Ticket #12: assertion_query_metadata.patch

a/lasso/id-ff/defederation.c

@@ -175 +175 @@
-        if (remote_providerID != NULL) {
-                profile->remote_providerID = g_strdup(remote_providerID);
-        } else {
-
+
+
+
+
+
+
-                if (profile->remote_providerID == NULL) {
-                        return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
-                }

a/lasso/id-ff/login.c

@@ -1244 +1244 @@
-        if (remote_providerID != NULL) {
-                profile->remote_providerID = g_strdup(remote_providerID);
-        } else {
-(profile->server
+_by_role(profile->server, LASSO_PROVIDER_ROLE_IDP
-                if (profile->remote_providerID == NULL) {
-                        return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
-                }

a/lasso/id-ff/provider.c

@@ -36 +36 @@
-
-#include <lasso/saml-2.0/providerprivate.h>
-
-
+LASSO_MD_PROTOCOL_TYPE_LAST
-        "http://projectliberty.org/profiles/fedterm",
-        "http://projectliberty.org/profiles/nim",
-        "http://projectliberty.org/profiles/rni",
-        "http://projectliberty.org/profiles/slo",
-        NULL /* none for single sign on */
-};
-
+LASSO_MD_PROTOCOL_TYPE_LAST
-        "FederationTerminationNotificationProtocolProfile",
-        "NameIdentifierMappingProtocolProfile",
-        "RegisterNameIdentifierProtocolProfile",
-        "SingleLogoutProtocolProfile",
-        "SingleSignOnProtocolProfile"
-};
-
-
+
+
+
+
+
+
+
+
-
-/*****************************************************************************/
-/* public methods */
@@ -80 +86 @@
-        if (sid == NULL)
-                sid = provider->private_data->default_assertion_consumer;
-
-SPDescriptor
+Descriptors
-        if (descriptor == NULL)
-                return NULL;
-
@@ -110 +116 @@
-        GHashTable *descriptor;
-
-        g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
-
-
-
+
-        if (descriptor == NULL)
-                return NULL;
-
@@ -141 +145 @@
-        GHashTable *descriptor;
-
-        g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
-
-
-
+
-
-        return g_hash_table_lookup(descriptor, name);
-}
@@ -424 +426 @@
-{
-        xmlNode *xmlnode;
-        LassoProvider *provider = LASSO_PROVIDER(node);
-] = { "None", "SP", "IdP
+LASSO_PROVIDER_ROLE_LAST] = { "None", "SP", "IdP", "AuthnAuthority", "PDP", "AttributeAuthority
-        char *encryption_mode[] = { "None", "NameId", "Assertion", "Both" };
-
-        xmlnode = parent_class->get_xmlNode(node, lasso_dump);
@@ -447 +449 @@
-init_from_xml(LassoNode *node, xmlNode *xmlnode)
-{
-        LassoProvider *provider = LASSO_PROVIDER(node);
+        char *roles[LASSO_PROVIDER_ROLE_LAST] = { "None", "SP", "IdP", "AuthnAuthority", "PDP", "AttributeAuthority"};
-        xmlChar *s;
+        int i;
-
-        parent_class->init_from_xml(node, xmlnode);
-        
@@ -457 +461 @@
-
-        /* Load provider role */
-        s = xmlGetProp(xmlnode, (xmlChar*)"ProviderRole");
-
-
-
-
+
+
+
+
+
+
+
+
-        }
-        if (s != NULL) {
-                xmlFree(s);
@@ -519 +527 @@
-        }
-        provider->private_data->dispose_has_run = TRUE;
-
-
-
-
-
-
-
-
-
-
+
+
-                                (GHFunc)free_list_strings, NULL);
-SPDescriptor
+Descriptors
-        }
-SPDescriptor
+Descriptors
-
-        if (provider->private_data->organization) {
-                xmlFreeNode(provider->private_data->organization);
@@ -614 +615 @@
-        provider->private_data->encryption_mode = LASSO_ENCRYPTION_MODE_NONE;
-
-        /* no value_destroy_func since it shouldn't destroy the GList on insert */
-
-
-
+
-                        g_str_hash, g_str_equal, g_free, NULL);
+        provider->private_data->attributes = NULL;
-}
-
-static void
@@ -729 +729 @@
-        xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_idp, xpathCtx);
-        if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) {
-                load_descriptor(xpathObj->nodesetval->nodeTab[0],
-IDPDescriptor
+Descriptors
-                if (provider->private_data->conformance < LASSO_PROTOCOL_LIBERTY_1_2) {
-                        /* lookup ProviderID */
-                        node = xpathObj->nodesetval->nodeTab[0]->children;
@@ -747 +747 @@
-        xpathObj = xmlXPathEvalExpression((xmlChar*)xpath_sp, xpathCtx);
-        if (xpathObj && xpathObj->nodesetval && xpathObj->nodesetval->nodeNr == 1) {
-                load_descriptor(xpathObj->nodesetval->nodeTab[0],
-SPDescriptor
+Descriptors
-                if (provider->private_data->conformance < LASSO_PROTOCOL_LIBERTY_1_2) {
-                        /* lookup ProviderID */
-                        node = xpathObj->nodesetval->nodeTab[0]->children;

