Example #1
0
static gint
lasso_server_add_provider_helper(LassoServer *server, LassoProviderRole role,
		const gchar *metadata, const gchar *public_key, const gchar *ca_cert_chain,
		LassoProvider *(*provider_constructor)(LassoProviderRole role,
		const char *metadata, const char *public_key, const char *ca_cert_chain))
{
	LassoProvider *provider;

	g_return_val_if_fail(LASSO_IS_SERVER(server), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
	g_return_val_if_fail(metadata != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);

	provider = provider_constructor(role, metadata, public_key, ca_cert_chain);
	if (provider == NULL) {
		return critical_error(LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED);
	}
	provider->role = role;

	if (LASSO_PROVIDER(server)->private_data->conformance == LASSO_PROTOCOL_SAML_2_0 &&
			provider->private_data->conformance != LASSO_PROTOCOL_SAML_2_0) {
		lasso_node_destroy(LASSO_NODE(provider));
		return LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH;
	}

	if (LASSO_PROVIDER(server)->private_data->conformance == LASSO_PROTOCOL_LIBERTY_1_2 &&
			provider->private_data->conformance > LASSO_PROTOCOL_LIBERTY_1_2) {
		lasso_node_destroy(LASSO_NODE(provider));
		return LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH;
	}

	g_hash_table_insert(server->providers, g_strdup(provider->ProviderID), provider);

	return 0;
}
Example #2
0
END_TEST

START_TEST(test06_lib_statuscode)
{
	/* check status code value in samlp:Response; it is a QName, if it
	 * starts with lib:, that namespace must be defined.  (was bug#416)
	 */
	LassoSamlpResponse *response = LASSO_SAMLP_RESPONSE(lasso_samlp_response_new());
	char *dump = NULL;

	lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_SUCCESS);
	dump = lasso_node_dump(LASSO_NODE(response));
	fail_unless(strstr(dump, "xmlns:lib=") == NULL,
			"liberty namespace should not be defined");
	lasso_release_string(dump);

	lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_RESPONDER);
	response->Status->StatusCode->StatusCode = lasso_samlp_status_code_new();
	response->Status->StatusCode->StatusCode->Value = g_strdup(
			LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL);
	dump = lasso_node_dump(LASSO_NODE(response));
	fail_unless(strstr(dump, "xmlns:lib=") != NULL,
			"liberty namespace should be defined");
	lasso_release_string(dump);
	g_object_unref(response);
}
Example #3
0
END_TEST

START_TEST(test03_server_new_from_dump)
{
	LassoServer *server1, *server2;
	char *dump;

	server1 = lasso_server_new(
			TESTSDATADIR "/idp1-la/metadata.xml",
			TESTSDATADIR "/idp1-la/private-key-raw.pem",
			NULL, /* Secret key to unlock private key */
			TESTSDATADIR "/idp1-la/certificate.pem");
	lasso_server_add_provider(
			server1,
			LASSO_PROVIDER_ROLE_SP,
			TESTSDATADIR "/sp1-la/metadata.xml",
			TESTSDATADIR "/sp1-la/public-key.pem",
			TESTSDATADIR "/ca1-la/certificate.pem");

	dump = lasso_node_dump(LASSO_NODE(server1));

	server2 = lasso_server_new_from_dump(dump);
	g_free(dump);
	dump = lasso_node_dump(LASSO_NODE(server2));
	g_object_unref(server1);
	g_object_unref(server2);
	g_free(dump);
}
Example #4
0
END_TEST

START_TEST(test02_server_add_provider)
{
	LassoServer *server;
	char *dump;

	server = lasso_server_new(
			TESTSDATADIR "/idp1-la/metadata.xml",
			TESTSDATADIR "/idp1-la/private-key-raw.pem",
			NULL, /* Secret key to unlock private key */
			TESTSDATADIR "/idp1-la/certificate.pem");
	fail_unless(LASSO_IS_SERVER(server));
	fail_unless(server->private_key != NULL);
	fail_unless(! server->private_key_password);
	fail_unless(server->certificate != NULL);
	fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
	fail_unless(server->providers != NULL);
	lasso_server_add_provider(
			server,
			LASSO_PROVIDER_ROLE_SP,
			TESTSDATADIR "/sp1-la/metadata.xml",
			TESTSDATADIR "/sp1-la/public-key.pem",
			TESTSDATADIR "/ca1-la/certificate.pem");
	fail_unless(g_hash_table_size(server->providers) == 1);


