256
256
protocol_methods[http_method+1]);
258
258
if (lasso_provider_has_protocol_profile(provider,
259
protocol_type, protocol_profile) == FALSE)
259
protocol_type, protocol_profile) == FALSE) {
260
g_free(protocol_profile);
262
264
if (lasso_provider_has_protocol_profile(remote_provider,
263
protocol_type, protocol_profile) == FALSE)
265
protocol_type, protocol_profile) == FALSE) {
266
g_free(protocol_profile);
270
g_free(protocol_profile);
498
507
provider->private_data->signing_key_descriptor = NULL;
510
if (provider->private_data->encryption_key_descriptor) {
511
xmlFreeNode(provider->private_data->encryption_key_descriptor);
512
provider->private_data->encryption_key_descriptor = NULL;
515
if (provider->private_data->encryption_public_key_str) {
516
g_free(provider->private_data->encryption_public_key_str);
517
provider->private_data->encryption_public_key_str = NULL;
520
if (provider->private_data->encryption_public_key) {
521
xmlSecKeyDestroy(provider->private_data->encryption_public_key);
522
provider->private_data->encryption_public_key = NULL;
525
g_free(provider->private_data->affiliation_id);
526
provider->private_data->affiliation_id = NULL;
527
g_free(provider->private_data->affiliation_owner_id);
528
provider->private_data->affiliation_owner_id = NULL;
501
530
G_OBJECT_CLASS(parent_class)->dispose(G_OBJECT(provider));
532
557
provider->private_data = g_new(LassoProviderPrivate, 1);
533
558
provider->private_data->dispose_has_run = FALSE;
534
559
provider->private_data->default_assertion_consumer = NULL;
560
provider->private_data->affiliation_id = NULL;
561
provider->private_data->affiliation_owner_id = NULL;
535
562
provider->private_data->organization = NULL;
536
563
provider->private_data->public_key = NULL;
537
564
provider->private_data->signing_key_descriptor = NULL;
565
provider->private_data->encryption_key_descriptor = NULL;
566
provider->private_data->encryption_public_key_str = NULL;
567
provider->private_data->encryption_public_key = NULL;
568
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
539
570
/* no value_destroy_func since it shouldn't destroy the GList on insert */
540
571
provider->private_data->IDPDescriptor = g_hash_table_new_full(
608
639
node = xmlDocGetRootElement(doc);
609
if (node == NULL || node->ns == NULL)
640
if (node == NULL || node->ns == NULL) {
612
645
provider->metadata_filename = g_strdup(metadata);
614
if (strcmp((char*)node->ns->href, LASSO_SAML20_METADATA_HREF) == 0) {
647
if (strcmp((char*)node->ns->href, LASSO_SAML2_METADATA_HREF) == 0) {
615
649
provider->private_data->conformance = LASSO_PROTOCOL_SAML_2_0;
616
return lasso_saml20_provider_load_metadata(provider, node);
650
result = lasso_saml20_provider_load_metadata(provider, node);
619
655
provider->private_data->conformance = LASSO_PROTOCOL_LIBERTY_1_2;
718
755
provider->public_key = g_strdup(public_key);
719
756
provider->ca_cert_chain = g_strdup(ca_cert_chain);
721
if (lasso_provider_load_public_key(provider) == FALSE) {
722
message(G_LOG_LEVEL_CRITICAL, "Failed to load public key for %s.",
758
if (lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_SIGNING) == FALSE) {
759
message(G_LOG_LEVEL_CRITICAL, "Failed to load signing public key for %s.",
723
760
provider->ProviderID);
724
761
lasso_node_destroy(LASSO_NODE(provider));
765
lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_ENCRYPTION);
767
provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
732
lasso_provider_load_public_key(LassoProvider *provider)
773
lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType public_key_type)
734
775
LassoPemFileType file_type;
776
gchar *public_key = NULL;
777
xmlNode *key_descriptor = NULL;
735
778
xmlSecKey *pub_key = NULL;
736
779
xmlSecKeyDataFormat key_formats[] = {
737
780
xmlSecKeyDataFormatDer,
748
if (provider->public_key == NULL && provider->private_data->signing_key_descriptor == NULL)
