← Back to branch summary

~ubuntu-branches/ubuntu/hardy/lasso/hardy

« back to all changes in this revision

Viewing changes to lasso/id-ff/provider.c

  • Committer: Bazaar Package Importer
  • Author(s): Michael Bienia
  • Date: 2007-07-31 21:35:26 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20070731213526-oc6jw5mprcd5tjyy
Tags: 2.0.0-1ubuntu1
* Merge from debian unstable. Remaining changes:
  + debian/control:
    - Modify Maintainer value to match DebianMaintainerField spec.
* debian/rules:
  + Add CC=gcc-4.2 to the configure call else configure won't find jni.h
    from libgcj8-dev.
* configure{,.ac}:
  + Add missing quotes around the value for PHP[45]_LIBS.

Show diffs side-by-side

added added

removed removed

Lines of Context:
lasso/id-ff/provider.c
1
 
/* $Id: provider.c,v 1.67 2006/01/12 13:01:12 fpeters Exp $
 
1
/* $Id: provider.c,v 1.95 2007/01/07 13:07:00 fpeters Exp $
2
2
 *
3
3
 * Lasso - A free implementation of the Liberty Alliance specifications.
4
4
 *
256
256
                        protocol_methods[http_method+1]);
257
257
 
258
258
        if (lasso_provider_has_protocol_profile(provider,
259
 
                                protocol_type, protocol_profile) == FALSE)
 
259
                                protocol_type, protocol_profile) == FALSE) {
 
260
                g_free(protocol_profile);
260
261
                return FALSE;
 
262
        }
261
263
 
262
264
        if (lasso_provider_has_protocol_profile(remote_provider,
263
 
                                protocol_type, protocol_profile) == FALSE)
 
265
                                protocol_type, protocol_profile) == FALSE) {
 
266
                g_free(protocol_profile);
264
267
                return FALSE;
 
268
        }
 
269
 
 
270
        g_free(protocol_profile);
265
271
 
266
272
        return TRUE;
267
273
}
348
354
xmlSecKey*
349
355
lasso_provider_get_public_key(LassoProvider *provider)
350
356
{
351
 
        return xmlSecKeyDuplicate(provider->private_data->public_key);
 
357
        return provider->private_data->public_key;
352
358
}
353
359
 
354
360
static void
366
372
                        continue;
367
373
                }
368
374
                if (strcmp((char*)t->name, "KeyDescriptor") == 0) {
369
 
                        char *use = (char*)xmlGetProp(t, (xmlChar*)"use");
370
 
                        if (use && strcmp(use, "signing") == 0) {
 
375
                        xmlChar *use = xmlGetProp(t, (xmlChar*)"use");
 
376
                        if (use && strcmp((char*)use, "signing") == 0) {
371
377
                                provider->private_data->signing_key_descriptor = xmlCopyNode(t, 1);
372
378
                        }
 
379
                        if (use) {
 
380
                                xmlFree(use);
 
381
                        }
373
382
                        t = t->next;
374
383
                        continue;
375
384
                }
421
430
        parent_class->init_from_xml(node, xmlnode);
422
431
        
423
432
        if (xmlnode == NULL)
424
 
                return LASSO_ERROR_UNDEFINED;
 
433
                return LASSO_XML_ERROR_OBJECT_CONSTRUCTION_FAILED;
425
434
 
426
435
        s = xmlGetProp(xmlnode, (xmlChar*)"ProviderRole");
427
436
        if (s && strcmp((char*)s, "SP") == 0)
498
507
                provider->private_data->signing_key_descriptor = NULL;
499
508
        }
500
509
 
 
510
        if (provider->private_data->encryption_key_descriptor) {
 
511
                xmlFreeNode(provider->private_data->encryption_key_descriptor);
 
512
                provider->private_data->encryption_key_descriptor = NULL;
 
513
        }
 
514
 
 
515
        if (provider->private_data->encryption_public_key_str) {
 
516
                g_free(provider->private_data->encryption_public_key_str);
 
