void
lasso_idwsf2_util_response_set_status2(LassoIdWsf2UtilResponse *idwsf2_util_response,
const char *status, const char *status2)
{
LassoIdWsf2UtilStatus *idwsf2_util_status = NULL;
LassoIdWsf2UtilStatus *idwsf2_util_status2 = NULL;
if (! LASSO_IS_IDWSF2_UTIL_RESPONSE(idwsf2_util_response))
return;
if (status2 == NULL || status2[0] == '\0')
return;
if (status) {
idwsf2_util_status = lasso_idwsf2_util_status_new();
lasso_assign_string(idwsf2_util_status->code, status);
} else {
if (LASSO_IS_IDWSF2_UTIL_STATUS(idwsf2_util_response->Status)) {
idwsf2_util_status = idwsf2_util_response->Status;
} else {
return;
}
}
if (idwsf2_util_status) {
idwsf2_util_status2 = lasso_idwsf2_util_status_new();
lasso_assign_string(idwsf2_util_status2->code, status2);
lasso_list_add_new_gobject(idwsf2_util_status->Status, idwsf2_util_status2);
lasso_assign_new_gobject(idwsf2_util_response->Status, idwsf2_util_status);
}
}
/**
* lasso_login_assertion_add_discovery:
* @login: a #LassoLogin object
* @assertion: a #LassoSamlAssertion object
*
* Adds AttributeStatement and ResourceOffering attributes to @assertion of a @login object if there
* is a discovery service registerered in the @LassoLogin.server field.
* .
**/
void
lasso_login_assertion_add_discovery(LassoLogin *login, LassoSamlAssertion *assertion)
{
LassoProfile *profile = LASSO_PROFILE(login);
LassoDiscoResourceOffering *resourceOffering;
LassoDiscoServiceInstance *serviceInstance, *newServiceInstance;
LassoSamlAttributeStatement *attributeStatement;
LassoSamlAttribute *attribute;
LassoSamlAttributeValue *attributeValue;
serviceInstance = lasso_server_get_service(profile->server, LASSO_DISCO_HREF);
if (LASSO_IS_DISCO_SERVICE_INSTANCE(serviceInstance) &&
login->private_data->resourceId) {
newServiceInstance = lasso_disco_service_instance_copy(serviceInstance);
resourceOffering = lasso_disco_resource_offering_new(newServiceInstance);
lasso_release_gobject(newServiceInstance);
lasso_assign_gobject(resourceOffering->ResourceID, login->private_data->resourceId);
attributeValue = lasso_saml_attribute_value_new();
lasso_list_add_new_gobject(attributeValue->any, resourceOffering);
attribute = lasso_saml_attribute_new();
lasso_assign_string(attribute->attributeName, "DiscoveryResourceOffering");
lasso_assign_string(attribute->attributeNameSpace, LASSO_DISCO_HREF);
lasso_list_add_new_gobject(attribute->AttributeValue, attributeValue);
attributeStatement = lasso_saml_attribute_statement_new();
lasso_list_add_new_gobject(attributeStatement->Attribute, attribute);
lasso_assign_new_gobject(assertion->AttributeStatement, attributeStatement);
/* FIXME: Add CredentialsRef and saml:Advice Assertions */
}
}
END_TEST
START_TEST(test06_lib_statuscode)
{
/* check status code value in samlp:Response; it is a QName, if it
* starts with lib:, that namespace must be defined. (was bug#416)
*/
LassoSamlpResponse *response = LASSO_SAMLP_RESPONSE(lasso_samlp_response_new());
char *dump = NULL;
lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_SUCCESS);
dump = lasso_node_dump(LASSO_NODE(response));
fail_unless(strstr(dump, "xmlns:lib=") == NULL,
"liberty namespace should not be defined");
lasso_release_string(dump);
lasso_assign_string(response->Status->StatusCode->Value, LASSO_SAML_STATUS_CODE_RESPONDER);
response->Status->StatusCode->StatusCode = lasso_samlp_status_code_new();
response->Status->StatusCode->StatusCode->Value = g_strdup(
LASSO_LIB_STATUS_CODE_UNKNOWN_PRINCIPAL);
dump = lasso_node_dump(LASSO_NODE(response));
fail_unless(strstr(dump, "xmlns:lib=") != NULL,
"liberty namespace should be defined");
lasso_release_string(dump);
g_object_unref(response);
}
/**
* lasso_server_new_from_buffers:
* @metadata: NULL terminated string containing the content of an ID-FF 1.2 metadata file
* @private_key_content:(allow-none): NULL terminated string containing a PEM formatted private key
* @private_key_password:(allow-none): a NULL terminated string which is the optional password of
* the private key
* @certificate_content:(allow-none): NULL terminated string containing a PEM formatted X509
* certificate
*
* Creates a new #LassoServer.
*
* Return value: a newly created #LassoServer object; or NULL if an error occured
*/
LassoServer*
lasso_server_new_from_buffers(const char *metadata, const char *private_key_content, const char
*private_key_password, const char *certificate_content)
{
LassoServer *server;
server = g_object_new(LASSO_TYPE_SERVER, NULL);
/* metadata can be NULL (if server is a LECP) */
if (metadata != NULL) {
if (lasso_provider_load_metadata_from_buffer(LASSO_PROVIDER(server), metadata) == FALSE) {
message(G_LOG_LEVEL_CRITICAL,
"Failed to load metadata from preloaded buffer");
lasso_node_destroy(LASSO_NODE(server));
return NULL;
}
}
lasso_assign_string(server->certificate, certificate_content);
if (private_key_content) {
lasso_assign_string(server->private_key, private_key_content);
lasso_assign_string(server->private_key_password, private_key_password);
server->private_data->encryption_private_key =
lasso_xmlsec_load_private_key_from_buffer(private_key_content,
strlen(private_key_content), private_key_password);
if (! server->private_data->encryption_private_key) {
message(G_LOG_LEVEL_WARNING, "Cannot load the private key");
lasso_release_gobject(server);
}
}
lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_SIGNING);
lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_ENCRYPTION);
return server;
}
/**
* lasso_assertion_query_add_attribute_request:
* @assertion_query: a #LassoAssertionQuery object
* @attribute_format: the attribute designator format
* @attribute_name: the attribute designator name
*
* Append a new attribute designator to the current attribute request.
*
* Return value: 0 if successful, an error code otherwise.
*/
int
lasso_assertion_query_add_attribute_request(LassoAssertionQuery *assertion_query,
char *format, char *name)
{
int rc = 0;
LassoSaml2Attribute *attribute = NULL;
LassoSamlp2AttributeQuery *query = NULL;
lasso_bad_param(ASSERTION_QUERY, assertion_query);
lasso_null_param(format);
lasso_null_param(name);
query = (LassoSamlp2AttributeQuery*) assertion_query->parent.request;
g_return_val_if_fail(LASSO_IS_SAMLP2_ATTRIBUTE_QUERY(query),
LASSO_ASSERTION_QUERY_ERROR_NOT_AN_ATTRIBUTE_QUERY);
/* Check unicity */
attribute = lasso_assertion_query_lookup_attribute(assertion_query, format, name);
if (attribute != NULL) {
return LASSO_ASSERTION_QUERY_ERROR_ATTRIBUTE_REQUEST_ALREADY_EXIST;
}
/* Do the work */
attribute = (LassoSaml2Attribute*)lasso_saml2_attribute_new();
lasso_assign_string(attribute->NameFormat, format);
lasso_assign_string(attribute->Name, name);
lasso_list_add_new_gobject(query->Attribute, attribute);
return rc;
}
LassoSoapFault*
lasso_soap_fault_new_full(const char *faultcode, const char *faultstring)
{
LassoSoapFault *soap_fault;
if (! faultcode && ! faultstring)
return NULL;
soap_fault = g_object_new(LASSO_TYPE_SOAP_FAULT, NULL);
lasso_assign_string(soap_fault->faultcode, faultcode);
lasso_assign_string(soap_fault->faultstring, faultstring);
return soap_fault;
}
/**
* lasso_wsa_endpoint_reference_add_security_token:
* @epr: a #LassoWsAddrEndpointReference object
* @security_token: a security token as a #LassoNode object
* @security_mechanisms:(element-type utf8): a list of security mechanism
* for whom the token is made
*
* Add a new security context declaration for the given security mechanisms identifiers and populate
* it with a security token.
*
* Return value: 0 if successfull, an error code otherwise.