	dump = lasso_node_dump(LASSO_NODE(server));
	g_object_unref(server);
	lasso_release_string(dump);
}
Example #5
0
/**
 * lasso_server_new_from_buffers:
 * @metadata: NULL terminated string containing the content of an ID-FF 1.2 metadata file
 * @private_key_content:(allow-none): NULL terminated string containing a PEM formatted private key
 * @private_key_password:(allow-none): a NULL terminated string which is the optional password of
 * the private key
 * @certificate_content:(allow-none): NULL terminated string containing a PEM formatted X509
 * certificate
 *
 * Creates a new #LassoServer.
 *
 * Return value: a newly created #LassoServer object; or NULL if an error occured
 */
LassoServer*
lasso_server_new_from_buffers(const char *metadata, const char *private_key_content, const char
		*private_key_password, const char *certificate_content)
{
	LassoServer *server;

	server = g_object_new(LASSO_TYPE_SERVER, NULL);
	/* metadata can be NULL (if server is a LECP) */
	if (metadata != NULL) {
		if (lasso_provider_load_metadata_from_buffer(LASSO_PROVIDER(server), metadata) == FALSE) {
			message(G_LOG_LEVEL_CRITICAL,
					"Failed to load metadata from preloaded buffer");
			lasso_node_destroy(LASSO_NODE(server));
			return NULL;
		}
	}
	lasso_assign_string(server->certificate, certificate_content);
	if (private_key_content) {
		lasso_assign_string(server->private_key, private_key_content);
		lasso_assign_string(server->private_key_password, private_key_password);
		server->private_data->encryption_private_key =
			lasso_xmlsec_load_private_key_from_buffer(private_key_content,
					strlen(private_key_content), private_key_password);
		if (! server->private_data->encryption_private_key) {
			message(G_LOG_LEVEL_WARNING, "Cannot load the private key");
			lasso_release_gobject(server);
		}
	}
	lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_SIGNING);
	lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_ENCRYPTION);

	return server;
}
Example #6
0
/**
 * lasso_identity_destroy:
 * @identity: a #LassoIdentity
 *
 * Destroys an identity.
 **/
void
lasso_identity_destroy(LassoIdentity *identity)
{
	if (identity == NULL)
		return;
	lasso_node_destroy(LASSO_NODE(identity));
}
Example #7
0
LassoSoapHeader*
lasso_soap_header_new_from_message(const gchar *message)
{
	LassoSoapHeader *node;

	g_return_val_if_fail(message != NULL, NULL);

	node = g_object_new(LASSO_TYPE_SOAP_HEADER, NULL);
	lasso_node_init_from_message(LASSO_NODE(node), message);

	return node;
}
Example #8
0
LassoSoapBody*
lasso_soap_body_new_from_message(const gchar *message)
{
	LassoSoapBody *node;

	g_return_val_if_fail(message != NULL, NULL);

	node = g_object_new(LASSO_TYPE_SOAP_BODY, NULL);
	lasso_node_init_from_message(LASSO_NODE(node), message);

	return node;
}
Example #9
0
END_TEST

START_TEST(test05_xsi_type)
{
	/* check lib:AuthnContext element is not converted to
	 * saml:AuthnContext xsi:type="lib:AuthnContextType" and
	 * lib:AuthenticationStatement is converted to
	 * saml:AuthenticationStatement * xsi:type="lib:AuthenticationStatementType"
	 */

	LassoSamlAssertion *assertion;
	LassoLibAuthenticationStatement *stmt;
	LassoSamlNameIdentifier *name_identifier;
	char *dump;

	name_identifier = lasso_saml_name_identifier_new();
	assertion = LASSO_SAML_ASSERTION(lasso_lib_assertion_new_full("", "", "", "", ""));

	assertion->AuthenticationStatement = LASSO_SAML_AUTHENTICATION_STATEMENT(
			lasso_lib_authentication_statement_new_full(
			"toto", "toto", "toto",
			NULL,
			name_identifier));
	g_object_unref(name_identifier);
	stmt = LASSO_LIB_AUTHENTICATION_STATEMENT(assertion->AuthenticationStatement);
	stmt->AuthnContext = LASSO_LIB_AUTHN_CONTEXT(lasso_lib_authn_context_new());
	stmt->AuthnContext->AuthnContextClassRef = g_strdup("urn:toto");