517
                provider->private_data->encryption_public_key_str = NULL;
 
518
        }
 
519
 
 
520
        if (provider->private_data->encryption_public_key) {
 
521
                xmlSecKeyDestroy(provider->private_data->encryption_public_key);
 
522
                provider->private_data->encryption_public_key = NULL;
 
523
        }
 
524
 
 
525
        g_free(provider->private_data->affiliation_id);
 
526
        provider->private_data->affiliation_id = NULL;
 
527
        g_free(provider->private_data->affiliation_owner_id);
 
528
        provider->private_data->affiliation_owner_id = NULL;
 
529
 
501
530
        G_OBJECT_CLASS(parent_class)->dispose(G_OBJECT(provider));
502
531
}
503
532
 
506
535
{
507
536
        LassoProvider *provider = LASSO_PROVIDER(object);
508
537
 
509
 
        g_free(provider->public_key);
510
 
        provider->public_key = NULL;
511
 
        g_free(provider->ca_cert_chain);
512
 
        provider->ca_cert_chain = NULL;
513
538
        g_free(provider->private_data);
514
539
        provider->private_data = NULL;
515
540
 
532
557
        provider->private_data = g_new(LassoProviderPrivate, 1);
533
558
        provider->private_data->dispose_has_run = FALSE;
534
559
        provider->private_data->default_assertion_consumer = NULL;
 
560
        provider->private_data->affiliation_id = NULL;
 
561
        provider->private_data->affiliation_owner_id = NULL;
535
562
        provider->private_data->organization = NULL;
536
563
        provider->private_data->public_key = NULL;
537
564
        provider->private_data->signing_key_descriptor = NULL;
 
565
        provider->private_data->encryption_key_descriptor = NULL;
 
566
        provider->private_data->encryption_public_key_str = NULL;
 
567
        provider->private_data->encryption_public_key = NULL;
 
568
        provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
538
569
 
539
570
        /* no value_destroy_func since it shouldn't destroy the GList on insert */
540
571
        provider->private_data->IDPDescriptor = g_hash_table_new_full(
606
637
                return FALSE;
607
638
        
608
639
        node = xmlDocGetRootElement(doc);
609
 
        if (node == NULL || node->ns == NULL)
 
640
        if (node == NULL || node->ns == NULL) {
 
641
                xmlFreeDoc(doc);
610
642
                return FALSE;
 
643
        }
611
644
 
612
645
        provider->metadata_filename = g_strdup(metadata);
613
646
 
614
 
        if (strcmp((char*)node->ns->href, LASSO_SAML20_METADATA_HREF) == 0) {
 
647
        if (strcmp((char*)node->ns->href, LASSO_SAML2_METADATA_HREF) == 0) {
 
648
                gboolean result;
615
649
                provider->private_data->conformance = LASSO_PROTOCOL_SAML_2_0;
616
 
                return lasso_saml20_provider_load_metadata(provider, node);
 
650
                result = lasso_saml20_provider_load_metadata(provider, node);
 
651
                xmlFreeDoc(doc);
 
652
                return result;
617
653
        }
618
654
 
619
655
        provider->private_data->conformance = LASSO_PROTOCOL_LIBERTY_1_2;
640
676
        }
641
677
        node = xpathObj->nodesetval->nodeTab[0];
642
678
        provider->ProviderID = (char*)xmlGetProp(node, (xmlChar*)"providerID");
 
679
        xmlXPathFreeObject(xpathObj);
643
680
 
644
681
        xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_idp, xpathCtx);
645
682
        if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) {
718
755
        provider->public_key = g_strdup(public_key);
719
756
        provider->ca_cert_chain = g_strdup(ca_cert_chain);
720
757
 
721
 
        if (lasso_provider_load_public_key(provider) == FALSE) {
722
 
                message(G_LOG_LEVEL_CRITICAL, "Failed to load public key for %s.",
 
758
        if (lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_SIGNING) == FALSE) {
 
