[saml2] introduce a lasso_saml2_assertion_get_audirence_restrictions to factorize some code
This commit is contained in:
parent
cd017964d0
commit
0c45b252dc
|
@ -37,6 +37,8 @@
|
||||||
#include "./provider.h"
|
#include "./provider.h"
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
|
||||||
|
static GList* lasso_saml2_assertion_get_audience_restrictions(LassoSaml2Assertion *assertion);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* lasso_saml2_assertion_has_audience_restriction:
|
* lasso_saml2_assertion_has_audience_restriction:
|
||||||
* @saml2_assertion: a #LassoSaml2Assertion object
|
* @saml2_assertion: a #LassoSaml2Assertion object
|
||||||
|
@ -49,19 +51,7 @@
|
||||||
gboolean
|
gboolean
|
||||||
lasso_saml2_assertion_has_audience_restriction(LassoSaml2Assertion *saml2_assertion)
|
lasso_saml2_assertion_has_audience_restriction(LassoSaml2Assertion *saml2_assertion)
|
||||||
{
|
{
|
||||||
GList *it;
|
return lasso_saml2_assertion_get_audience_restrictions(saml2_assertion) != NULL;
|
||||||
|
|
||||||
g_return_val_if_fail (LASSO_IS_SAML2_ASSERTION(saml2_assertion), FALSE);
|
|
||||||
if (! LASSO_IS_SAML2_CONDITIONS(saml2_assertion->Conditions))
|
|
||||||
return FALSE;
|
|
||||||
|
|
||||||
lasso_foreach(it, saml2_assertion->Conditions->Condition)
|
|
||||||
{
|
|
||||||
if (LASSO_IS_SAML2_AUDIENCE_RESTRICTION(it->data)) {
|
|
||||||
return TRUE;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return FALSE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -79,10 +69,7 @@ lasso_saml2_assertion_is_audience_restricted(LassoSaml2Assertion *saml2_assertio
|
||||||
{
|
{
|
||||||
GList *it;
|
GList *it;
|
||||||
|
|
||||||
g_return_val_if_fail (LASSO_IS_SAML2_ASSERTION(saml2_assertion), FALSE);
|
lasso_foreach(it, lasso_saml2_assertion_get_audience_restrictions(saml2_assertion))
|
||||||
if (! LASSO_IS_SAML2_CONDITIONS(saml2_assertion->Conditions))
|
|
||||||
return FALSE;
|
|
||||||
lasso_foreach(it, saml2_assertion->Conditions->Condition)
|
|
||||||
{
|
{
|
||||||
if (LASSO_IS_SAML2_AUDIENCE_RESTRICTION(it->data)) {
|
if (LASSO_IS_SAML2_AUDIENCE_RESTRICTION(it->data)) {
|
||||||
LassoSaml2AudienceRestriction *saml2_audience_restriction;
|
LassoSaml2AudienceRestriction *saml2_audience_restriction;
|
||||||
|
@ -679,16 +666,24 @@ lasso_server_saml2_assertion_setup_signature(LassoServer *server,
|
||||||
LassoSaml2Assertion *saml2_assertion)
|
LassoSaml2Assertion *saml2_assertion)
|
||||||
{
|
{
|
||||||
LassoSignatureContext context = LASSO_SIGNATURE_CONTEXT_NONE;
|
LassoSignatureContext context = LASSO_SIGNATURE_CONTEXT_NONE;
|
||||||
|
GList *audience_restrictions = NULL;
|
||||||
|
char *provider_id = NULL;
|
||||||
lasso_error_t rc = 0;
|
lasso_error_t rc = 0;
|
||||||
|
|
||||||
lasso_bad_param(SERVER, server);
|
lasso_bad_param(SERVER, server);
|
||||||
lasso_bad_param(SAML2_ASSERTION, saml2_assertion);
|
lasso_bad_param(SAML2_ASSERTION, saml2_assertion);
|
||||||
|
|
||||||
|
/* instead of this we should probably allow to pass a provider id or object in a new API */
|
||||||
|
audience_restrictions = lasso_saml2_assertion_get_audience_restrictions(saml2_assertion);
|
||||||
|
if (audience_restrictions) {
|
||||||
|
provider_id = ((LassoSaml2AudienceRestriction*)audience_restrictions->data)->Audience;
|
||||||
|
}
|
||||||
|
lasso_check_good_rc(lasso_server_get_signature_context_for_provider_by_name(server,
|
||||||
|
provider_id, &context));
|
||||||
|
lasso_node_set_signature(&saml2_assertion->parent, context);
|
||||||
if (! saml2_assertion->ID) {
|
if (! saml2_assertion->ID) {
|
||||||
lasso_assign_new_string(saml2_assertion->ID, lasso_build_unique_id(32));
|
lasso_assign_new_string(saml2_assertion->ID, lasso_build_unique_id(32));
|
||||||
}
|
}
|
||||||
lasso_check_good_rc(lasso_server_get_signature_context(server, &context));
|
|
||||||
lasso_check_good_rc(lasso_node_set_signature((LassoNode*)saml2_assertion, context));
|
|
||||||
cleanup:
|
cleanup:
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
@ -807,3 +802,21 @@ lasso_saml2_assertion_decrypt_subject(LassoSaml2Assertion *assertion, LassoServe
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* lasso_saml2_assertion_get_audience_restrictions:
|
||||||
|
* @assertion: a #LassoSaml2Assertion
|
||||||
|
*
|
||||||
|
* Returns the list of audience restriction associated to the given assertion
|
||||||
|
*
|
||||||
|
* Return value:(transfer none): the GList of the Saml2AudienceRestriction nodes
|
||||||
|
*/
|
||||||
|
static GList*
|
||||||
|
lasso_saml2_assertion_get_audience_restrictions(LassoSaml2Assertion *assertion)
|
||||||
|
{
|
||||||
|
g_return_val_if_fail (LASSO_IS_SAML2_ASSERTION(assertion), NULL);
|
||||||
|
if (! LASSO_IS_SAML2_CONDITIONS(assertion->Conditions))
|
||||||
|
return FALSE;
|
||||||
|
|
||||||
|
return assertion->Conditions->AudienceRestriction;
|
||||||
|
}
|
||||||
|
|
|
@ -1996,8 +1996,8 @@ _lasso_xmlsec_load_key_from_buffer(const char *buffer, size_t length, const char
|
||||||
"works with DSA and RSA algorithms.");
|
"works with DSA and RSA algorithms.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
|
|
||||||
cleanup:
|
cleanup:
|
||||||
|
xmlSecErrorsDefaultCallbackEnableOutput(TRUE);
|
||||||
return private_key;
|
return private_key;
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue