstant = lasso_get_current_time();
/* Add Status */
status = LASSO_SAMLP_STATUS(lasso_samlp_status_new());
status_code = LASSO_SAMLP_STATUS_CODE(lasso_samlp_status_code_new());
status_code->Value = g_strdup(LASSO_SAML_STATUS_CODE_REQUEST_DENIED);
status->StatusCode = status_code;
LASSO_SAMLP_RESPONSE(response)->Status = status;
return LASSO_NODE(response);
}
END_TEST
START_TEST(test02_serviceProviderLogin)
{
char *serviceProviderContextDump, *identityProviderContextDump;
LassoServer *spContext, *idpContext;
LassoLogin *spLoginContext, *idpLoginContext;
LassoLibAuthnRequest *request;
int rc = 0;
char *relayState;
char *authnRequestUrl, *authnRequestQuery;
char *responseUrl, *responseQuery;
char *idpIdentityContextDump, *idpSessionContextDump;
char *serviceProviderId, *soapRequestMsg, *soapResponseMsg;
char *spIdentityContextDump;
char *spSessionDump;
char *spLoginDump;
int requestType;
char *found;
serviceProviderContextDump = generateServiceProviderContextDump();
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
spLoginContext = lasso_login_new(spContext);
fail_unless(spLoginContext != NULL,
"lasso_login_new() shouldn't have returned NULL");
rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
LASSO_HTTP_METHOD_REDIRECT);
fail_unless(rc == 0, "lasso_login_init_authn_request failed");
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
request->IsPassive = 0;
request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
relayState = "fake[]";
request->RelayState = g_strdup(relayState);
rc = lasso_login_build_authn_request_msg(spLoginContext);
fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
fail_unless(authnRequestUrl != NULL,
"authnRequestUrl shouldn't be NULL");
authnRequestQuery = strchr(authnRequestUrl, '?')+1;
fail_unless(strlen(authnRequestQuery) > 0,
"authnRequestQuery shouldn't be an empty string");
spLoginDump = lasso_node_dump(LASSO_NODE(spLoginContext));
fail_unless(strstr(authnRequestQuery, "RelayState") != NULL,
"authnRequestQuery should contain a RelayState parameter");
fail_unless(strstr(authnRequestQuery, "fake%5B%5D") != NULL,
"authnRequestQuery RelayState parameter should be encoded");
/* Identity provider singleSignOn, for a user having no federation. */
identityProviderContextDump = generateIdentityProviderContextDump();
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
idpLoginContext = lasso_login_new(idpContext);
fail_unless(idpLoginContext != NULL,
"lasso_login_new() shouldn't have returned NULL");
rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
fail_unless(lasso_login_must_authenticate(idpLoginContext),
"lasso_login_must_authenticate() should be TRUE");
fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
"protocoleProfile should be ProfileBrwsArt");
fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
"lasso_login_must_ask_for_consent() should be FALSE");
fail_unless(idpLoginContext->parent.msg_relayState != NULL,
"lasso_login_process_authn_request_msg should restore the RelayState parameter");
fail_unless(lasso_strisequal(idpLoginContext->parent.msg_relayState,relayState),
"lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request");
rc = lasso_login_validate_request_msg(idpLoginContext,
1, /* authentication_result */
0 /* is_consent_obtained */
);
rc = lasso_login_build_assertion(idpLoginContext,
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
"FIXME: authenticationInstant",
"FIXME: reauthenticateOnOrAfter",
"FIXME: notBefore",
"FIXME: notOnOrAfter");
rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");
idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
fail_unless(idpIdentityContextDump != NULL,
"lasso_identity_dump shouldn't return NULL");
idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
fail_unless(idpSessionContextDump != NULL,
"lasso_session_dump shouldn't return NULL");
responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
responseQuery = strchr(responseUrl, '?')+1;
fail_unless(strlen(responseQuery) > 0,
"responseQuery shouldn't be an empty string");
fail_unless(strstr(responseQuery, "RelayState") != NULL,
"responseQuery should contain a RelayState parameter");
fail_unless(strstr(responseQuery, "fake%5B%5D") != NULL,
"responseQuery RelayState parameter should be encoded");
serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
fail_unless(serviceProviderId != NULL,
"lasso_profile_get_remote_providerID shouldn't return NULL");
/* Service provider assertion consumer */
lasso_server_destroy(spContext);
lasso_login_destroy(spLoginContext);
spContext = lasso_server_new_from_dump(serviceProviderContextDump);
spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump);
rc = lasso_login_init_request(spLoginContext,
responseQuery,
LASSO_HTTP_METHOD_REDIRECT);
fail_unless(spLoginContext->parent.msg_relayState != NULL,
"lasso_login_init_request should restore the RelayState parameter");
fail_unless(lasso_strisequal(spLoginContext->parent.msg_relayState,relayState),
"lasso_login_init_request should restore the same RelayState thant sent in the request");