	dump = lasso_node_dump(LASSO_NODE(assertion));
	fail_unless(strstr(dump, "xsi:type=\"lib:AuthnContextType\"") == NULL,
			"AuthnContext got a xsi:type");
	g_free(dump);
	dump = lasso_node_dump(LASSO_NODE(assertion));
	fail_unless(strstr(dump, "xsi:type=\"lib:AuthenticationStatementType\"") != NULL,
			"AuthenticationStatement didn't get a xsi:type");
	g_free(dump);
	g_object_unref(assertion);
}
Example #10
0
END_TEST

START_TEST(test01_server_new)
{
	LassoServer *server;
	LassoProvider *provider;
	char *dump;
	char *content = NULL;
	size_t len;

	server = lasso_server_new(
			TESTSDATADIR "/idp1-la/metadata.xml",
			TESTSDATADIR "/idp1-la/private-key-raw.pem",
			NULL, /* Secret key to unlock private key */
			TESTSDATADIR "/idp1-la/certificate.pem");
	fail_unless(LASSO_IS_SERVER(server));
	provider = LASSO_PROVIDER(server);
	fail_unless(server->private_key != NULL);
	fail_unless(server->private_key_password == NULL);
	fail_unless(server->certificate != NULL);
	fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
	fail_unless(provider->ProviderID != NULL);
	fail_unless(provider->role == 0);
	fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
	fail_unless(strcmp(provider->metadata_filename, content) == 0);
	g_free(content);
	fail_unless(provider->public_key == NULL);
	fail_unless(provider->ca_cert_chain == NULL);

	dump = lasso_node_dump(LASSO_NODE(server));
	fail_unless(dump != NULL);
	g_object_unref(server);
	server = lasso_server_new_from_dump(dump);
	fail_unless(LASSO_IS_SERVER(server));
	provider = LASSO_PROVIDER(server);
	fail_unless(server->private_key != NULL);
	fail_unless(server->private_key_password == NULL);
	fail_unless(server->certificate != NULL);
	fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
	fail_unless(server->providers != NULL);
	fail_unless(provider->ProviderID != NULL);
	fail_unless(provider->role == 0, "provider->role != 0 => provider :=  %d", provider->role);
	fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
	fail_unless(strcmp(provider->metadata_filename, content) == 0);
	fail_unless(provider->public_key == NULL);
	fail_unless(provider->ca_cert_chain == NULL);
	g_object_unref(server);
	lasso_release_string(dump);
	lasso_release_string(content);
}
Example #11
0
END_TEST

START_TEST(test02_provider_new_from_dump)
{
	LassoProvider *provider1, *provider2;
	char *dump;

	provider1 = lasso_provider_new(LASSO_PROVIDER_ROLE_SP,
			TESTSDATADIR "/sp1-la/metadata.xml",
			TESTSDATADIR "/sp1-la/public-key.pem",
			TESTSDATADIR "/ca1-la/certificate.pem");
	fail_unless(LASSO_IS_PROVIDER(provider1));

	dump = lasso_node_dump(LASSO_NODE(provider1));
	fail_unless(dump != NULL);
	provider2 = lasso_provider_new_from_dump(dump);
	fail_unless(LASSO_IS_PROVIDER(provider2));
	lasso_release_string(dump);
	dump = lasso_node_dump(LASSO_NODE(provider2));
	fail_unless(dump != NULL);
	g_object_unref(provider1);
	g_object_unref(provider2);
	lasso_release_string(dump);
}
Example #12
0
void
lasso_server_init_id_wsf_services(LassoServer *server, xmlNode *t) {
	xmlNode *t2 = t->children;
	/* Services */
	if (strcmp((char*)t->name, "Services") == 0) {
		while (t2) {
			LassoDiscoServiceInstance *s;
			if (t2->type != XML_ELEMENT_NODE) {
				t2 = t2->next;
				continue;
			}
			s = g_object_new(LASSO_TYPE_DISCO_SERVICE_INSTANCE, NULL);
			LASSO_NODE_GET_CLASS(s)->init_from_xml(LASSO_NODE(s), t2);
			g_hash_table_insert(server->services, g_strdup(s->ServiceType), s);
			t2 = t2->next;
		}
	}
}
Example #13
0
File: server.c Project: adieu/lasso
void
lasso_server_init_id_wsf20_svcmds(LassoServer *server, xmlNode *t)
{
	xmlNode *t2 = t->children;

