[core] add method lasso_provider_set_specific_signing_key

Using this method you can specify a signing which will be used for communication with the specified provider instead of the one configured on the LassoServer object. The main objective is to allow shared secret cryptography instead of public key cryptography.
2011-12-02 19:25:12 +01:00 · 2011-12-02 19:25:12 +01:00 · 109c562260
parent 9836f4a40b
commit 109c562260
2 changed files with 32 additions and 0 deletions
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@ -66,6 +66,7 @@ use this default role to access descriptors.</para>
 #include <unistd.h>
 #include "../utils.h"
 #include "../debug.h"
+#include "../keyprivate.h"

 static char *protocol_uris[LASSO_MD_PROTOCOL_TYPE_LAST] = {
 	"http://projectliberty.org/profiles/fedterm",
@ -1344,6 +1345,7 @@ lasso_provider_verify_saml_signature(LassoProvider *provider,
 	/* Get provider credentials */
 	lasso_check_good_rc(lasso_provider_try_loading_ca_cert_chain(provider, &keys_manager));
 	lasso_check_good_rc(lasso_provider_try_loading_public_keys(provider, &public_keys, keys_manager == NULL));
+
 	lasso_foreach_full_begin(xmlSecKey*, public_key, it, public_keys);
 	{
 		signature_rc = lasso_verify_signature(signed_node, doc, id_attribute_name, keys_manager, public_key,
@ -1747,3 +1749,29 @@ cleanup:
 	lasso_release_gobject(provider);
 	return ret;
 }
+
+/**
+ * lasso_provider_set_specific_signing_key:
+ * @provider: a #LassoProvider object
+ * @key: a #LassoKey object
+ *
+ * Return value: 0 if successful, an error code otherwise.
+ */
+lasso_error_t
+lasso_provider_set_specific_signing_key(LassoProvider *provider,
+		LassoKey *key)
+{
+	lasso_error_t rc = 0;
+	LassoSignatureContext context = LASSO_SIGNATURE_CONTEXT_NONE;
+
+	lasso_bad_param(PROVIDER, provider);
+	lasso_bad_param(KEY, key);
+
+	context = lasso_key_get_signature_context(key);
+	goto_cleanup_if_fail_with_rc(lasso_validate_signature_context(context),
+			LASSO_DS_ERROR_PRIVATE_KEY_LOAD_FAILED);
+	lasso_assign_signature_context(provider->private_data->signature_context,
+			context);
+cleanup:
+	return rc;
+}
--- a/lasso/id-ff/provider.h
+++ b/lasso/id-ff/provider.h
@ -31,6 +31,7 @@ extern "C" {

 #include "../xml/xml.h"
 #include "../xml/xml_enc.h"
+#include "../key.h"

 #define LASSO_TYPE_PROVIDER (lasso_provider_get_type())
 #define LASSO_PROVIDER(obj) \
@ -270,6 +271,9 @@ LASSO_EXPORT LassoProviderRole lasso_provider_get_roles(LassoProvider *provider)

 LASSO_EXPORT gboolean lasso_provider_match_conformance(LassoProvider *provider, LassoProvider *another_provider);

+LASSO_EXPORT lasso_error_t lasso_provider_set_specific_signing_key(LassoProvider *provider,
+		LassoKey *key);
+
 #ifdef __cplusplus
 }
 #endif /* __cplusplus */