759
                message(G_LOG_LEVEL_CRITICAL, "Failed to load signing public key for %s.",
723
760
                                provider->ProviderID);
724
761
                lasso_node_destroy(LASSO_NODE(provider));
725
762
                return NULL;
726
763
        }
727
764
 
 
765
        lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_ENCRYPTION);
 
766
 
 
767
        provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
 
768
        
728
769
        return provider;
729
770
}
730
771
 
731
772
gboolean
732
 
lasso_provider_load_public_key(LassoProvider *provider)
 
773
lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType public_key_type)
733
774
{
734
775
        LassoPemFileType file_type;
 
776
        gchar *public_key = NULL;
 
777
        xmlNode *key_descriptor = NULL;
735
778
        xmlSecKey *pub_key = NULL;
736
779
        xmlSecKeyDataFormat key_formats[] = {
737
780
                xmlSecKeyDataFormatDer,
745
788
        };
746
789
        int i;
747
790
 
748
 
        if (provider->public_key == NULL && provider->private_data->signing_key_descriptor == NULL)
 
791
        if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
 
792
                public_key = provider->public_key;
 
793
                key_descriptor = provider->private_data->signing_key_descriptor;
 
794
        } else {
 
795
                key_descriptor = provider->private_data->encryption_key_descriptor;
 
796
        }
 
797
 
 
798
        if (public_key == NULL && key_descriptor == NULL) {
749
799
                return FALSE;
 
800
        }
750
801
 
751
 
        if (provider->public_key == NULL) {
752
 
                xmlNode *t = provider->private_data->signing_key_descriptor->children;
 
802
        if (public_key == NULL) {
 
803
                xmlNode *t = key_descriptor->children;
753
804
                xmlChar *b64_value;
754
805
                xmlSecByte *value;
755
806
                int length;
756
807
                int rc;
757
 
                xmlSecKey *xmlseckey;
758
 
                xmlSecKeyInfoCtxPtr ctx;
759
 
 
760
 
                xmlseckey = xmlSecKeyCreate();
761
 
 
762
 
                ctx = xmlSecKeyInfoCtxCreate(NULL);
763
 
                ctx->mode = xmlSecKeyInfoModeRead;
764
808
 
765
809
                /* could use XPath but going down manually will do */
766
810
                while (t) {
767
811
                        if (t->type == XML_ELEMENT_NODE) {
768
812
                                if (strcmp((char*)t->name, "KeyInfo") == 0 ||
769
813
                                                strcmp((char*)t->name, "X509Data") == 0) {
770
 
                                        xmlSecKeyInfoNodeRead(t, xmlseckey, ctx);
771
 
                                        break;
772
814
                                        t = t->children;
773
815
                                        continue;
774
816
                                }
775
817
                                if (strcmp((char*)t->name, "X509Certificate") == 0)
776
818
                                        break;
 
819
                                if (strcmp((char*)t->name, "KeyValue") == 0)
 
820
                                        break;
777
821
                        }
778
822
                        t = t->next;
779
823
                }
780
 
                if (t == NULL)
 
824
                if (t == NULL) {
781
825
                        return FALSE;
 
826
                }
782
827
 
783
828
                b64_value = xmlNodeGetContent(t);
 
829
                if (public_key_type == LASSO_PUBLIC_KEY_ENCRYPTION) {
 
830
                        provider->private_data->encryption_public_key_str =
 
831
                                g_strdup((char*)b64_value);
 
832
                }
784
833
                length = strlen((char*)b64_value);
785
834
                value = g_malloc(length);
 
835
                xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
786
836
                rc = xmlSecBase64Decode(b64_value, value, length);
787
837
                if (rc < 0) {
788
838
                        /* bad base-64 */
789
 
                        xmlFree(b64_value);
790
839
                        g_free(value);
 
840
                        value = (xmlSecByte*)g_strdup((char*)b64_value);
 
841
                        rc = strlen((char*)value);
791
842
                }
792
 