	if (strcmp((char*)t->name, "SvcMDs") == 0) {
		while (t2) {
			LassoIdWsf2DiscoSvcMetadata *svcMD;
			if (t2->type != XML_ELEMENT_NODE) {
				t2 = t2->next;
				continue;
			}
			svcMD = lasso_idwsf2_disco_svc_metadata_new();
			LASSO_NODE_GET_CLASS(svcMD)->init_from_xml(LASSO_NODE(svcMD), t2);
			server->private_data->svc_metadatas = g_list_append(
				server->private_data->svc_metadatas, svcMD);
			t2 = t2->next;
		}
	}
}
/**
 * lasso_lib_name_identifier_mapping_response_new_full:
 * @providerID: the providerID of the responder
 * @statusCodeValue: a response status code
 * @request: the request which is asnwered by this response
 * @sign_type: a #LassoSignatureType value
 * @sign_method: a #LassoSignatureMethod value
 *
 * Creates a new #LassoLibNameIdentifierMappingResponse object and initializes
 * it with the parameters.
 *
 * Return value: a newly created #LassoLibNameIdentifierMappingResponse object
 **/
LassoNode*
lasso_lib_name_identifier_mapping_response_new_full(char *providerID, const char *statusCodeValue,
		LassoLibNameIdentifierMappingRequest *request,
		LassoSignatureType sign_type, LassoSignatureMethod sign_method)
{
	LassoLibNameIdentifierMappingResponse *response;

	response = g_object_new(LASSO_TYPE_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE, NULL);
	lasso_samlp_response_abstract_fill(
			LASSO_SAMLP_RESPONSE_ABSTRACT(response),
			LASSO_SAMLP_REQUEST_ABSTRACT(request)->RequestID,
			request->ProviderID);
	LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_type = sign_type;
	LASSO_SAMLP_RESPONSE_ABSTRACT(response)->sign_method = sign_method;

	response->ProviderID = g_strdup(providerID);
	response->Status = lasso_samlp_status_new();
	response->Status->StatusCode = lasso_samlp_status_code_new();
	response->Status->StatusCode->Value = g_strdup(statusCodeValue);

	return LASSO_NODE(response);
}
Example #15
0
/**
 * lasso_samlp_response_new:
 *
 * Creates a new #LassoSamlpResponse object.
 *
 * Return value: a newly created #LassoSamlpResponse object
 **/
LassoNode*
lasso_samlp_response_new()
{
    LassoSamlpResponseAbstract *response;
    LassoSamlpStatusCode *status_code;
    LassoSamlpStatus *status;

    response = g_object_new(LASSO_TYPE_SAMLP_RESPONSE, NULL);

    response->ResponseID = lasso_build_unique_id(32);
    response->MajorVersion = LASSO_SAML_MAJOR_VERSION_N;
    response->MinorVersion = LASSO_SAML_MINOR_VERSION_N;
    response->IssueInstant = lasso_get_current_time();

    /* Add Status */
    status = LASSO_SAMLP_STATUS(lasso_samlp_status_new());
    status_code = LASSO_SAMLP_STATUS_CODE(lasso_samlp_status_code_new());
    status_code->Value = g_strdup(LASSO_SAML_STATUS_CODE_REQUEST_DENIED);
    status->StatusCode = status_code;
    LASSO_SAMLP_RESPONSE(response)->Status = status;

    return LASSO_NODE(response);
}
Example #16
0
END_TEST

START_TEST(test02_serviceProviderLogin)
{
    char *serviceProviderContextDump, *identityProviderContextDump;
    LassoServer *spContext, *idpContext;
    LassoLogin *spLoginContext, *idpLoginContext;
    LassoLibAuthnRequest *request;
    int rc = 0;
    char *relayState;
    char *authnRequestUrl, *authnRequestQuery;
    char *responseUrl, *responseQuery;
    char *idpIdentityContextDump, *idpSessionContextDump;
    char *serviceProviderId, *soapRequestMsg, *soapResponseMsg;
    char *spIdentityContextDump;
    char *spSessionDump;
    char *spLoginDump;
    int requestType;
    char *found;

