1 /* zxidmda.c - Metadata Authority
2 * Copyright (c) 2013 Synergetics NV (sampo@synergetics.be), All Rights Reserved.
3 * Author: Sampo Kellomaki (sampo@iki.fi)
4 * This is confidential unpublished proprietary source code of the author.
5 * NO WARRANTY, not even implied warranties. Contains trade secrets.
6 * Distribution prohibited unless authorized in writing.
7 * Licensed under Apache License 2.0, see file COPYING.
8 * $Id: zxidsimp.c,v 1.64 2010-01-08 02:10:09 sampo Exp $
9 *
10 * 11.12.2013, created --Sampo
11 *
12 * See also:: zxidepr.c - the code that queries metadata authority
13 */
14
15 #include "platform.h" /* needed on Win32 for pthread_mutex_lock() et al. */
16
17 #include <memory.h>
18 #include <string.h>
19 #include <stdlib.h>
20 #include <fcntl.h>
21
22 #include "errmac.h"
23 #include "zx.h"
24 #include "zxid.h"
25 #include "zxidutil.h"
26 #include "zxidconf.h"
27 #include "zxidpriv.h"
28 #include "wsf.h"
29 #include "c/zxidvers.h"
30 #include "c/zx-md-data.h"
31
32 /*() Metadata Authority - return metadata of entities in our Circle of Trust.
33 * Metadata Authority is a service that, given succinct ID of an Entity,
34 * will serve the metadata it knows about that entity.
35 * This functionality is typically advertised in IdP metadata as
36 *
37 * <md:AdditionalMetadataLocation namespace="#md-authority">someurl?o=b&c=</>
38 *
39 * where c= will be concatenated with the succinctID of the entity that is sought
40 * after. Thus the http GET request might look something like
41 *
42 * someurl?o=b&c=81_KLuey8863Alp9KwNY4tjES-4
43 *
44 * Check in your configuration that you have MD_AUTHORITY_ENA=1
45 * Check in SP configuration that they have MD_FETCH=2 and
46 * MD_AUTHORITY=your-entity-id
47 *
48 * N.B. The metadata is supposed to be signed, but the signature is not
49 * applied here. Rather, you should run zxcot -a -s when importing metadata. */
50
zxid_simple_md_authority(zxid_conf * cf,zxid_cgi * cgi,int * res_len,int auto_flags)51 char* zxid_simple_md_authority(zxid_conf* cf, zxid_cgi* cgi, int* res_len, int auto_flags)
52 {
53 #define sha1_name cdc /* We reuse the CGI variable c (aka cdc) as the sha1_name */
54 struct zx_str* ss;
55 fdtype fd;
56 int siz, n, got;
57 char* md_buf;
58
59 DD("sha1_name(%s)", cgi->sha1_name);
60 if (!cgi->sha1_name) {
61 ERR("The request ot Metadata Authority did not specify cgi->c (the succinct ID, aka sha1_name, of the entity whose metadata is being requested) %d", 0);
62 ss = zx_dup_str(cf->ctx, "#ERR: Metadata Authority: Missing c CGI argument (the sha1_name aka succinct ID of the entity).");
63 goto done;
64 }
65
66 fd = open_fd_from_path(O_RDONLY, 0, "mda", 1, "%s" ZXID_COT_DIR "%s", cf->cpath, cgi->sha1_name);
67 if (fd == BADFD) {
68 perror("open metadata to read");
69 ERR("No metadata file found for sha1_name(%s)", cgi->sha1_name);
70 ss = zx_dup_str(cf->ctx, "#ERR: No metadata file found for the entity.");
71 goto done;
72 }
73 siz = get_file_size(fd);
74 md_buf = ZX_ALLOC(cf->ctx, siz+1);
75 n = read_all_fd(fd, md_buf, siz, &got);
76 DD("==========sha1_name(%s)", cgi->sha1_name);
77 if (n == -1) {
78 perror("metadata to read error");
79 ERR("Metadata read error for sha1_name(%s)", cgi->sha1_name);
80 ss = zx_dup_str(cf->ctx, "#ERR: Metadata read error.");
81 goto done;
82 }
83 close_file(fd, (const char*)__FUNCTION__);
84
85 if (got <= 20) {
86 ERR("Metadata found is too short, only %d bytes. sha1_name(%s) md_buf(%.*s)", got, cgi->sha1_name, got, md_buf);
87 ss = zx_dup_str(cf->ctx, "#ERR: Metadata too short.");
88 goto done;
89 }
90 DD("md_buf(%.*s) got=%d siz=%d sha1_name(%s)", got, md_buf, got, siz, cgi->sha1_name);
91 ss = zx_ref_str(cf->ctx, md_buf);
92
93 done:
94 return zxid_simple_show_page(cf, ss, ZXID_AUTO_METAC, ZXID_AUTO_METAH,
95 "b", "text/xml", res_len, auto_flags, 0);
96 }
97
98 /* EOF -- zxidmda.c */
99