                //xmlSecErrorsDefaultCallbackEnableOutput(FALSE);
 
843
 
793
844
                for (i=0; key_formats[i] && pub_key == NULL; i++) {
794
845
                        pub_key = xmlSecCryptoAppKeyLoadMemory(value, rc,
795
846
                                        key_formats[i], NULL, NULL, NULL);
796
847
                }
797
 
                //xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
 
848
                xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
798
849
                xmlFree(b64_value);
799
850
                g_free(value);
800
 
                provider->private_data->public_key = pub_key;
 
851
 
 
852
                if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
 
853
                        provider->private_data->public_key = pub_key;
 
854
                } else {
 
855
                        provider->private_data->encryption_public_key = pub_key;
 
856
                }
 
857
 
801
858
                if (pub_key) {
802
859
                        return TRUE;
803
860
                }
804
861
        }
805
862
 
806
 
        file_type = lasso_get_pem_file_type(provider->public_key);
 
863
        if (public_key_type == LASSO_PUBLIC_KEY_ENCRYPTION) {
 
864
                /* encryption public key can never be set by filename */
 
865
                return FALSE;
 
866
        }
 
867
 
 
868
        file_type = lasso_get_pem_file_type(public_key);
807
869
        switch (file_type) {
808
870
                case LASSO_PEM_FILE_TYPE_UNKNOWN:
809
871
                        break; /* with a warning ? */
810
872
                case LASSO_PEM_FILE_TYPE_CERT:
811
 
                        pub_key = lasso_get_public_key_from_pem_cert_file(
812
 
                                        provider->public_key);
 
873
                        pub_key = lasso_get_public_key_from_pem_cert_file(public_key);
813
874
                        break;
814
875
                case LASSO_PEM_FILE_TYPE_PUB_KEY:
815
 
                        pub_key = xmlSecCryptoAppKeyLoad(provider->public_key,
 
876
                        pub_key = xmlSecCryptoAppKeyLoad(public_key,
816
877
                                        xmlSecKeyDataFormatPem, NULL, NULL, NULL);
817
878
                        break;
818
879
                case LASSO_PEM_FILE_TYPE_PRIVATE_KEY:
819
880
                        break; /* with a warning ? */
820
881
        }
 
882
 
821
883
        provider->private_data->public_key = pub_key;
822
884
 
823
885
        return (pub_key != NULL);
838
900
        LassoProvider *provider;
839
901
        xmlDoc *doc;
840
902
 
 
903
        if (dump == NULL)
 
904
                return NULL;
 
905
 
841
906
        provider = g_object_new(LASSO_TYPE_PROVIDER, NULL);
842
907
        doc = xmlParseMemory(dump, strlen(dump));
843
908
        init_from_xml(LASSO_NODE(provider), xmlDocGetRootElement(doc)); 
 
909
        xmlFreeDoc(doc);
844
910
 
845
 
        lasso_provider_load_public_key(provider);
 
911
        lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_SIGNING);
 
912
        lasso_provider_load_public_key(provider, LASSO_PUBLIC_KEY_ENCRYPTION);
846
913
 
847
914
        return provider;
848
915
}
859
926
        xmlSecKeysMngr *keys_mngr = NULL;
860
927
        xmlSecDSigCtx *dsigCtx;
861
928
        int rc;
 
929
        xmlXPathContext *xpathCtx = NULL;
 
930
        xmlXPathObject *xpathObj = NULL;
 
931
 
862
932
 
863
933
        msg = (char*)message;
864
934
 
865
935
        if (message == NULL)
866
 
                return -2;
 
936
                return LASSO_PROFILE_ERROR_INVALID_MSG;
867
937
 
868
938
        if (format == LASSO_MESSAGE_FORMAT_ERROR)
869
 
                return -2;
 
939
                return LASSO_PROFILE_ERROR_INVALID_MSG;
870
940
        if (format == LASSO_MESSAGE_FORMAT_UNKNOWN)
871
 
                return -2;
 