a/lasso/id-ff/provider.h

@@ -70 +70 @@
-        LASSO_HTTP_METHOD_REDIRECT,
-        LASSO_HTTP_METHOD_SOAP,
-        LASSO_HTTP_METHOD_ARTIFACT_GET,
-
+
+
-} LassoHttpMethod;
-
-
@@ -95 +96 @@
-        LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON,
-        LASSO_MD_PROTOCOL_TYPE_ARTIFACT_RESOLUTION,
-        LASSO_MD_PROTOCOL_TYPE_MANAGE_NAME_ID,
-
+
+
+
+
+
-} LassoMdProtocolType;
-
-
@@ -108 +113 @@
- * Provider Role.
- **/
-typedef enum {
+        LASSO_PROVIDER_ROLE_ANY = -1,
-        LASSO_PROVIDER_ROLE_NONE = 0,
+        LASSO_PROVIDER_ROLE_IDP,
-        LASSO_PROVIDER_ROLE_SP,
-
+
+
+
+
-} LassoProviderRole;
-
-

a/lasso/id-ff/providerprivate.h

@@ -47 +47 @@
-        gboolean dispose_has_run;
-
-        LassoProtocolConformance conformance;
-
+
+
-        char *default_assertion_consumer;
-        GHashTable *IDPDescriptor;
-        xmlNode *organization;
-
-        char *affiliation_owner_id;

