static gint
lasso_server_add_provider_helper(LassoServer *server, LassoProviderRole role,
const gchar *metadata, const gchar *public_key, const gchar *ca_cert_chain,
LassoProvider *(*provider_constructor)(LassoProviderRole role,
const char *metadata, const char *public_key, const char *ca_cert_chain))
{
LassoProvider *provider;
g_return_val_if_fail(LASSO_IS_SERVER(server), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
g_return_val_if_fail(metadata != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
provider = provider_constructor(role, metadata, public_key, ca_cert_chain);
if (provider == NULL) {
return critical_error(LASSO_SERVER_ERROR_ADD_PROVIDER_FAILED);
}
provider->role = role;
if (LASSO_PROVIDER(server)->private_data->conformance == LASSO_PROTOCOL_SAML_2_0 &&
provider->private_data->conformance != LASSO_PROTOCOL_SAML_2_0) {
lasso_node_destroy(LASSO_NODE(provider));
return LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH;
}
if (LASSO_PROVIDER(server)->private_data->conformance == LASSO_PROTOCOL_LIBERTY_1_2 &&
provider->private_data->conformance > LASSO_PROTOCOL_LIBERTY_1_2) {
lasso_node_destroy(LASSO_NODE(provider));
return LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH;
}
g_hash_table_insert(server->providers, g_strdup(provider->ProviderID), provider);
return 0;
}
END_TEST
START_TEST(test01_server_new)
{
LassoServer *server;
LassoProvider *provider;
char *dump;
char *content = NULL;
size_t len;
server = lasso_server_new(
TESTSDATADIR "/idp1-la/metadata.xml",
TESTSDATADIR "/idp1-la/private-key-raw.pem",
NULL, /* Secret key to unlock private key */
TESTSDATADIR "/idp1-la/certificate.pem");
fail_unless(LASSO_IS_SERVER(server));
provider = LASSO_PROVIDER(server);
fail_unless(server->private_key != NULL);
fail_unless(server->private_key_password == NULL);
fail_unless(server->certificate != NULL);
fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
fail_unless(provider->ProviderID != NULL);
fail_unless(provider->role == 0);
fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
fail_unless(strcmp(provider->metadata_filename, content) == 0);
g_free(content);
fail_unless(provider->public_key == NULL);
fail_unless(provider->ca_cert_chain == NULL);
dump = lasso_node_dump(LASSO_NODE(server));
fail_unless(dump != NULL);
g_object_unref(server);
server = lasso_server_new_from_dump(dump);
fail_unless(LASSO_IS_SERVER(server));
provider = LASSO_PROVIDER(server);
fail_unless(server->private_key != NULL);
fail_unless(server->private_key_password == NULL);
fail_unless(server->certificate != NULL);
fail_unless(server->signature_method == LASSO_SIGNATURE_METHOD_RSA_SHA1);
fail_unless(server->providers != NULL);
fail_unless(provider->ProviderID != NULL);
fail_unless(provider->role == 0, "provider->role != 0 => provider := %d", provider->role);
fail_unless(g_file_get_contents(TESTSDATADIR "/idp1-la/metadata.xml", &content, &len, NULL));
fail_unless(strcmp(provider->metadata_filename, content) == 0);
fail_unless(provider->public_key == NULL);
fail_unless(provider->ca_cert_chain == NULL);
g_object_unref(server);
lasso_release_string(dump);
lasso_release_string(content);
}
/**
* lasso_server_new_from_buffers:
* @metadata: NULL terminated string containing the content of an ID-FF 1.2 metadata file
* @private_key_content:(allow-none): NULL terminated string containing a PEM formatted private key
* @private_key_password:(allow-none): a NULL terminated string which is the optional password of
* the private key
* @certificate_content:(allow-none): NULL terminated string containing a PEM formatted X509
* certificate
*
* Creates a new #LassoServer.
*
* Return value: a newly created #LassoServer object; or NULL if an error occured
*/
LassoServer*
lasso_server_new_from_buffers(const char *metadata, const char *private_key_content, const char
*private_key_password, const char *certificate_content)
{
LassoServer *server;
server = g_object_new(LASSO_TYPE_SERVER, NULL);
/* metadata can be NULL (if server is a LECP) */
if (metadata != NULL) {
if (lasso_provider_load_metadata_from_buffer(LASSO_PROVIDER(server), metadata) == FALSE) {
message(G_LOG_LEVEL_CRITICAL,
"Failed to load metadata from preloaded buffer");
lasso_node_destroy(LASSO_NODE(server));
return NULL;
}
}
lasso_assign_string(server->certificate, certificate_content);
if (private_key_content) {
lasso_assign_string(server->private_key, private_key_content);
lasso_assign_string(server->private_key_password, private_key_password);
server->private_data->encryption_private_key =
lasso_xmlsec_load_private_key_from_buffer(private_key_content,
strlen(private_key_content), private_key_password);
if (! server->private_data->encryption_private_key) {
message(G_LOG_LEVEL_WARNING, "Cannot load the private key");
lasso_release_gobject(server);
}
}
lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_SIGNING);
lasso_provider_load_public_key(&server->parent, LASSO_PUBLIC_KEY_ENCRYPTION);
return server;
}
/**
* lasso_server_get_first_providerID_by_role
* @server: a #LassoServer
* @role: the #LassoProviderRole of the researched provider
*
* Looks up and returns the provider ID of known provider with the given role.
*
* Return value: the provider ID, NULL if there are no providers. This string
* must be freed by the caller.
*/
gchar *
lasso_server_get_first_providerID_by_role(const LassoServer *server, LassoProviderRole role)
{
LassoProvider *a_provider;
a_provider = LASSO_PROVIDER(g_hash_table_find(server->providers,
(GHRFunc) get_first_providerID_by_role,
(gpointer)role));
if (a_provider) {
return g_strdup(a_provider->ProviderID);
} else {
return NULL;
}
}
/**
* lasso_server_load_affiliation:
* @server: a #LassoServer
* @filename: file name of the affiliation metadata to load
*
* Load an affiliation metadata file into @server; this must be called after
* providers have been added to @server.
*
* Return value: 0 on success; another value if an error occured.
**/
int
lasso_server_load_affiliation(LassoServer *server, const gchar *filename)
{
LassoProvider *provider = LASSO_PROVIDER(server);
xmlDoc *doc;
xmlNode *node;
int rc = 0;
doc = lasso_xml_parse_file(filename);
goto_cleanup_if_fail_with_rc (doc != NULL, LASSO_XML_ERROR_INVALID_FILE);
node = xmlDocGetRootElement(doc);
goto_cleanup_if_fail_with_rc (node != NULL && node->ns != NULL, LASSO_XML_ERROR_NODE_NOT_FOUND);
if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
rc = lasso_saml20_server_load_affiliation(server, node);
} else {
/* affiliations are not supported in ID-FF 1.2 mode */
rc = LASSO_ERROR_UNIMPLEMENTED;
}
cleanup:
lasso_release_doc(doc);
return rc;
}