791
if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
792
public_key = provider->public_key;
793
key_descriptor = provider->private_data->signing_key_descriptor;
795
key_descriptor = provider->private_data->encryption_key_descriptor;
798
if (public_key == NULL && key_descriptor == NULL) {
751
if (provider->public_key == NULL) {
752
xmlNode *t = provider->private_data->signing_key_descriptor->children;
802
if (public_key == NULL) {
803
xmlNode *t = key_descriptor->children;
753
804
xmlChar *b64_value;
754
805
xmlSecByte *value;
757
xmlSecKey *xmlseckey;
758
xmlSecKeyInfoCtxPtr ctx;
760
xmlseckey = xmlSecKeyCreate();
762
ctx = xmlSecKeyInfoCtxCreate(NULL);
763
ctx->mode = xmlSecKeyInfoModeRead;
765
809
/* could use XPath but going down manually will do */
767
811
if (t->type == XML_ELEMENT_NODE) {
768
812
if (strcmp((char*)t->name, "KeyInfo") == 0 ||
769
813
strcmp((char*)t->name, "X509Data") == 0) {
770
xmlSecKeyInfoNodeRead(t, xmlseckey, ctx);
775
817
if (strcmp((char*)t->name, "X509Certificate") == 0)
819
if (strcmp((char*)t->name, "KeyValue") == 0)
783
828
b64_value = xmlNodeGetContent(t);
829
if (public_key_type == LASSO_PUBLIC_KEY_ENCRYPTION) {
830
provider->private_data->encryption_public_key_str =
831
g_strdup((char*)b64_value);
784
833
length = strlen((char*)b64_value);
785
834
value = g_malloc(length);
835
xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
786
836
rc = xmlSecBase64Decode(b64_value, value, length);
788
838
/* bad base-64 */
840
value = (xmlSecByte*)g_strdup((char*)b64_value);
841
rc = strlen((char*)value);
792
//xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
793
844
for (i=0; key_formats[i] && pub_key == NULL; i++) {
794
845
pub_key = xmlSecCryptoAppKeyLoadMemory(value, rc,
795
846
key_formats[i], NULL, NULL, NULL);
797
//xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
848
xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
798
849
xmlFree(b64_value);
800
provider->private_data->public_key = pub_key;
852
if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
853
provider->private_data->public_key = pub_key;
855
provider->private_data->encryption_public_key = pub_key;
806
file_type = lasso_get_pem_file_type(provider->public_key);
863
if (public_key_type == LASSO_PUBLIC_KEY_ENCRYPTION) {
864
/* encryption public key can never be set by filename */
868
file_type = lasso_get_pem_file_type(public_key);
807
869
switch (file_type) {
808
870
case LASSO_PEM_FILE_TYPE_UNKNOWN:
809
871
break; /* with a warning ? */
810
872
case LASSO_PEM_FILE_TYPE_CERT:
811
pub_key = lasso_get_public_key_from_pem_cert_file(
812
provider->public_key);
873
pub_key = lasso_get_public_key_from_pem_cert_file(public_key);
814
875
case LASSO_PEM_FILE_TYPE_PUB_KEY:
815
pub_key = xmlSecCryptoAppKeyLoad(provider->public_key,
876
pub_key = xmlSecCryptoAppKeyLoad(public_key,
816
877
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
818
879
case LASSO_PEM_FILE_TYPE_PRIVATE_KEY:
819
880
break; /* with a warning ? */
821
883
provider->private_data->public_key = pub_key;
823
885
return (pub_key != NULL);
859
926
xmlSecKeysMngr *keys_mngr = NULL;
860
927
xmlSecDSigCtx *dsigCtx;
929
xmlXPathContext *xpathCtx = NULL;
930
xmlXPathObject *xpathObj = NULL;
863
933
msg = (char*)message;
865
935
if (message == NULL)
936
return LASSO_PROFILE_ERROR_INVALID_MSG;
868
938
if (format == LASSO_MESSAGE_FORMAT_ERROR)
939
return LASSO_PROFILE_ERROR_INVALID_MSG;
870
940
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN)
941
return LASSO_PROFILE_ERROR_INVALID_MSG;
873
943
if (format == LASSO_MESSAGE_FORMAT_QUERY) {
874
944
return lasso_query_verify_signature(message,
893
963
if (format == LASSO_MESSAGE_FORMAT_SOAP) {
894
xmlXPathContext *xpathCtx = NULL;
895
xmlXPathObject *xpathObj;
897
964
xpathCtx = xmlXPathNewContext(doc);
898
965
xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
899
966
xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body/*", xpathCtx);
900
967
if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr ) {
901
968
xmlnode = xpathObj->nodesetval->nodeTab[0];
903
xmlXPathFreeObject(xpathObj);
904
xmlXPathFreeContext(xpathCtx);
905
970
if (xmlnode == NULL) {
972
xmlXPathFreeContext(xpathCtx);
973
xmlXPathFreeObject(xpathObj);
974
return LASSO_PROFILE_ERROR_INVALID_MSG;
910
977
xmlnode = xmlDocGetRootElement(doc);
982
for (sign = xmlnode->children; sign; sign = sign->next) {
983
if (strcmp((char*)sign->name, "Signature") == 0)
987
/* If no signature was found, look for one in assertion */
989
for (sign = xmlnode->children; sign; sign = sign->next) {
990
if (strcmp((char*)sign->name, "Assertion") == 0)
995
for (sign = xmlnode->children; sign; sign = sign->next) {
996
if (strcmp((char*)sign->name, "Signature") == 0)
1005
xmlXPathFreeContext(xpathCtx);
1006
xmlXPathFreeObject(xpathObj);
1007
return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND;
913
1010
if (id_attr_name) {
914
1011
xmlChar *id_value = xmlGetProp(xmlnode, (xmlChar*)id_attr_name);
915
1012
xmlAttr *id_attr = xmlHasProp(xmlnode, (xmlChar*)id_attr_name);
923
for (sign = xmlnode->children; sign; sign = sign->next) {
924
if (strcmp((char*)sign->name, "Signature") == 0)
930
return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND;
933
1019
x509data = xmlSecFindNode(xmlnode, xmlSecNodeX509Data, xmlSecDSigNs);
934
1020
if (x509data != NULL && provider->ca_cert_chain != NULL) {
935
1021
keys_mngr = lasso_load_certs_from_pem_certs_chain_file(
936
1022
provider->ca_cert_chain);
937
1023
if (keys_mngr == NULL) {
938
1024
xmlFreeDoc(doc);
1025
xmlXPathFreeContext(xpathCtx);
1026
xmlXPathFreeObject(xpathObj);
939
1027
return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED;
943
1031
dsigCtx = xmlSecDSigCtxCreate(keys_mngr);
944
1032
if (keys_mngr == NULL) {
945
dsigCtx->signKey = lasso_provider_get_public_key(provider);
1033
dsigCtx->signKey = xmlSecKeyDuplicate(lasso_provider_get_public_key(provider));
946
1034
if (dsigCtx->signKey == NULL) {
947
1035
/* XXX: should this be detected on lasso_provider_new ? */
948
1036
xmlSecDSigCtxDestroy(dsigCtx);
1037
xmlXPathFreeContext(xpathCtx);
1038
xmlXPathFreeObject(xpathObj);
949
1039
xmlFreeDoc(doc);
950
1040
return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED;
957
1047
xmlSecKeysMngrDestroy(keys_mngr);
958
1048
xmlFreeDoc(doc);
1049
xmlXPathFreeContext(xpathCtx);
1050
xmlXPathFreeObject(xpathObj);
959
1051
return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
962
1054
xmlSecKeysMngrDestroy(keys_mngr);
963
1056
if (dsigCtx->status != xmlSecDSigStatusSucceeded) {
964
1057
xmlSecDSigCtxDestroy(dsigCtx);
965
1058
xmlFreeDoc(doc);
1059
xmlXPathFreeContext(xpathCtx);
1060
xmlXPathFreeObject(xpathObj);
966
1061
return LASSO_DS_ERROR_INVALID_SIGNATURE;
1064
xmlSecDSigCtxDestroy(dsigCtx);
1065
xmlXPathFreeContext(xpathCtx);
1066
xmlXPathFreeObject(xpathObj);
969
1067
xmlFreeDoc(doc);
1072
* lasso_provider_set_encryption_mode:
1073
* @provider: provider to set encryption for
1074
* @encryption_activation: TRUE to activate, FALSE, to desactivate
1076
* Activate or desactivate encryption
1079
lasso_provider_set_encryption_mode(LassoProvider *provider, LassoEncryptionMode encryption_mode)
1081
provider->private_data->encryption_mode = encryption_mode;
1085
* lasso_provider_set_encryption_sym_key_type:
1086
* @provider: provider to set encryption for
1087
* @encryption_sym_key_type: enum type for generated symetric key
1089
* Set the type of the generated encryption symetric key
1092
lasso_provider_set_encryption_sym_key_type(LassoProvider *provider,
1093
LassoEncryptionSymKeyType encryption_sym_key_type)
1095
provider->private_data->encryption_sym_key_type = encryption_sym_key_type;