941
                return LASSO_PROFILE_ERROR_INVALID_MSG;
872
942
 
873
943
        if (format == LASSO_MESSAGE_FORMAT_QUERY) {
874
944
                return lasso_query_verify_signature(message,
880
950
                rc = xmlSecBase64Decode((xmlChar*)message, (xmlChar*)msg, strlen(message));
881
951
                if (rc < 0) {
882
952
                        g_free(msg);
883
 
                        return -3;
 
953
                        return LASSO_PROFILE_ERROR_INVALID_MSG;
884
954
                }
885
955
        }
886
956
 
891
961
        }
892
962
 
893
963
        if (format == LASSO_MESSAGE_FORMAT_SOAP) {
894
 
                xmlXPathContext *xpathCtx = NULL;
895
 
                xmlXPathObject *xpathObj;
896
 
 
897
964
                xpathCtx = xmlXPathNewContext(doc);
898
965
                xmlXPathRegisterNs(xpathCtx, (xmlChar*)"s", (xmlChar*)LASSO_SOAP_ENV_HREF);
899
966
                xpathObj = xmlXPathEvalExpression((xmlChar*)"//s:Body/*", xpathCtx);
900
967
                if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr ) {
901
968
                        xmlnode = xpathObj->nodesetval->nodeTab[0];
902
969
                }
903
 
                xmlXPathFreeObject(xpathObj);
904
 
                xmlXPathFreeContext(xpathCtx);
905
970
                if (xmlnode == NULL) {
906
971
                        xmlFreeDoc(doc);
907
 
                        return -4;
 
972
                        xmlXPathFreeContext(xpathCtx);
 
973
                        xmlXPathFreeObject(xpathObj);
 
974
                        return LASSO_PROFILE_ERROR_INVALID_MSG;
908
975
                }
909
976
        } else {
910
977
                xmlnode = xmlDocGetRootElement(doc);
911
978
        }
912
979
 
 
980
 
 
981
        sign = NULL;
 
982
        for (sign = xmlnode->children; sign; sign = sign->next) {
 
983
                if (strcmp((char*)sign->name, "Signature") == 0)
 
984
                        break;
 
985
        }
 
986
 
 
987
        /* If no signature was found, look for one in assertion */
 
988
        if (sign == NULL) {
 
989
                for (sign = xmlnode->children; sign; sign = sign->next) {
 
990
                        if (strcmp((char*)sign->name, "Assertion") == 0)
 
991
                                break;
 
992
                }
 
993
                if (sign != NULL) {
 
994
                        xmlnode = sign;
 
995
                        for (sign = xmlnode->children; sign; sign = sign->next) {
 
996
                                if (strcmp((char*)sign->name, "Signature") == 0)
 
997
                                        break;
 
998
                        }
 
999
                }
 
1000
        }
 
1001
 
 
1002
 
 
1003
        if (sign == NULL) {
 
1004
                xmlFreeDoc(doc);
 
1005
                xmlXPathFreeContext(xpathCtx);
 
1006
                xmlXPathFreeObject(xpathObj);
 
1007
                return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND;
 
1008
        }
 
1009
 
913
1010
        if (id_attr_name) {
914
1011
                xmlChar *id_value = xmlGetProp(xmlnode, (xmlChar*)id_attr_name);
915
1012
                xmlAttr *id_attr = xmlHasProp(xmlnode, (xmlChar*)id_attr_name);
919
1016
                }
920
1017
        }
921
1018
 
