Author: milinda
Date: Wed May 21 01:08:48 2008
New Revision: 658586
URL: http://svn.apache.org/viewvc?rev=658586&view=rev
Log:
SAML2.0 implementation initial code added to the JIRA
https://issues.apache.org/jira/browse/RAMPARTC-100.
Added:
webservices/rampart/scratch/c/saml2/
webservices/rampart/scratch/c/saml2/saml2_assertion.c
Added: webservices/rampart/scratch/c/saml2/saml2_assertion.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/scratch/c/saml2/saml2_assertion.c?rev=658586&view=auto
==============================================================================
--- webservices/rampart/scratch/c/saml2/saml2_assertion.c (added)
+++ webservices/rampart/scratch/c/saml2/saml2_assertion.c Wed May 21 01:08:48
2008
@@ -0,0 +1,361 @@
+#include "saml2.h"
+
+typedef struct saml2_issuer_s
+{
+ axis2_char_t *format; /* attribute */
+ axis2_char_t *name_qualifier; /* attribute */
+ axis2_char_t *sp_name_qualifier; /* attribute */
+ axis2_char_t *sp_provided_id; /* attribute */
+ axis2_char_t *value; /* Actual text value of the element */
+ axis2_bool_t is_encrypted; /* if true create an EncryptedID */
+ oxs_ctx_t *enc_ctx; /* Used to encrypt the element */
+} saml2_issuer_t;
+
+typedef struct saml2_base_id_s
+{
+ axis2_char_t *format; /* attribute */
+ axis2_char_t *name_qualifier; /* attribute */
+ axis2_bool_t is_encrypted; /* if true create an EncryptedID */
+ oxs_ctx_t *enc_ctx; /* Used to encrypt the element */
+} saml2_base_id_t;
+
+typedef struct saml2_name_id_s
+{
+ axis2_char_t *format; /* attribute */
+ axis2_char_t *name_qualifier; /* attribute */
+ axis2_char_t *sp_name_qualifier; /* attribute */
+ axis2_char_t *sp_provided_id; /* attribute */
+ axis2_bool_t is_encrypted; /* if true create a EncryptedID */
+ oxs_ctx_t *enc_ctx; /* Used to encrypt the element */
+} saml2_name_id_t;
+
+typedef struct saml2_subject_confirmation_s
+{
+ axis2_char_t *method /* URI */
+ saml2_base_id_t *base_id; /* BaseID */
+ saml2_name_id_t *name_id; /* NameID */
+
+ /* Subject confirmation related data */
+ axutil_date_time_t *not_before /* Should process after this time */
+ axutil_date_time_t *not_on_or_after /* Should process before this time */
+ axis2_char_t *rcipient /* URI */
+ axis2_char_t *in_response_to /* ID */
+ axis2_char_t *address /* IP */
+ axiom_node_t *key_info /* Key information, ds:keyinfo*/
+ axutil_array_list_t *attr_list /* Arbitary attributes */
+ axutil_array_list_t *elements /* Arbitary elements */
+} saml2_subject_confirmation_t;
+
+typedef struct saml2_subject_s
+{
+ /* Only one of these two can present */
+ saml2_name_id_t *name_id;
+ saml2_base_id_t *base_id;
+
+ saml2_subject_confirmation_t *confirmation; /* Confirmation info */
+} saml2_subject_t;
+
+typedef struct saml2_conditions_s
+{
+ /* AudienceRestriction Condition */
+ axutil_array_list_t *audiences; /* Intended audiences */
+ /* OneTimeUse condition */
+ axis2_bool_t is_one_time; /* If true asserion can be used only
once */
+ /* ProxyRestriction */
+ int count; /* No of indirections */
+ axutil_array_list_t *proxy_audiences;
+} saml2_conditions_t;
+
+typedef struct saml2_advice_s
+{
+ axis2_char_t *assertion_id_ref;
+ axis2_char_t *assertion_uri_ref;
+ axiom_node_t *assertion;
+ axiom_node_t *encrypted_assertion;
+ /* Anything can be added */
+ axutil_array_list_t *elements;
+ axutil_array_list_t *attributes;
+} saml2_advice_t;
+
+typedef struct saml2_authn_stmt_s
+{
+ axutil_date_time_t *authn_instant;
+ axis2_char_t *session_index;
+ axutil_date_time_t *session_not_on_or_after;
+
+ /* Subject locality */
+ axis2_char_t *dns; /* DNS */
+ axis2_char_t *address; /* IP */
+
