1 /* $Id$ 2 * 3 * Lasso - A free implementation of the Liberty Alliance specifications. 4 * 5 * Copyright (C) 2004-2007 Entr'ouvert 6 * http://lasso.entrouvert.org 7 * 8 * Authors: See AUTHORS file in top-level directory. 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2 of the License, or 13 * (at your option) any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #ifndef __LASSO_PROFILE_H__ 25 #define __LASSO_PROFILE_H__ 26 27 #ifdef __cplusplus 28 extern "C" { 29 30 #endif /* __cplusplus */ 31 32 #include "identity.h" 33 #include "server.h" 34 #include "session.h" 35 36 #include "../xml/samlp_request_abstract.h" 37 #include "../xml/samlp_response_abstract.h" 38 39 #define LASSO_TYPE_PROFILE (lasso_profile_get_type()) 40 #define LASSO_PROFILE(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_PROFILE, LassoProfile)) 41 #define LASSO_PROFILE_CLASS(klass) \ 42 (G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_PROFILE, LassoProfileClass)) 43 #define LASSO_IS_PROFILE(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_PROFILE)) 44 #define LASSO_IS_PROFILE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_PROFILE)) 45 #define LASSO_PROFILE_GET_CLASS(o) \ 46 (G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_PROFILE, LassoProfileClass)) 47 48 typedef struct _LassoProfile LassoProfile; 49 typedef struct _LassoProfileClass LassoProfileClass; 50 typedef struct _LassoProfilePrivate LassoProfilePrivate; 51 52 /** 53 * LassoRequestType: 54 * @LASSO_REQUEST_TYPE_INVALID: invalid 55 * @LASSO_REQUEST_TYPE_LOGIN: Single Sign On and Federation 56 * @LASSO_REQUEST_TYPE_LOGOUT: Single Logout 57 * @LASSO_REQUEST_TYPE_DEFEDERATION: Federation Termination 58 * @LASSO_REQUEST_TYPE_NAME_REGISTRATION: Name Registration 59 * @LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING: Name Identifier Mapping 60 * @LASSO_REQUEST_TYPE_LECP: Liberty-Enabled Client / Proxy 61 * @LASSO_REQUEST_TYPE_DISCO_QUERY: ID-WSF 1.0 Discovery Query request 62 * @LASSO_REQUEST_TYPE_DISCO_MODIFY: ID-WSF 1.0 Discovery Modify Request 63 * @LASSO_REQUEST_TYPE_DST_QUERY: ID-WSF 1.0 Data Service Template Query request 64 * @LASSO_REQUEST_TYPE_DST_MODIFY: ID-WSF 1.0 Data Service Temaplte Modify request 65 * @LASSO_REQUEST_TYPE_SASL_REQUEST: ID-WSF 1.0 Authentication request 66 * @LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT: SAML 2.0 NameID Management request 67 * @LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER: ID-WSF 2.0 Discovery Service Metadata Register 68 * request 69 * @LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD: ID-WSF 2.0 Discovery Service Metadata 70 * Add Association request 71 * @LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY: ID-WSF 2.0 Discovery Query request 72 * 73 * Request types (known for SOAP endpoints) 74 */ 75 typedef enum { 76 LASSO_REQUEST_TYPE_INVALID = 0, 77 LASSO_REQUEST_TYPE_LOGIN = 1, 78 LASSO_REQUEST_TYPE_LOGOUT = 2, 79 LASSO_REQUEST_TYPE_DEFEDERATION = 3, 80 LASSO_REQUEST_TYPE_NAME_REGISTRATION = 4, 81 LASSO_REQUEST_TYPE_NAME_IDENTIFIER_MAPPING = 5, 82 LASSO_REQUEST_TYPE_LECP = 6, 83 LASSO_REQUEST_TYPE_DISCO_QUERY = 7, 84 LASSO_REQUEST_TYPE_DISCO_MODIFY = 8, 85 LASSO_REQUEST_TYPE_DST_QUERY = 9, 86 LASSO_REQUEST_TYPE_DST_MODIFY = 10, 87 LASSO_REQUEST_TYPE_SASL_REQUEST = 11, 88 LASSO_REQUEST_TYPE_NAME_ID_MANAGEMENT = 12, 89 LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_REGISTER = 13, 90 LASSO_REQUEST_TYPE_IDWSF2_DISCO_SVCMD_ASSOCIATION_ADD = 14, 91 LASSO_REQUEST_TYPE_IDWSF2_DISCO_QUERY = 15 92 } LassoRequestType; 93 94 /** 95 * LassoProfileSignatureHint: 96 * @LASSO_PROFILE_SIGNATURE_HINT_MAYBE: let Lasso decide what to do. 97 * @LASSO_PROFILE_SIGNATURE_HINT_FORCE: generate and validate all signatures. 98 * @LASSO_PROFILE_SIGNATURE_HINT_FORBID: do not generate or validate any signature. 99 * 100 * Advice a #LassoProfile object about the policy for generating request and response 101 * signatures. 102 */ 103 typedef enum { 104 LASSO_PROFILE_SIGNATURE_HINT_MAYBE = 0, 105 LASSO_PROFILE_SIGNATURE_HINT_FORCE = 1, 106 LASSO_PROFILE_SIGNATURE_HINT_FORBID = 2 107 } LassoProfileSignatureHint; 108 109 /** 110 * LassoProfileSignatureVerifyHint: 111 * @LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE: let Lasso decide what to do. 112 * @LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE: always check signatures. 113 * @LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE: check signatures but do not stop protocol handling 114 * on failures. The result of signature checking is still available in 115 * #LassoProfile.signature_status 116 * 117 * Advice a #LassoProfile object about the policy checking request and response 118 * signatures. 