1 /* $Id$
2  *
3  * Lasso - A free implementation of the Liberty Alliance specifications.
4  *
5  * Copyright (C) 2004-2007 Entr'ouvert
6  * http://lasso.entrouvert.org
7  *
8  * Authors: See AUTHORS file in top-level directory.
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License as published by
12  * the Free Software Foundation; either version 2 of the License, or
13  * (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with this program; if not, see <http://www.gnu.org/licenses/>.
22  */
23 
24 #ifndef __LASSO_LOGIN_H__
25 #define __LASSO_LOGIN_H__
26 
27 #ifdef __cplusplus
28 extern "C" {
29 
30 #endif /* __cplusplus */
31 
32 
33 #include "../xml/lib_authn_request.h"
34 #include "../xml/lib_authn_response.h"
35 #include "../xml/samlp_request.h"
36 #include "../xml/samlp_response.h"
37 
38 #include "profile.h"
39 
40 #define LASSO_TYPE_LOGIN (lasso_login_get_type())
41 #define LASSO_LOGIN(obj) (G_TYPE_CHECK_INSTANCE_CAST((obj), LASSO_TYPE_LOGIN, LassoLogin))
42 #define LASSO_LOGIN_CLASS(klass) \
43 	(G_TYPE_CHECK_CLASS_CAST((klass), LASSO_TYPE_LOGIN, LassoLoginClass))
44 #define LASSO_IS_LOGIN(obj) (G_TYPE_CHECK_INSTANCE_TYPE((obj), LASSO_TYPE_LOGIN))
45 #define LASSO_IS_LOGIN_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), LASSO_TYPE_LOGIN))
46 #define LASSO_LOGIN_GET_CLASS(o) \
47 	(G_TYPE_INSTANCE_GET_CLASS ((o), LASSO_TYPE_LOGIN, LassoLoginClass))
48 
49 typedef struct _LassoLogin LassoLogin;
50 typedef struct _LassoLoginClass LassoLoginClass;
51 typedef struct _LassoLoginPrivate LassoLoginPrivate;
52 
53 /**
54  * LassoLoginProtocolProfile:
55  * @LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART: response is transmitted through a redirect request with
56  * an artifact, followed by an artifact resolution request by the service provider.
57  * @LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST: response is transmitted through a POST.
58  * @LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP: response is transmitted in a PAOS response (see
59  * #LassoLecp).
60  * @LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT: response is transmitted through a redirect.
61  *
62  * Identifies the four possible profiles for Single Sign-On and Federation. It defined how the
63  * response to authentication request will transmitted to the service provider.
64  */
65 typedef enum {
66 	LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_ART = 1,
67 	LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_POST,
68 	LASSO_LOGIN_PROTOCOL_PROFILE_BRWS_LECP,
69 	LASSO_LOGIN_PROTOCOL_PROFILE_REDIRECT,
70 } LassoLoginProtocolProfile;
71 
72 /**
73  * LassoLogin:
74  * @protocolProfile: the kind of binding used for this authentication request.
75  * @assertionArtifact: a string representing the artifact received through an artifact resolution.
76  * request
77  * @assertion: after calling lasso_login_build_assertion(), lasso_login_process_response_msg() or
78  * lasso_login_process_authn_response_msg(), the assertion is stored here.
79  * @nameIDPolicy: after calling lasso_login_process_request_msg(), the name id policy is stored
80  * here.
81  * @http_method: after calling lasso_login_init_authn_request(), the chosen #LassoHttpMethod is kept
82  * here and is used after by lasso_login_build_authn_request().
83  *
84  * Single sign-on profile for the current transaction; possibly an
85  * assertionArtifact to be used by the service provider in its
86  * "assertionConsumerServiceURL" and the assertion created or received for the
87  * principal.
88  */
89 struct _LassoLogin {
90 	LassoProfile parent;
91 
92 	/*< public >*/
93 	LassoLoginProtocolProfile protocolProfile;
94 	gchar *assertionArtifact;
95 	/*< private >*/
96 	LassoSamlAssertion *assertion;
97 
98 	gchar *nameIDPolicy;
99 	LassoHttpMethod http_method;
100 
101 	LassoLoginPrivate *private_data;
102 };
103 
104 struct _LassoLoginClass {
105 	LassoProfileClass parent;
106 };
107 
108 LASSO_EXPORT GType lasso_login_get_type(void);
109 LASSO_EXPORT LassoLogin* lasso_login_new(LassoServer *server);
110 LASSO_EXPORT LassoLogin* lasso_login_new_from_dump(LassoServer *server, const gchar *dump);
111 LASSO_EXPORT lasso_error_t lasso_login_accept_sso(LassoLogin *login);
112 
113 LASSO_EXPORT lasso_error_t lasso_login_build_artifact_msg(LassoLogin *login, LassoHttpMethod http_method);
114 
115 LASSO_EXPORT lasso_error_t lasso_login_build_assertion(LassoLogin *login,
116 		const char *authenticationMethod, const char *authenticationInstant,
117 		const char *reauthenticateOnOrAfter,
118 		const char *notBefore, const char *notOnOrAfter);
119 
120 LASSO_EXPORT lasso_error_t lasso_login_build_authn_request_msg(LassoLogin *login);
121 
122 LASSO_EXPORT lasso_error_t lasso_login_build_authn_response_msg(LassoLogin *login);
123 
124 LASSO_EXPORT lasso_error_t lasso_login_build_request_msg(LassoLogin *login);
125 LASSO_EXPORT lasso_error_t lasso_login_build_response_msg(LassoLogin *login, gchar *remote_providerID);
126 LASSO_EXPORT void lasso_login_destroy(LassoLogin *login);
127 LASSO_EXPORT gchar* lasso_login_dump(LassoLogin *login);
128 LASSO_EXPORT lasso_error_t lasso_login_init_authn_request(LassoLogin *login,
129 		const gchar *remote_providerID, LassoHttpMethod http_method);
130 
131 LASSO_EXPORT lasso_error_t lasso_login_init_request(LassoLogin *login, gchar *response_msg,
132 		LassoHttpMethod response_http_method);
133 
134 LASSO_EXPORT lasso_error_t lasso_login_init_idp_initiated_authn_request(LassoLogin *login,
135 		const gchar *remote_providerID);
136 
137 LASSO_EXPORT gboolean lasso_login_must_ask_for_consent(LassoLogin *login);
138 LASSO_EXPORT gboolean lasso_login_must_authenticate(LassoLogin *login);
139 
140 LASSO_EXPORT lasso_error_t lasso_login_process_authn_request_msg(LassoLogin *login,
141 		const char *authn_request_msg);
142 
143 LASSO_EXPORT lasso_error_t lasso_login_process_authn_response_msg(LassoLogin *login,
144 		gchar *authn_response_msg);
145 
146 LASSO_EXPORT lasso_error_t lasso_login_process_request_msg(LassoLogin *login, gchar *request_msg);
147 LASSO_EXPORT lasso_error_t lasso_login_process_response_msg(LassoLogin *login, gchar *response_msg);
148 
149 LASSO_EXPORT lasso_error_t lasso_login_validate_request_msg(LassoLogin *login,
150 		gboolean authentication_result, gboolean is_consent_obtained);
151 
152 LASSO_EXPORT lasso_error_t lasso_login_process_paos_response_msg(LassoLogin *login, gchar *msg);
153 
154 LASSO_EXPORT LassoNode *lasso_login_get_assertion(LassoLogin *login);
155 
156 #ifdef __cplusplus
157 }
158 #endif /* __cplusplus */
159 
160 #endif /* __LASSO_LOGIN_H__ */
161