1 /* $Id$ 2 * 3 * Lasso - A free implementation of the Liberty Alliance specifications. 4 * 5 * Copyright (C) 2004-2007 Entr'ouvert 6 * http://lasso.entrouvert.org 7 * 8 * Authors: See AUTHORS file in top-level directory. 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #ifndef __LASSO_PROVIDER_H__ 25 #define __LASSO_PROVIDER_H__ 26 27 #ifdef __cplusplus 28 extern "C" { 29 #endif /* __cplusplus */ 30 31 #include "../xml/xml.h" 32 #include "../xml/xml_enc.h" 33 #include "../key.h" 34 35 #define LASSO_TYPE_PROVIDER (lasso_provider_get_type()) 36 #define LASSO_PROVIDER(obj) \ 37 (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_PROVIDER, LassoProvider)) 38 #define LASSO_PROVIDER_CLASS(klass) \ 39 (G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_PROVIDER, LassoProviderClass)) 40 #define LASSO_IS_PROVIDER(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_PROVIDER)) 41 #define LASSO_IS_PROVIDER_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_PROVIDER)) 42 #define LASSO_PROVIDER_GET_CLASS(o) \ 43 (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_PROVIDER, LassoProviderClass)) 44 45 typedef struct _LassoProvider LassoProvider; 46 typedef struct _LassoProviderClass LassoProviderClass; 47 typedef struct _LassoProviderPrivate LassoProviderPrivate; 48 49 50 /** 51 * LassoHttpMethod: 52 * @LASSO_HTTP_METHOD_NONE: invalid value (internal use) 53 * @LASSO_HTTP_METHOD_ANY: any method will do 54 * @LASSO_HTTP_METHOD_IDP_INITIATED: not a method, for IdP initiated profile 55 * @LASSO_HTTP_METHOD_GET: HTTP GET 56 * @LASSO_HTTP_METHOD_POST: Browser POST 57 * @LASSO_HTTP_METHOD_REDIRECT: HTTP-Redirect based 58 * @LASSO_HTTP_METHOD_SOAP: SOAP/HTTP based 59 * @LASSO_HTTP_METHOD_ARTIFACT_GET: Artifact by HTTP GET (SAML 2.0) 60 * @LASSO_HTTP_METHOD_ARTIFACT_POST: Artifact by HTTP POST (SAML 2.0) 61 * @LASSO_HTTP_METHOD_PAOS: PAOS/HTTP based (SAML 2.0) 62 * 63 * Method. 64 **/ 65 typedef enum { 66 LASSO_HTTP_METHOD_NONE = -1, 67 LASSO_HTTP_METHOD_ANY, 68 LASSO_HTTP_METHOD_IDP_INITIATED, 69 LASSO_HTTP_METHOD_GET, 70 LASSO_HTTP_METHOD_POST, 71 LASSO_HTTP_METHOD_REDIRECT, 72 LASSO_HTTP_METHOD_SOAP, 73 LASSO_HTTP_METHOD_ARTIFACT_GET, 74 LASSO_HTTP_METHOD_ARTIFACT_POST, 75 LASSO_HTTP_METHOD_PAOS, 76 LASSO_HTTP_METHOD_LAST 77 } LassoHttpMethod; 78 79 80 /** 81 * LassoMdProtocolType: 82 * @LASSO_MD_PROTOCOL_TYPE_FEDERATION_TERMINATION: Federation Termination Notification 83 * @LASSO_MD_PROTOCOL_TYPE_NAME_IDENTIFIER_MAPPING: Name Identifier Mapping 84 * @LASSO_MD_PROTOCOL_TYPE_REGISTER_NAME_IDENTIFIER: Name Registration 85 * @LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT: Single Logout 86 * @LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON: Single Sign-On and Federation 87 * @LASSO_MD_PROTOCOL_TYPE_ARTIFACT_RESOLUTION: Artifact Resolution (SAML 2.0) 88 * @LASSO_MD_PROTOCOL_TYPE_MANAGE_NAME_ID: Manage Name Identifier (SAML 2.0) 89 * @LASSO_MD_PROTOCOL_TYPE_ASSERTION_ID_REQUEST: Assertion ID Request (SAML 2.0) 90 * 91 * Liberty Metadata Type. 92 **/ 93 typedef enum { 94 LASSO_MD_PROTOCOL_TYPE_FEDERATION_TERMINATION, 95 LASSO_MD_PROTOCOL_TYPE_NAME_IDENTIFIER_MAPPING, 96 LASSO_MD_PROTOCOL_TYPE_REGISTER_NAME_IDENTIFIER, 97 LASSO_MD_PROTOCOL_TYPE_SINGLE_LOGOUT, 98 LASSO_MD_PROTOCOL_TYPE_SINGLE_SIGN_ON, 99 LASSO_MD_PROTOCOL_TYPE_ARTIFACT_RESOLUTION, 100 LASSO_MD_PROTOCOL_TYPE_MANAGE_NAME_ID, 101 LASSO_MD_PROTOCOL_TYPE_ASSERTION_ID_REQUEST, 102 LASSO_MD_PROTOCOL_TYPE_AUTHN_QUERY, 103 LASSO_MD_PROTOCOL_TYPE_AUTHZ, 104 LASSO_MD_PROTOCOL_TYPE_ATTRIBUTE, 105 LASSO_MD_PROTOCOL_TYPE_LAST 106 } LassoMdProtocolType; 107 108 109 /** 110 * LassoProviderRole: 111 * @LASSO_PROVIDER_ROLE_NONE: unitialized value (internal use) 112 * @LASSO_PROVIDER_ROLE_SP: service provider. 113 * @LASSO_PROVIDER_ROLE_IDP: identity provider. 