    serviceProviderContextDump = generateServiceProviderContextDump();
    spContext = lasso_server_new_from_dump(serviceProviderContextDump);
    spLoginContext = lasso_login_new(spContext);
    fail_unless(spLoginContext != NULL,
                "lasso_login_new() shouldn't have returned NULL");
    rc = lasso_login_init_authn_request(spLoginContext, "https://idp1/metadata",
                                        LASSO_HTTP_METHOD_REDIRECT);
    fail_unless(rc == 0, "lasso_login_init_authn_request failed");
    request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(spLoginContext)->request);
    fail_unless(LASSO_IS_LIB_AUTHN_REQUEST(request), "request should be authn_request");
    request->IsPassive = 0;
    request->NameIDPolicy = g_strdup(LASSO_LIB_NAMEID_POLICY_TYPE_FEDERATED);
    request->consent = g_strdup(LASSO_LIB_CONSENT_OBTAINED);
    relayState = "fake[]";
    request->RelayState = g_strdup(relayState);
    rc = lasso_login_build_authn_request_msg(spLoginContext);
    fail_unless(rc == 0, "lasso_login_build_authn_request_msg failed");
    authnRequestUrl = LASSO_PROFILE(spLoginContext)->msg_url;
    fail_unless(authnRequestUrl != NULL,
                "authnRequestUrl shouldn't be NULL");
    authnRequestQuery = strchr(authnRequestUrl, '?')+1;
    fail_unless(strlen(authnRequestQuery) > 0,
                "authnRequestQuery shouldn't be an empty string");
    spLoginDump = lasso_node_dump(LASSO_NODE(spLoginContext));
    fail_unless(strstr(authnRequestQuery, "RelayState") != NULL,
                "authnRequestQuery should contain a RelayState parameter");
    fail_unless(strstr(authnRequestQuery, "fake%5B%5D") != NULL,
                "authnRequestQuery RelayState parameter should be encoded");

    /* Identity provider singleSignOn, for a user having no federation. */
    identityProviderContextDump = generateIdentityProviderContextDump();
    idpContext = lasso_server_new_from_dump(identityProviderContextDump);
    idpLoginContext = lasso_login_new(idpContext);
    fail_unless(idpLoginContext != NULL,
                "lasso_login_new() shouldn't have returned NULL");
    rc = lasso_login_process_authn_request_msg(idpLoginContext, authnRequestQuery);
    fail_unless(rc == 0, "lasso_login_process_authn_request_msg failed");
    fail_unless(lasso_login_must_authenticate(idpLoginContext),
                "lasso_login_must_authenticate() should be TRUE");
    fail_unless(idpLoginContext->protocolProfile == LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART,
                "protocoleProfile should be ProfileBrwsArt");
    fail_unless(! lasso_login_must_ask_for_consent(idpLoginContext),
                "lasso_login_must_ask_for_consent() should be FALSE");
    fail_unless(idpLoginContext->parent.msg_relayState != NULL,
                "lasso_login_process_authn_request_msg should restore the RelayState parameter");
    fail_unless(lasso_strisequal(idpLoginContext->parent.msg_relayState,relayState),
                "lasso_login_process_authn_request_msg should restore the same RelayState thant sent in the request");
    rc = lasso_login_validate_request_msg(idpLoginContext,
                                          1, /* authentication_result */
                                          0 /* is_consent_obtained */
                                         );

    rc = lasso_login_build_assertion(idpLoginContext,
                                     LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
                                     "FIXME: authenticationInstant",
                                     "FIXME: reauthenticateOnOrAfter",
                                     "FIXME: notBefore",
                                     "FIXME: notOnOrAfter");
    rc = lasso_login_build_artifact_msg(idpLoginContext, LASSO_HTTP_METHOD_REDIRECT);
    fail_unless(rc == 0, "lasso_login_build_artifact_msg failed");

    idpIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(idpLoginContext)->identity);
    fail_unless(idpIdentityContextDump != NULL,
                "lasso_identity_dump shouldn't return NULL");
    idpSessionContextDump = lasso_session_dump(LASSO_PROFILE(idpLoginContext)->session);
    fail_unless(idpSessionContextDump != NULL,
                "lasso_session_dump shouldn't return NULL");
    responseUrl = LASSO_PROFILE(idpLoginContext)->msg_url;
    fail_unless(responseUrl != NULL, "responseUrl shouldn't be NULL");
    responseQuery = strchr(responseUrl, '?')+1;
    fail_unless(strlen(responseQuery) > 0,
                "responseQuery shouldn't be an empty string");
    fail_unless(strstr(responseQuery, "RelayState") != NULL,
                "responseQuery should contain a RelayState parameter");
    fail_unless(strstr(responseQuery, "fake%5B%5D") != NULL,
                "responseQuery RelayState parameter should be encoded");
    serviceProviderId = g_strdup(LASSO_PROFILE(idpLoginContext)->remote_providerID);
    fail_unless(serviceProviderId != NULL,
                "lasso_profile_get_remote_providerID shouldn't return NULL");