*/
int
lasso_wsa_endpoint_reference_add_security_token(LassoWsAddrEndpointReference *epr,
LassoNode *security_token, GList *security_mechanisms)
{
LassoIdWsf2SecToken *sec_token = NULL;
LassoWsAddrMetadata *metadata = NULL;
LassoIdWsf2DiscoSecurityContext *security_context = NULL;
int rc = 0;
lasso_bad_param(WSA_ENDPOINT_REFERENCE, epr);
lasso_bad_param(NODE, security_token);
lasso_extract_node_or_fail(metadata, epr->Metadata, WSA_METADATA, LASSO_PARAM_ERROR_INVALID_VALUE);
sec_token = lasso_idwsf2_sec_token_new();
lasso_assign_gobject(sec_token->any, security_token);
lasso_assign_string(sec_token->usage, LASSO_IDWSF2_SEC_TOKEN_USAGE_SECURITY_TOKEN);
security_context = lasso_idwsf2_disco_security_context_new();
lasso_assign_list_of_strings(security_context->SecurityMechID,
security_mechanisms);
lasso_list_add_new_gobject(security_context->Token, sec_token);
lasso_list_add_new_gobject(metadata->any, security_context);
cleanup:
return rc;
}
/**
* lasso_idwsf2_util_response_set_status:
* @idwsf2_util_response: a #LassoIdWsf2UtilResponse object
* @status: a status code identifier
*
* Set the first level status code and no second level status code.
*/
void
lasso_idwsf2_util_response_set_status(LassoIdWsf2UtilResponse *idwsf2_util_response,
const char *status)
{
LassoIdWsf2UtilStatus *idwsf2_util_status;
if (! LASSO_IS_IDWSF2_UTIL_RESPONSE(idwsf2_util_response))
return;
if (status == NULL || status[0] == '\0')
return;
idwsf2_util_status = lasso_idwsf2_util_status_new();
lasso_assign_string(idwsf2_util_status->code, status);
lasso_assign_new_gobject(idwsf2_util_response->Status, idwsf2_util_status);
}
/**
* lasso_identity_add_resource_offering:
* @identity: a #LassoIdentity object
* @offering: a #LassoDiscoResourceOffering object to add
*
* Add a new offering to the identity object to be retrieved later by
* lasso_identity_get_offerings() or lasso_identity_get_resource_offering().
* It also allocate an entryId identifier for the offering, look into
* offering->entryID to get it after this call.
*
* Return value: Always 0, there should not be any error (if memory is not exhausted).
*/
gint
lasso_identity_add_resource_offering(LassoIdentity *identity,
LassoDiscoResourceOffering *offering)
{
char entry_id_s[20];
g_return_val_if_fail(LASSO_IS_IDENTITY(identity), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(LASSO_IS_DISCO_RESOURCE_OFFERING(offering),
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
do {
g_snprintf(entry_id_s, 18, "%d", identity->private_data->last_entry_id);
identity->private_data->last_entry_id++;
} while (g_hash_table_lookup(identity->private_data->resource_offerings_map, entry_id_s));
lasso_assign_string(offering->entryID, entry_id_s);
g_hash_table_insert(identity->private_data->resource_offerings_map,
g_strdup(offering->entryID), g_object_ref(offering));
identity->is_dirty = TRUE;
return 0;
}
/**
* lasso_ds_x509_data_set_crl:
* @x509_data: a #LassoDsX509Data object
* @crl: a base64 encoded string of the DER representation of the X509 CRL
*
* Set the content of the X509CRL sub-element, it should be a base64 encoded string.
*
*/
void
lasso_ds_x509_data_set_crl(LassoDsX509Data *x509_data, const char *crl) {
lasso_return_if_fail(LASSO_IS_DS_X509_DATA(x509_data));
lasso_assign_string(x509_data->private_data->X509CRL, crl);
}
/**
* lasso_ds_x509_data_set_subject_name:
* @x509_data: a #LassoDsX509Data object
* @subject_name: a base64 encoded string of the DER representation of the X509 subject_name
*
* Set the content of the X509SubjectName sub-element, it should be a base64 encoded string.
*
*/
void
lasso_ds_x509_data_set_subject_name(LassoDsX509Data *x509_data, const char *subject_name) {
lasso_return_if_fail(LASSO_IS_DS_X509_DATA(x509_data));
lasso_assign_string(x509_data->private_data->X509SubjectName, subject_name);
}
/**
* lasso_ds_x509_data_set_certificate:
* @x509_data: a #LassoDsX509Data object
* @certificate: a base64 encoded string of the DER representation of the X509 certificate
*
* Set the content of the X509Certificate sub-element, it should be a base64 encoded string.
*
*/
void
lasso_ds_x509_data_set_certificate(LassoDsX509Data *x509_data, const char *certificate) {
lasso_return_if_fail(LASSO_IS_DS_X509_DATA(x509_data));
lasso_assign_string(x509_data->private_data->X509Certificate, certificate);
}