114 * @LASSO_PROVIDER_ROLE_BOTH: service&identity provider. 115 * @LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY: an authentification authority, i.e. an endpoint able to 116 * return previously returned assertion, 117 * @LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY: an authorization authority, i.e. an endpoint able to return 118 * assertion providing authorization about a principal acessing a resource, 119 * @LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY: an attribute authority, i.e. an endpoint able to return 120 * attributes aboute a principal, 121 * @LASSO_PROVIDER_ROLE_LAST: all values in the enumeration are guaranteed to be < to 122 * @LASSO_PROVIDER_ROLE_LAST. 123 * 124 * #LassoProviderRole is an enumeration allowing to enumerate the roles handled by a provider, it 125 * can be used in a bitmask as each value is a power of 2 (except #LASSO_PROVIDER_ROLE_ANY which is 126 * the full bitmask and LASSO_PROVIDER_ROLE_NONE). 127 **/ 128 typedef enum { 129 LASSO_PROVIDER_ROLE_ANY = -1, 130 LASSO_PROVIDER_ROLE_NONE = 0, 131 LASSO_PROVIDER_ROLE_SP = 1, 132 LASSO_PROVIDER_ROLE_IDP = 2, 133 LASSO_PROVIDER_ROLE_BOTH = 3, 134 LASSO_PROVIDER_ROLE_AUTHN_AUTHORITY = 4, 135 LASSO_PROVIDER_ROLE_AUTHZ_AUTHORITY = 8, 136 LASSO_PROVIDER_ROLE_ATTRIBUTE_AUTHORITY = 16, 137 LASSO_PROVIDER_ROLE_LAST = 17, 138 LASSO_PROVIDER_ROLE_ALL = 31 139 } LassoProviderRole; 140 141 142 /** 143 * LassoProtocolConformance: 144 * @LASSO_PROTOCOL_LIBERTY_1_0: Liberty ID-FF 1.0 145 * @LASSO_PROTOCOL_LIBERTY_1_1: Liberty ID-FF 1.1 146 * @LASSO_PROTOCOL_LIBERTY_1_2: Liberty ID-FF 1.2 / ID-WSF 1.0 147 * @LASSO_PROTOCOL_SAML_2_0: SAML 2.0 148 * 149 * Provider protocol conformance. 150 **/ 151 typedef enum { 152 LASSO_PROTOCOL_NONE = -1, 153 LASSO_PROTOCOL_LIBERTY_1_0, 154 LASSO_PROTOCOL_LIBERTY_1_1, 155 LASSO_PROTOCOL_LIBERTY_1_2, 156 LASSO_PROTOCOL_SAML_2_0 157 } LassoProtocolConformance; 158 159 160 /** 161 * LassoEncryptionMode: 162 * @LASSO_ENCRYPTION_MODE_NONE: Encrypt nothing 163 * @LASSO_ENCRYPTION_MODE_NAMEID: Encrypt NameIDs 164 * @LASSO_ENCRYPTION_MODE_ASSERTION : Encrypt Assertions 165 * 166 * Encryption mode. 167 **/ 168 typedef enum { 169 LASSO_ENCRYPTION_MODE_NONE, 170 LASSO_ENCRYPTION_MODE_NAMEID, 171 LASSO_ENCRYPTION_MODE_ASSERTION 172 } LassoEncryptionMode; 173 174 175 /** 176 * LassoProvider: 177 * @ProviderID: the identifier URI of this provider 178 * @role: the role prescribed when this #LassoProvider was built 179 * @metadata_filename: file path or content of the metadata description for this provider. 180 * @public_key: file path or content of the public key file for this provider. 181 * @ca_cert_chain: file path or content of the CA cert chain used to validate signature of this 182 * provider (can be used instead of a public key to limit the need for metadata updates). 183 * 184 * <para>Any kind of provider, identity provider, service provider, attribute authority, authorization 185 * authority will be represented by a #LassoProvider object. This object will holds public keys, 186 * certificate chains and metadata informations. The ID-FF 1.2 and SAML 2.0 metadata files are 187 * flattened inside a key-value map that you can access using the functions 188 * lasso_provider_get_metadata_one_for_role(), lasso_provider_get_metadata_list_for_role(), 189 * lasso_provider_get_metadata_keys_for_role().