+ /* Authentication context */
+ axis2_char_t *auth_ctx_class_ref;
+ axis2_char_t *auth_ctx_decl;
+ axis2_char_t *auth_ctx_decl_ref;
+ axutil_array_list_t *auth_authority;
+} saml2_authn_stmt_t;
+
+typedef struct saml2_attr_s
+{
+ axis2_char_t *name; /* attribute */
+ axis2_char_t *name_format; /* attribute URI */
+ axis2_char_t *friendly_name; /* attribute */
+ axutil_array_list_t *attributes; /* any attribute*/
+
+ axutil_array_list_t *attr_values; /* AttributeValue elements */
+ axis2_bool_t is_encrypted; /* if true create a EncryptedID */
+ oxs_ctx_t *enc_ctx; /* Used to encrypt the element */
+} saml2_attr_t;
+
+typedef struct saml2_attr_stmt_s
+{
+ axutil_array_list_t *attrs; /* saml2_attr_s */
+}
+
+typedef enum saml2_decision_s
+{
+ permit = 0,
+ deny,
+ indeterminate
+} saml2_decision_t;
+
+typedef struct saml2_action_s
+{
+ axis2_char_t *nmsp; /* Namespace Attribute */
+ axis2_char_t *value; /* Action */
+} saml2_action_s;
+
+typedef struct authz_decision_stmt_s
+{
+ axis2_char_t *resource; /* URI */
+ saml2_decision_t decision; /* Decision */
+
+ axutil_array_list_t *actions; /* Action list */
+ /* Evidence */
+ axutil_array_list_t *assertion_id_ref; /* Assertion ref's by ID */
+ axutil_array_list_t *assertion_uri_ref; /* Assertion ref's by URI */
+ axutil_array_list_t *assertions; /* Assertions as om nodes */
+ axutil_array_list_t *enc_assertions; /* Enc-Assertions as om nodes */
+} authz_decision_stmt_t;
+
+typedef struct saml2_assertion_s
+{
+ int minor_version; /* Defaults to 0*/
+ axutil_date_time_t *issuer_instant /* If not specified will be set to the
+ time at the to_om method call */
+ axis2_char_t *id /* Unique identifier */
+ saml2_issuer_t issuer; /* Issuer */
+
+ /* Conditions for validity of the assertion */
+ axutil_date_time_t *not_before /* Should process after this time */
+ axutil_date_time_t *not_on_or_after /* Should process before this time */
+
+ saml2_subject_t *subject; /* Subject */
+ saml2_conditions_t *conditions /* Conditions */
+
+ /* statements */
+ axutil_array_list_t *auth_stmts; /* AuthnStatement */
+ axutil_array_list_t *attr_stmts; /* Attributes encrypted/non-encrypted
*/
+ axutil_array_list_t *authz_dec_stmts; /* AuthzDecisionStatement */
+ oxs_sign_ctx_t *signature; /* Signature */
+ axis2_bool_t is_encrypted /* if true create an
EncryptedAssertion */
+ oxs_ctx_t *enc_ctx; /* Used to encrypt the element */
+} saml2_assertion_t;
+
+
+AXIS2_EXTERN saml2_assertion_t *AXIS2_CALL
+saml2_assertion_create(const axutil_env_t *env)
+{
+ saml2_assertion_t *assertion = NULL;
+ assertion = AXIS2_MALLOC(env->allocator, sizeof(saml2_assertion_t));
+ if (!assertion)
+ {
+ return NULL;
+ }
+ assertion->issuer_instant = NULL;
+ assertion->minor_version = 0;
+ assertion->id = axutil_uuid_gen(env);
+ if (!assertion->id)
+ {
+ AXIS2_FREE(env->allocator, assertion);
+ return NULL;
+ }
+ /* Set issuer to defualts */
+ assertion->issuer.format = NULL;
+ assertion->issuer.name_qualifier = NULL;
+ assertion->issuer.sp_name_qualifier = NULL;
+ assertion->issuer.sp_provided_id = NULL;
+ assertion->issuer.value = NULL;
+ assertion->issuer.is_encrypted = AXIS2_FALSE;
+ assertion->issuer.enc_ctx = NULL;
+
+ assertion->not_before = NULL;
+ assertion->not_on_or_after = NULL;
+
+ assertion->subject = NULL;
+ assertion->conditions = NULL;
+
+ assertion->auth_stmts = NULL;
+ assertion->attr_stmts = NULL;
+ assertion->authz_dec_stmts = NULL;
+ assertion->signature = NULL;
+ assertion->is_encrypted = NULL;
+ assertion->enc_ctx = NULL;
+
+ return assertion;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_free(saml2_assertion_t *assertion, const axutil_env_t *env)