119 */ 120 typedef enum { 121 LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE = 0, 122 LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE = 1, 123 LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE = 2, 124 LASSO_PROFILE_SIGNATURE_VERIFY_HINT_LAST 125 } LassoProfileSignatureVerifyHint; 126 127 /** 128 * LassoProfile: 129 * @server: #LassoServer object representing the provider intiating this profile, 130 * @request: the currently initialized request, or the last request parsed, 131 * @response: the currently intialized request, or the last response parsed, 132 * @nameIdentifier: for profiles which transmit a name identifier (that is, most of them), the 133 * parsed name identifier, can be a #LassoSamlNameIdentifier or a #LassoSaml2NameID, 134 * @remote_providerID: the provider ID of the issuer of the last parsed message, whatever it is (a 135 * request or a response), 136 * @msg_url: when generating a request or a response, it give the URL to contact 137 * @msg_body: when generating a request or a response using HTTP POST binding (can be HTTP-SOAP or 138 * HTTP-Post binding), the body of the POST will be in this field, 139 * @msg_relayState: put there the relaystate to put in the genereated URL for HTTP-Redirect or 140 * HTTP-Get binding. 141 * @signature_status: result of the last signature validation. 142 * @identity: the state of federation linking for the current user. 143 * @session: the state of global SSO session for the current user. 144 * 145 * #LassoProfile, child class of #LassoNode is the basis object of profiles object like #LassoLogin, #LassoLogout, 146 * #LassoDefederation, #LassoNameIdentifierMapping, #LassoNameRegistration, #LassoNameIdManagement 147 * or #LassoAssertionQuery. It handles the minimal state used by all theses profiles. 148 */ 149 struct _LassoProfile { 150 LassoNode parent; 151 152 /*< public >*/ 153 LassoServer *server; 154 155 LassoNode *request; 156 LassoNode *response; 157 158 LassoNode *nameIdentifier; 159 160 gchar *remote_providerID; 161 162 gchar *msg_url; 163 gchar *msg_body; 164 gchar *msg_relayState; 165 166 /*< private >*/ 167 LassoIdentity *identity; 168 LassoSession *session; 169 170 LassoHttpMethod http_request_method; 171 gint signature_status; 172 173 LassoProfilePrivate *private_data; 174 }; 175 176 struct _LassoProfileClass { 177 LassoNodeClass parent; 178 }; 179 180 /* public functions */ 181 182 LASSO_EXPORT LassoRequestType lasso_profile_get_request_type_from_soap_msg(const gchar *soap); 183 LASSO_EXPORT gboolean lasso_profile_is_liberty_query(const gchar *query); 184 185 186 /* public methods */ 187 188 LASSO_EXPORT GType lasso_profile_get_type(void); 189 190 LASSO_EXPORT LassoIdentity* lasso_profile_get_identity(LassoProfile *profile); 191 LASSO_EXPORT LassoSession* lasso_profile_get_session(LassoProfile *profile); 192 LASSO_EXPORT gboolean lasso_profile_is_identity_dirty(LassoProfile *profile); 193 LASSO_EXPORT gboolean lasso_profile_is_session_dirty(LassoProfile *profile); 194 195 LASSO_EXPORT lasso_error_t lasso_profile_set_identity_from_dump(LassoProfile *profile, const gchar *dump); 196 LASSO_EXPORT lasso_error_t lasso_profile_set_session_from_dump(LassoProfile *profile, const gchar *dump); 197 LASSO_EXPORT LassoNode* lasso_profile_get_nameIdentifier(LassoProfile *profile); 198 199 LASSO_EXPORT char* lasso_profile_get_artifact(LassoProfile *profile); 200 LASSO_EXPORT char* lasso_profile_get_artifact_message(LassoProfile *profile); 201 LASSO_EXPORT void lasso_profile_set_artifact_message(LassoProfile *profile, const char *message); 202 LASSO_EXPORT LassoServer* lasso_profile_get_server(LassoProfile *profile); 203 LASSO_EXPORT void lasso_profile_set_signature_hint(LassoProfile *profile, 204 LassoProfileSignatureHint signature_hint); 205 LASSO_EXPORT LassoProfileSignatureHint lasso_profile_get_signature_hint(LassoProfile *profile); 206 LASSO_EXPORT lasso_error_t lasso_profile_set_soap_fault_response(LassoProfile *profile, const char 207 *faultcode, const char *faultstring, GList *details); 208 LASSO_EXPORT void lasso_profile_set_signature_verify_hint(LassoProfile *profile, 209 LassoProfileSignatureVerifyHint signature_verify_hint); 210 LASSO_EXPORT LassoProfileSignatureVerifyHint lasso_profile_get_signature_verify_hint(LassoProfile *profile); 211 LASSO_EXPORT LassoProviderRole lasso_profile_sso_role_with(LassoProfile *profile, 212 const char *remote_provider_id); 213 LASSO_EXPORT lasso_error_t lasso_profile_get_signature_status(LassoProfile *profile); 214 LASSO_EXPORT char* lasso_profile_get_issuer(const char *message); 215 LASSO_EXPORT char* lasso_profile_get_in_response_to(const char *message); 216 217 LASSO_EXPORT char* lasso_profile_get_message_id(LassoProfile *profile); 218 LASSO_EXPORT void lasso_profile_set_message_id(LassoProfile *profile, const char *message_id); 219 220 LASSO_EXPORT LassoNode* lasso_profile_get_idp_list(LassoProfile *profile); 221 LASSO_EXPORT void lasso_profile_set_idp_list(LassoProfile *profile, const LassoNode *idp_list); 222 223 224 #ifdef __cplusplus 225 } 226 #endif /* __cplusplus */ 227 228 #endif /* __LASSO_PROFILE_H__ */ 229