</para> 190 */ 191 struct _LassoProvider { 192 LassoNode parent; 193 194 /*< public >*/ 195 gchar *ProviderID; 196 LassoProviderRole role; 197 198 char *metadata_filename; 199 gchar *public_key; 200 gchar *ca_cert_chain; 201 202 /*< private >*/ 203 LassoProviderPrivate *private_data; 204 }; 205 206 struct _LassoProviderClass { 207 LassoNodeClass parent; 208 }; 209 210 LASSO_EXPORT GType lasso_provider_get_type(void); 211 LASSO_EXPORT LassoProvider* lasso_provider_new(LassoProviderRole role, const char *metadata, 212 const char *public_key, const char *ca_cert_chain); 213 LASSO_EXPORT LassoProvider* lasso_provider_new_from_buffer(LassoProviderRole role, 214 const char *metadata, const char *public_key, const char *ca_cert_chain); 215 LASSO_EXPORT gchar* lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, 216 const char *service_id); 217 LASSO_EXPORT gchar* lasso_provider_get_metadata_one(LassoProvider *provider, const char *name); 218 LASSO_EXPORT GList* lasso_provider_get_metadata_list(LassoProvider *provider, const char *name); 219 220 LASSO_EXPORT LassoProvider* lasso_provider_new_from_dump(const gchar *dump); 221 222 LASSO_EXPORT LassoHttpMethod lasso_provider_get_first_http_method(LassoProvider *provider, 223 LassoProvider *remote_provider, LassoMdProtocolType protocol_type); 224 225 LASSO_EXPORT gboolean lasso_provider_accept_http_method(LassoProvider *provider, 226 LassoProvider *remote_provider, LassoMdProtocolType protocol_type, 227 LassoHttpMethod http_method, gboolean initiate_profile); 228 229 LASSO_EXPORT gboolean lasso_provider_has_protocol_profile(LassoProvider *provider, 230 LassoMdProtocolType protocol_type, const char *protocol_profile); 231 232 LASSO_EXPORT gchar* lasso_provider_get_base64_succinct_id(const LassoProvider *provider); 233 234 LASSO_EXPORT xmlNode* lasso_provider_get_organization(const LassoProvider *provider); 235 236 LASSO_EXPORT LassoProtocolConformance lasso_provider_get_protocol_conformance( 237 const LassoProvider *provider); 238 239 LASSO_EXPORT void lasso_provider_set_protocol_conformance(LassoProvider *provider, 240 LassoProtocolConformance protocol_conformance); 241 242 LASSO_EXPORT void lasso_provider_set_encryption_mode(LassoProvider *provider, 243 LassoEncryptionMode encryption_mode); 244 245 LASSO_EXPORT LassoEncryptionMode lasso_provider_get_encryption_mode(LassoProvider *provider); 246 247 LASSO_EXPORT void lasso_provider_set_encryption_sym_key_type(LassoProvider *provider, 248 LassoEncryptionSymKeyType encryption_sym_key_type); 249 250 LASSO_EXPORT gchar* lasso_provider_get_default_name_id_format(LassoProvider *provider); 251 252 LASSO_EXPORT const char* lasso_provider_get_sp_name_qualifier(LassoProvider *provider); 253 254 LASSO_EXPORT lasso_error_t lasso_provider_verify_single_node_signature (LassoProvider *provider, 255 LassoNode *node, const char *id_attr_name); 256 257 LASSO_EXPORT GList* lasso_provider_get_idp_supported_attributes(LassoProvider *provider); 258 259 LASSO_EXPORT char* lasso_provider_get_valid_until(LassoProvider *provider); 260 261 LASSO_EXPORT char* lasso_provider_get_cache_duration(LassoProvider *provider); 262 263 LASSO_EXPORT char* lasso_provider_get_metadata_one_for_role(LassoProvider *provider, 264 LassoProviderRole role, const char *name); 265 266 LASSO_EXPORT GList* lasso_provider_get_metadata_list_for_role(const LassoProvider *provider, 267 LassoProviderRole role, const char *name); 268 269 LASSO_EXPORT GList *lasso_provider_get_metadata_keys_for_role(LassoProvider *provider, 270 LassoProviderRole role); 271 272 LASSO_EXPORT LassoProviderRole lasso_provider_get_roles(LassoProvider *provider); 273 274 LASSO_EXPORT gboolean lasso_provider_match_conformance(LassoProvider *provider, LassoProvider *another_provider); 275 276 LASSO_EXPORT lasso_error_t lasso_provider_set_server_signing_key(LassoProvider *provider, 277 LassoKey *key); 278 279 LASSO_EXPORT lasso_error_t lasso_provider_add_key(LassoProvider *provider, LassoKey *key, gboolean after); 280 281 LASSO_EXPORT int lasso_provider_verify_signature(LassoProvider *provider, 282 const char *message, const char *id_attr_name, LassoMessageFormat format); 283 284 #ifdef __cplusplus 285 } 286 #endif /* __cplusplus */ 287 288 #endif /* __LASSO_PROVIDER_H__ */ 289