922
 
        sign = NULL;
923
 
        for (sign = xmlnode->children; sign; sign = sign->next) {
924
 
                if (strcmp((char*)sign->name, "Signature") == 0)
925
 
                        break;
926
 
        }
927
 
 
928
 
        if (sign == NULL) {
929
 
                xmlFreeDoc(doc);
930
 
                return LASSO_DS_ERROR_SIGNATURE_NOT_FOUND;
931
 
        }
932
 
 
933
1019
        x509data = xmlSecFindNode(xmlnode, xmlSecNodeX509Data, xmlSecDSigNs);
934
1020
        if (x509data != NULL && provider->ca_cert_chain != NULL) {
935
1021
                keys_mngr = lasso_load_certs_from_pem_certs_chain_file(
936
1022
                                provider->ca_cert_chain);
937
1023
                if (keys_mngr == NULL) {
938
1024
                        xmlFreeDoc(doc);
 
1025
                        xmlXPathFreeContext(xpathCtx);
 
1026
                        xmlXPathFreeObject(xpathObj);
939
1027
                        return LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED;
940
1028
                }
941
1029
        }
942
1030
 
943
1031
        dsigCtx = xmlSecDSigCtxCreate(keys_mngr);
944
1032
        if (keys_mngr == NULL) {
945
 
                dsigCtx->signKey = lasso_provider_get_public_key(provider);
 
1033
                dsigCtx->signKey = xmlSecKeyDuplicate(lasso_provider_get_public_key(provider));
946
1034
                if (dsigCtx->signKey == NULL) {
947
1035
                        /* XXX: should this be detected on lasso_provider_new ? */
948
1036
                        xmlSecDSigCtxDestroy(dsigCtx);
 
1037
                        xmlXPathFreeContext(xpathCtx);
 
1038
                        xmlXPathFreeObject(xpathObj);
949
1039
                        xmlFreeDoc(doc);
950
1040
                        return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED;
951
1041
                }
956
1046
                if (keys_mngr)
957
1047
                        xmlSecKeysMngrDestroy(keys_mngr);
958
1048
                xmlFreeDoc(doc);
 
1049
                xmlXPathFreeContext(xpathCtx);
 
1050
                xmlXPathFreeObject(xpathObj);
959
1051
                return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
960
1052
        }
961
1053
        if (keys_mngr)
962
1054
                xmlSecKeysMngrDestroy(keys_mngr);
 
1055
 
963
1056
        if (dsigCtx->status != xmlSecDSigStatusSucceeded) {
964
1057
                xmlSecDSigCtxDestroy(dsigCtx);
965
1058
                xmlFreeDoc(doc);
 
1059
                xmlXPathFreeContext(xpathCtx);
 
1060
                xmlXPathFreeObject(xpathObj);
966
1061
                return LASSO_DS_ERROR_INVALID_SIGNATURE;
967
1062
        }
968
1063
 
 
1064
        xmlSecDSigCtxDestroy(dsigCtx);
 
1065
        xmlXPathFreeContext(xpathCtx);
 
1066
        xmlXPathFreeObject(xpathObj);
969
1067
        xmlFreeDoc(doc);
970
1068
        return 0;
971
1069
}
 
1070
 
 
1071
/**
 
1072
 * lasso_provider_set_encryption_mode:
 
1073
 * @provider: provider to set encryption for
 
1074
 * @encryption_activation: TRUE to activate, FALSE, to desactivate
 
1075
 *
 
1076
 * Activate or desactivate encryption
 
1077
 **/
 
1078
void
 
1079
lasso_provider_set_encryption_mode(LassoProvider *provider, LassoEncryptionMode encryption_mode)
 
1080
{
 
1081
        provider->private_data->encryption_mode = encryption_mode;
 
1082
}
 
1083
 
 
1084
/**
 
1085
 * lasso_provider_set_encryption_sym_key_type:
 
1086
 * @provider: provider to set encryption for
 
1087
 * @encryption_sym_key_type: enum type for generated symetric key
 
1088
 *
 
1089
 * Set the type of the generated encryption symetric key
 
1090
 **/
 
1091
void
 
1092
lasso_provider_set_encryption_sym_key_type(LassoProvider *provider,
 
1093
                LassoEncryptionSymKeyType encryption_sym_key_type)
 
1094
{
 
1095
        provider->private_data->encryption_sym_key_type = encryption_sym_key_type;
 
1096
}