+{
+
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_id(saml2_assertion_t *assertion,
+ const axutil_env_t *env,
+ axis2_char_t *id)
+{
+ if (assertion->id)
+ {
+ AXIS2_FREE(env->allocator, assertion->id);
+ }
+ assertion->id = axutil_strdup(env, id);
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+saml2_assertion_get_assertion_id(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->id;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_minor_version(saml2_assertion_t *assertion,
+ const axutil_env_t *env,
+ int minor_version)
+{
+ assertion->minor_version = minor_version;
+}
+
+AXIS2_EXTERN int AXIS2L_CALL
+saml2_assertion_get_minor_version(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->minor_version;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_issue_instant(saml2_assertion_t *assertion,
+ const axutil_env_t *env,
+ axutil_date_time_t *instant)
+{
+ if (assertion->issuer_instant)
+ {
+ axutil_date_time_free(assertion->issuer_instant, env);
+ }
+ assertion->issuer_instant = instant;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axutil_date_time_t * AXIS2_CALL
+saml2_assertion_get_issue_instant(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->issue_instant;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_issuer_name_qualifier(saml2_assertion_t *assertion,
+ const axutil_env_t *env, axis2_char_t
*qualifier)
+{
+ if (assertion->issuer.name_qualifier)
+ {
+ AXIS2_FREE(env->allocator, assertion->issuer.name_qualifier);
+ }
+ assertion->issuer.name_qualifier = qualifier;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+saml2_assertion_get_issuer_name_qualifier(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->issuer.name_qualifier;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_issuer_format(saml2_assertion_t *assertion,
+ const axutil_env_t *env, axis2_char_t
*format)
+{
+ if (assertion->issuer.format)
+ {
+ AXIS2_FREE(env->allocator, assertion->issuer.format);
+ }
+ assertion->issuer.format = format;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+saml2_assertion_get_issuer_format(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->issuer.format;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_issuer_sp_name_qualifier(saml2_assertion_t *assertion,
+ const axutil_env_t *env, axis2_char_t
*qualifier)
+{
+ if (assertion->issuer.sp_name_qualifier)
+ {
+ AXIS2_FREE(env->allocator, assertion->issuer.sp_name_qualifier);
+ }
+ assertion->issuer.sp_name_qualifier = sp_name_qualifier;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+saml2_assertion_get_issuer_sp_name_qualifier(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->issuer.sp_name_qualifier;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_issuer_sp_provided_id(saml2_assertion_t *assertion,
+ const axutil_env_t *env, axis2_char_t *id)
+{
+ if (assertion->issuer.sp_provided_id)
+ {
+ AXIS2_FREE(env->allocator, assertion->issuer.sp_provided_id);
+ }
+ assertion->issuer.sp_provided_id = id;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+saml2_assertion_get_issuer_sp_provided_id(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->issuer.sp_provided_id;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+saml2_assertion_set_issuer(saml2_assertion_t *assertion,
+ const axutil_env_t *env, axis2_char_t
*issuer)
+{
+ if (assertion->issuer.value)
+ {
+ AXIS2_FREE(env->allocator, assertion->issuer.value);
+ }
+ assertion->issuer.value = issuer;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+saml2_assertion_get_issuer(saml2_assertion_t *assertion,
+ const axutil_env_t *env)
+{
+ return assertion->issuer.value;
+}