fail_unless(rc == 0, "lasso_login_init_request failed");
rc = lasso_login_build_request_msg(spLoginContext);
fail_unless(rc == 0, "lasso_login_build_request_msg failed");
soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");
/* Identity provider SOAP endpoint */
lasso_server_destroy(idpContext);
lasso_login_destroy(idpLoginContext);
requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg);
fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN,
"requestType should be LASSO_REQUEST_TYPE_LOGIN");
idpContext = lasso_server_new_from_dump(identityProviderContextDump);
idpLoginContext = lasso_login_new(idpContext);
rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
fail_unless(rc == 0, "lasso_login_process_request_msg failed");
rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
idpSessionContextDump);
fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
fail_unless(rc == 0, "lasso_login_build_response_msg failed");
soapResponseMsg = LASSO_PROFILE(idpLoginContext)->msg_body;
fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");
/* Service provider assertion consumer (step 2: process SOAP response) */
rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
fail_unless(rc == 0, "lasso_login_process_response_msg failed");
rc = lasso_login_accept_sso(spLoginContext);
fail_unless(rc == 0, "lasso_login_accept_sso failed");
fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
"spLoginContext has no identity");
spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);
/* Test InResponseTo checking */
found = strstr(soapResponseMsg, "Assertion");
fail_unless(found != NULL, "We must find an Assertion");
found = strstr(found, "InResponseTo=\"");
fail_unless(found != NULL, "We must find an InResponseTo attribute");
found[sizeof("InResponseTo=\"")] = '?';
lasso_set_flag("no-verify-signature");
rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
lasso_set_flag("verify-signature");
fail_unless(rc != 0, "lasso_login_process_response_msg must fail");
rc = lasso_login_accept_sso(spLoginContext);
fail_unless(rc == 0, "lasso_login_accept_sso must fail");
g_free(spLoginDump);
g_free(serviceProviderId);
g_free(serviceProviderContextDump);
g_free(identityProviderContextDump);
g_free(idpSessionContextDump);
g_free(idpIdentityContextDump);
g_free(spIdentityContextDump);
g_free(spSessionDump);
g_object_unref(spContext);
g_object_unref(idpContext);
g_object_unref(spLoginContext);
g_object_unref(idpLoginContext);
}
static void
add_childnode_from_list(LassoNode *value, xmlNode *xmlnode)
{
xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
}
/**
* lasso_server_destroy:
* @server: a #LassoServer
*
* Destroys a server.
**/
void
lasso_server_destroy(LassoServer *server)
{
lasso_node_destroy(LASSO_NODE(server));
}
static void
add_service_childnode(G_GNUC_UNUSED gchar *key, LassoNode *value, xmlNode *xmlnode)
{
xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
}
/**
* lasso_ecp_destroy:
* @ecp: a #LassoEcp
*
* Destroys a #LassoEcp object
*
**/
void
lasso_ecp_destroy(LassoEcp *ecp)
{
lasso_node_destroy(LASSO_NODE(ecp));
}
/**
* lasso_identity_dump:
* @identity: a #LassoIdentity
*
* Dumps @identity content to an XML string.
*
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_identity_dump(LassoIdentity *identity)
{
return lasso_node_dump(LASSO_NODE(identity));
}
static int
init_from_xml(LassoNode *node, xmlNode *xmlnode)
{
LassoServer *server = LASSO_SERVER(node);
xmlNode *t;
xmlChar *s;
int rc = 0;
rc = parent_class->init_from_xml(node, xmlnode);
if (server->private_key) {
server->private_data->encryption_private_key =
lasso_xmlsec_load_private_key(server->private_key, server->private_key_password);
}
if (rc)
return rc;
s = xmlGetProp(xmlnode, (xmlChar*)"SignatureMethod");
if (s && strcmp((char*)s, "RSA_SHA1") == 0)
server->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
if (s && strcmp((char*)s, "DSA_SHA1") == 0)
server->signature_method = LASSO_SIGNATURE_METHOD_DSA_SHA1;
if (s)
xmlFree(s);
t = xmlnode->children;
while (t) {
xmlNode *t2 = t->children;
if (t->type != XML_ELEMENT_NODE) {
t = t->next;
continue;
}
/* Providers */
if (strcmp((char*)t->name, "Providers") == 0) {
while (t2) {
LassoProvider *p;
if (t2->type != XML_ELEMENT_NODE) {
t2 = t2->next;
continue;
}
p = g_object_new(LASSO_TYPE_PROVIDER, NULL);
LASSO_NODE_GET_CLASS(p)->init_from_xml(LASSO_NODE(p), t2);
if (lasso_provider_load_public_key(p, LASSO_PUBLIC_KEY_SIGNING)) {
g_hash_table_insert(server->providers,
g_strdup(p->ProviderID), p);
} else {
message(G_LOG_LEVEL_CRITICAL,
"Failed to load signing public key for %s.",
p->ProviderID);
}
t2 = t2->next;
}
}
#ifdef LASSO_WSF_ENABLED
lasso_server_init_id_wsf_services(server, t);
lasso_server_init_id_wsf20_svcmds(server, t);
#endif
t = t->next;
}
return 0;
}
/**
* lasso_server_dump:
* @server: a #LassoServer
*
* Dumps @server content to an XML string.
*
* Return value:(transfer full): the dump string. It must be freed by the caller.
**/
gchar*
lasso_server_dump(LassoServer *server)
{
return lasso_node_dump(LASSO_NODE(server));
}