a/lasso/saml-2.0/assertion_query.c

@@ -30 +30 @@
-#include <lasso/id-ff/identityprivate.h>
-#include <lasso/id-ff/serverprivate.h>
-#include <lasso/xml/xml_enc.h>
+#include <lasso/xml/saml-2.0/saml2_assertion.h>
-#include <lasso/xml/saml-2.0/samlp2_assertion_id_request.h>
-#include <lasso/xml/saml-2.0/samlp2_authn_query.h>
-#include <lasso/xml/saml-2.0/samlp2_attribute_query.h>
@@ -70 +71 @@
-        LassoFederation *federation;
-        LassoSamlp2RequestAbstract *request;
-
+        g_return_val_if_fail(http_method == LASSO_HTTP_METHOD_ANY || 
+                        http_method == LASSO_HTTP_METHOD_SOAP, 
+                        LASSO_PARAM_ERROR_INVALID_VALUE);
-        g_return_val_if_fail(LASSO_IS_ASSERTION_QUERY(assertion_query),
-                        LASSO_PARAM_ERROR_INVALID_VALUE);
-        g_return_val_if_fail(remote_provider_id != NULL, LASSO_PARAM_ERROR_INVALID_VALUE);
-
-        profile = LASSO_PROFILE(assertion_query);
-
@@ -82 +85 @@
-        }
-
-        /* set the remote provider id */
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+        /* Lookup the remote provider */
-        remote_provider = g_hash_table_lookup(profile->server->providers,
-                        profile->remote_providerID);
-        if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
-                return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
-        }
-
-
-
+
-        assertion_query->private_data->query_request_type = query_request_type;
-        switch (query_request_type) {
-                case LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID:
@@ -111 +134 @@
-        }
-
-        if (query_request_type != LASSO_ASSERTION_QUERY_REQUEST_TYPE_ASSERTION_ID) {
+                LassoSaml2NameID *nameID = NULL;
-                /* fill <Subject> */
-                LassoSamlp2SubjectQueryAbstract *subject_query;
-
-                /* Get federation */
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-                subject_query = LASSO_SAMLP2_SUBJECT_QUERY_ABSTRACT(profile->request);
-                subject_query->Subject = LASSO_SAML2_SUBJECT(lasso_saml2_subject_new());
-
-
-
+
-        }
-
+
-        request = LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request);
-        request->ID = lasso_build_unique_id(32);
-        request->Version = g_strdup("2.0");
@@ -135 +167 @@
-                        LASSO_PROVIDER(profile->server)->ProviderID));
-        request->IssueInstant = lasso_get_current_time();
-
+        request->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
+        if (profile->server->certificate) {
+                request->sign_type = LASSO_SIGNATURE_TYPE_WITHX509;
+        } else {
+                request->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
+        }
+        request->private_key_file = g_strdup(profile->server->private_key);
+        request->certificate_file = g_strdup(profile->server->certificate);
+
-        profile->http_request_method = http_method;
-
-        return 0;
@@ -166 +207 @@
-        if (LASSO_IS_PROVIDER(remote_provider) == FALSE) {
-                return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
-        }
-
-        if (profile->http_request_method == LASSO_HTTP_METHOD_SOAP) {
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-                }
-
+
+
+
+
-                profile->msg_body = lasso_node_export_to_soap(profile->request);
-                return 0;
-        }
@@ -228 +276 @@
-        /* verify signatures */
-        profile->signature_status = lasso_provider_verify_signature(
-                        remote_provider, request_msg, "ID", LASSO_MESSAGE_FORMAT_SOAP);
-
+
+
-
-        profile->http_request_method = LASSO_HTTP_METHOD_SOAP;
-

a/lasso/saml-2.0/assertion_query.h

@@ -67 +67 @@
-        LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHN,
-        LASSO_ASSERTION_QUERY_REQUEST_TYPE_ATTRIBUTE,
-        LASSO_ASSERTION_QUERY_REQUEST_TYPE_AUTHZ_DECISION,
+        LASSO_ASSERTION_QUERY_REQUEST_TYPE_LAST
-} LassoAssertionQueryRequestType;
-
-struct _LassoAssertionQuery {

a/lasso/saml-2.0/ecp.c

@@ -170 +170 @@
-        xmlOutputBufferClose(buf);
-        xmlFreeDoc(doc);
-
-(profile->server
+_by_role(profile->server, LASSO_PROVIDER_ROLE_IDP
-        if (profile->remote_providerID == NULL) {
-                return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND);
-        }