    /* Service provider assertion consumer */
    lasso_server_destroy(spContext);
    lasso_login_destroy(spLoginContext);

    spContext = lasso_server_new_from_dump(serviceProviderContextDump);
    spLoginContext = lasso_login_new_from_dump(spContext, spLoginDump);
    rc = lasso_login_init_request(spLoginContext,
                                  responseQuery,
                                  LASSO_HTTP_METHOD_REDIRECT);
    fail_unless(spLoginContext->parent.msg_relayState != NULL,
                "lasso_login_init_request should restore the RelayState parameter");
    fail_unless(lasso_strisequal(spLoginContext->parent.msg_relayState,relayState),
                "lasso_login_init_request should restore the same RelayState thant sent in the request");
    fail_unless(rc == 0, "lasso_login_init_request failed");
    rc = lasso_login_build_request_msg(spLoginContext);
    fail_unless(rc == 0, "lasso_login_build_request_msg failed");
    soapRequestMsg = LASSO_PROFILE(spLoginContext)->msg_body;
    fail_unless(soapRequestMsg != NULL, "soapRequestMsg must not be NULL");

    /* Identity provider SOAP endpoint */
    lasso_server_destroy(idpContext);
    lasso_login_destroy(idpLoginContext);
    requestType = lasso_profile_get_request_type_from_soap_msg(soapRequestMsg);
    fail_unless(requestType == LASSO_REQUEST_TYPE_LOGIN,
                "requestType should be LASSO_REQUEST_TYPE_LOGIN");

    idpContext = lasso_server_new_from_dump(identityProviderContextDump);
    idpLoginContext = lasso_login_new(idpContext);
    rc = lasso_login_process_request_msg(idpLoginContext, soapRequestMsg);
    fail_unless(rc == 0, "lasso_login_process_request_msg failed");

    rc = lasso_profile_set_session_from_dump(LASSO_PROFILE(idpLoginContext),
            idpSessionContextDump);
    fail_unless(rc == 0, "lasso_login_set_assertion_from_dump failed");
    rc = lasso_login_build_response_msg(idpLoginContext, serviceProviderId);
    fail_unless(rc == 0, "lasso_login_build_response_msg failed");
    soapResponseMsg =  LASSO_PROFILE(idpLoginContext)->msg_body;
    fail_unless(soapResponseMsg != NULL, "soapResponseMsg must not be NULL");

    /* Service provider assertion consumer (step 2: process SOAP response) */
    rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
    fail_unless(rc == 0, "lasso_login_process_response_msg failed");
    rc = lasso_login_accept_sso(spLoginContext);
    fail_unless(rc == 0, "lasso_login_accept_sso failed");
    fail_unless(LASSO_PROFILE(spLoginContext)->identity != NULL,
                "spLoginContext has no identity");
    spIdentityContextDump = lasso_identity_dump(LASSO_PROFILE(spLoginContext)->identity);
    fail_unless(spIdentityContextDump != NULL, "lasso_identity_dump failed");
    spSessionDump = lasso_session_dump(LASSO_PROFILE(spLoginContext)->session);

    /* Test InResponseTo checking */
    found = strstr(soapResponseMsg, "Assertion");
    fail_unless(found != NULL, "We must find an Assertion");
    found = strstr(found, "InResponseTo=\"");
    fail_unless(found != NULL, "We must find an InResponseTo attribute");
    found[sizeof("InResponseTo=\"")] = '?';
    lasso_set_flag("no-verify-signature");
    rc = lasso_login_process_response_msg(spLoginContext, soapResponseMsg);
    lasso_set_flag("verify-signature");
    fail_unless(rc != 0, "lasso_login_process_response_msg must fail");
    rc = lasso_login_accept_sso(spLoginContext);
    fail_unless(rc == 0, "lasso_login_accept_sso must fail");