a/lasso/saml-2.0/provider.c

@@ -26 +26 @@
-
-#include <lasso/saml-2.0/providerprivate.h>
-#include <lasso/id-ff/providerprivate.h>
+#include <lasso/xml/saml-2.0/saml2_attribute.h>
-
-
+LASSO_MD_PROTOCOL_TYPE_LAST
-        "", /* No fedterm in SAML 2.0 */
-
+  /*IDPSSODescriptor*/
-        "", /* No rni in SAML 2.0 */
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
-};
-
-static void
@@ -72 +78 @@
-                        t = t->next;
-                        continue;
-                }
+                if (strcmp((char*)t->name, "Attribute") == 0) {
+                        LassoSaml2Attribute *attribute;
+                        attribute = LASSO_SAML2_ATTRIBUTE(lasso_node_new_from_xmlNode(t));
+                        if (attribute) {
+                                provider->private_data->attributes =
+                                        g_list_append(provider->private_data->attributes, attribute);
+                        }
+                        continue;
+                }
-                binding = (char*)xmlGetProp(t, (xmlChar*)"Binding");
-                if (binding) {
-                        /* Endpoint type */
@@ -109 +124 @@
-                                name = g_strdup_printf("%s %s %s", t->name, binding_s, index);
-                                xmlFree(index);
-                                xmlFree(is_default);
-
+
+
-                                name = g_strdup_printf("%s %s", t->name, binding_s);
-                        }
-                        xmlFree(binding);
@@ -179 +195 @@
-
-                if (strcmp((char*)descriptor_node->name, "IDPSSODescriptor") == 0) {
-                        load_descriptor(descriptor_node,
-IDPDescriptor
+Descriptors
-                        provider->role = LASSO_PROVIDER_ROLE_IDP;
-                        continue;
-                }
-
-                if (strcmp((char*)descriptor_node->name, "SPSSODescriptor") == 0) {
-                        load_descriptor(descriptor_node,
-SPDescriptor
+Descriptors
-                        provider->role = LASSO_PROVIDER_ROLE_SP;
-                        continue;
-                }
-
+               if (strcmp((char*)descriptor_node->name, "AttributeAuthorityDescriptor") == 0) {
+                        load_descriptor(descriptor_node,
+                                        provider->private_data->Descriptors, provider);
+                        provider->role = LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY;
+                        continue;
+                }
+
+               if (strcmp((char*)descriptor_node->name, "PDPDescriptor") == 0) {
+                        load_descriptor(descriptor_node,
+                                        provider->private_data->Descriptors, provider);
+                        provider->role = LASSO_PROVIDER_ROLE_PDP;
+                        continue;
+                }
+
+               if (strcmp((char*)descriptor_node->name, "AuthnAuthorityDescriptor") == 0) {
+                        load_descriptor(descriptor_node,
+                                        provider->private_data->Descriptors, provider);
+                        provider->role = LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY;
+                        continue;
+                }
+
-                if (strcmp((char*)descriptor_node->name, "Organization") == 0) {
-                        provider->private_data->organization = xmlCopyNode(
-                                        descriptor_node, 1);
@@ -216 +253 @@
-                LASSO_HTTP_METHOD_SOAP, LASSO_HTTP_METHOD_REDIRECT, LASSO_HTTP_METHOD_POST
-        };
-                        
-        if (remote_provider->role == LASSO_PROVIDER_ROLE_SP)
-                provider->role = LASSO_PROVIDER_ROLE_IDP;
-        if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP)
-                provider->role = LASSO_PROVIDER_ROLE_SP;
-
-        for (i=0; possible_bindings[i] && method == LASSO_HTTP_METHOD_NONE; i++) {
-                char *s;
-                GList *l1, *l2;
@@ -255 +287 @@
-                sid = g_strdup_printf("%d", service_id);
-        }
-
-SPDescriptor
+Descriptors
-        if (descriptor == NULL)
-                return NULL;
-
@@ -292 +324 @@
-        char *binding_s = NULL;
-        int lname;
-
-SPDescriptor
+Descriptors
-        if (descriptor == NULL)
-                return NULL;
-
@@ -355 +387 @@
-                sid = g_strdup_printf("%d", service_id);
-        }
-
-SPDescriptor
+Descriptors
-        if (descriptor == NULL)
-                return NULL;
-
@@ -380 +412 @@
-                LassoMdProtocolType protocol_type, LassoHttpMethod http_method,
-                gboolean initiate_profile)
-{       
-        LassoProviderRole initiating_role;
-        char *protocol_profile;
-        char *http_methods[] = {
-                NULL,
@@ -394 +425 @@
-                NULL
-        };
-
-
-        initiating_role = remote_provider->role;
-        if (remote_provider->role == LASSO_PROVIDER_ROLE_SP) {
-                provider->role = LASSO_PROVIDER_ROLE_IDP;
-        }
-        if (remote_provider->role == LASSO_PROVIDER_ROLE_IDP) {
-                provider->role = LASSO_PROVIDER_ROLE_SP;
-        }
-        if (initiate_profile)
-                initiating_role = provider->role;
-
-        protocol_profile = g_strdup_printf("%s %s", profile_names[protocol_type],
-                        http_methods[http_method+1]);
-