    g_free(spLoginDump);
    g_free(serviceProviderId);
    g_free(serviceProviderContextDump);
    g_free(identityProviderContextDump);
    g_free(idpSessionContextDump);
    g_free(idpIdentityContextDump);
    g_free(spIdentityContextDump);
    g_free(spSessionDump);
    g_object_unref(spContext);
    g_object_unref(idpContext);
    g_object_unref(spLoginContext);
    g_object_unref(idpLoginContext);
}
Example #17
0
File: server.c Project: adieu/lasso
static void
add_childnode_from_list(LassoNode *value, xmlNode *xmlnode)
{
	xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
}
Example #18
0
/**
 * lasso_server_destroy:
 * @server: a #LassoServer
 *
 * Destroys a server.
 **/
void
lasso_server_destroy(LassoServer *server)
{
	lasso_node_destroy(LASSO_NODE(server));
}
Example #19
0
static void
add_service_childnode(G_GNUC_UNUSED gchar *key, LassoNode *value, xmlNode *xmlnode)
{
	xmlAddChild(xmlnode, lasso_node_get_xmlNode(LASSO_NODE(value), TRUE));
}
Example #20
0
File: ecp.c Project: adieu/lasso
/**
 * lasso_ecp_destroy:
 * @ecp: a #LassoEcp
 *
 * Destroys a #LassoEcp object
 *
 **/
void
lasso_ecp_destroy(LassoEcp *ecp)
{
	lasso_node_destroy(LASSO_NODE(ecp));
}
Example #21
0
/**
 * lasso_identity_dump:
 * @identity: a #LassoIdentity
 *
 * Dumps @identity content to an XML string.
 *
 * Return value:(transfer full): the dump string.  It must be freed by the caller.
 **/
gchar*
lasso_identity_dump(LassoIdentity *identity)
{
	return lasso_node_dump(LASSO_NODE(identity));
}
Example #22
0
static int
init_from_xml(LassoNode *node, xmlNode *xmlnode)
{
	LassoServer *server = LASSO_SERVER(node);
	xmlNode *t;
	xmlChar *s;
	int rc = 0;

	rc = parent_class->init_from_xml(node, xmlnode);

	if (server->private_key) {
		server->private_data->encryption_private_key =
			lasso_xmlsec_load_private_key(server->private_key, server->private_key_password);
	}
	if (rc)
		return rc;

	s = xmlGetProp(xmlnode, (xmlChar*)"SignatureMethod");
	if (s && strcmp((char*)s, "RSA_SHA1") == 0)
		server->signature_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
	if (s && strcmp((char*)s, "DSA_SHA1") == 0)
		server->signature_method = LASSO_SIGNATURE_METHOD_DSA_SHA1;
	if (s)
		xmlFree(s);

	t = xmlnode->children;
	while (t) {
		xmlNode *t2 = t->children;

		if (t->type != XML_ELEMENT_NODE) {
			t = t->next;
			continue;
		}

		/* Providers */
		if (strcmp((char*)t->name, "Providers") == 0) {
			while (t2) {
				LassoProvider *p;
				if (t2->type != XML_ELEMENT_NODE) {
					t2 = t2->next;
					continue;
				}
				p = g_object_new(LASSO_TYPE_PROVIDER, NULL);
				LASSO_NODE_GET_CLASS(p)->init_from_xml(LASSO_NODE(p), t2);
				if (lasso_provider_load_public_key(p, LASSO_PUBLIC_KEY_SIGNING)) {
					g_hash_table_insert(server->providers,
							g_strdup(p->ProviderID), p);
				} else {
					message(G_LOG_LEVEL_CRITICAL,
							"Failed to load signing public key for %s.",
							p->ProviderID);
				}
				t2 = t2->next;
			}
		}

#ifdef LASSO_WSF_ENABLED
		lasso_server_init_id_wsf_services(server, t);
		lasso_server_init_id_wsf20_svcmds(server, t);
#endif

		t = t->next;
	}

	return 0;
}
Example #23
0
/**
 * lasso_server_dump:
 * @server: a #LassoServer
 *
 * Dumps @server content to an XML string.
 *
 * Return value:(transfer full): the dump string.  It must be freed by the caller.
 **/
gchar*
lasso_server_dump(LassoServer *server)
{
	return lasso_node_dump(LASSO_NODE(server));
}