| Top | |
|
|
|
| LassoServer * | lasso_server_new () |
| LassoServer * | lasso_server_new_from_buffers () |
| LassoServer * | lasso_server_new_from_dump () |
| lasso_error_t | lasso_server_add_provider () |
| lasso_error_t | lasso_server_add_provider2 () |
| lasso_error_t | lasso_server_add_provider_from_buffer () |
| lasso_error_t | lasso_server_load_metadata () |
| void | lasso_server_destroy () |
| gchar * | lasso_server_dump () |
| LassoProvider * | lasso_server_get_provider () |
| lasso_error_t | lasso_server_set_encryption_private_key () |
| lasso_error_t | lasso_server_set_encryption_private_key_with_password () |
| lasso_error_t | lasso_server_load_affiliation () |
| gchar * | lasso_server_get_endpoint_url_by_id () |
| GList * | lasso_server_get_filtered_provider_list () |
| lasso_error_t | lasso_server_saml2_assertion_setup_signature () |
It holds the data about a provider, other providers it knows, which certificates to use, etc.
LassoServer * lasso_server_new (const gchar *metadata,const gchar *private_key,const gchar *private_key_password,const gchar *certificate);
Creates a new LassoServer.
metadata |
path to the provider metadata file or NULL, for a LECP server |
|
private_key:(allow-none) |
path to the the server private key file or NULL |
|
private_key_password:(allow-none) |
password to private key if it is encrypted, or NULL |
|
certificate:(allow-none) |
path to the server certificate file, or NULL |
LassoServer * lasso_server_new_from_buffers (const gchar *metadata,const gchar *private_key_content,const gchar *private_key_password,const gchar *certificate_content);
Creates a new LassoServer.
metadata |
NULL terminated string containing the content of an ID-FF 1.2 metadata file |
|
private_key_content:(allow-none) |
NULL terminated string containing a PEM formatted private key |
|
private_key_password:(allow-none) |
a NULL terminated string which is the optional password of the private key |
|
certificate_content:(allow-none) |
NULL terminated string containing a PEM formatted X509 certificate |
LassoServer *
lasso_server_new_from_dump (const gchar *dump);
Restores the dump
to a new LassoServer.
lasso_error_t lasso_server_add_provider (LassoServer *server,LassoProviderRole role,const gchar *metadata,const gchar *public_key,const gchar *ca_cert_chain);
Creates a new LassoProvider and makes it known to the server
lasso_error_t lasso_server_add_provider2 (LassoServer *server,LassoProvider *provider);
Add provider
to the list of known providers object of server
.
Return 0 if successful, LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ otherwise.
lasso_error_t lasso_server_add_provider_from_buffer (LassoServer *server,LassoProviderRole role,const gchar *metadata,const gchar *public_key,const gchar *ca_cert_chain);
Creates a new LassoProvider and makes it known to the server
lasso_error_t lasso_server_load_metadata (LassoServer *server,LassoProviderRole role,const gchar *federation_file,const gchar *trusted_roots,GList *blacklisted_entity_ids,GList **loaded_entity_ids,LassoServerLoadMetadataFlag flags);
Load all the SAML 2.0 entities from federation_file
which contains a declaration for role
. If
trusted_roots
is non-NULL, use it to check a signature on the metadata file, otherwise ignore
signature validation.
server |
a LassoServer object |
|
role |
a LassoProviderRole value |
|
federation_file |
path to a SAML 2.0 metadata file |
|
trusted_roots:(allow-none) |
a PEM encoded files containing the certificates to check signatures on the metadata file (optional) |
|
blacklisted_entity_ids |
a list of EntityID which should not be loaded, can be NULL. |
[allow-none][element-type string] |
loaded_entity_ids |
an output parameter for the list of the loaded EntityID, can be NULL. |
[transfer full][element-type string][allow-none] |
flags |
flags modifying the behaviour for checking signatures on EntityDescriptor and EntitiesDescriptors nodes. |
0 on success, an error code otherwise, among:
LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ if server is not a LassoServer object or role is not a
valid role value,
LASSO_DS_ERROR_CA_CERT_CHAIN_LOAD_FAILED if the trusted_root file cannot be loaded,
gchar *
lasso_server_dump (LassoServer *server);
Dumps server
content to an XML string.
LassoProvider * lasso_server_get_provider (const LassoServer *server,const gchar *providerID);
Looks up for a LassoProvider whose ID is providerID
and returns it.
the LassoProvider, NULL if it was not found. The LassoProvider is owned by Lasso and should not be freed.
[transfer none]
lasso_error_t lasso_server_set_encryption_private_key (LassoServer *server,const gchar *filename_or_buffer);
lasso_server_set_encryption_private_key has been deprecated since version 2.3 and should not be used in newly-written code.
Use lasso_server_set_encryption_private_key_with_password() instead.
Load an encryption private key from a file and set it in the server object
If filename_or_buffer
is NULL, it frees the currently setted key.
lasso_error_t lasso_server_set_encryption_private_key_with_password (LassoServer *server,const gchar *filename_or_buffer,const gchar *password);
Load an encryption private key from a file and set it in the server object. If password
is
non-NULL try to decrypt the key with it.
If filename_or_buffer
is NULL, it frees the currently setted key.
server |
||
filename_or_buffer:(allow-none) |
file name of the encryption key to load or its content as a NULL-terminated string. |
|
password:(allow-none) |
an optional password to decrypt the encryption key. |
Since 2.3
lasso_error_t lasso_server_load_affiliation (LassoServer *server,const gchar *filename);
Load an affiliation metadata file into server
; this must be called after
providers have been added to server
.
gchar * lasso_server_get_endpoint_url_by_id (const LassoServer *server,const gchar *provider_id,const gchar *endpoint_description);
Locate the provider in the server's list of providers, then select an
endpoint given the endpoint_description
and return than endpoint's URL.
If the provider cannot be found or if the provider does not have a
matching endpoint NULL will be returned.
GList * lasso_server_get_filtered_provider_list (const LassoServer *server,LassoProviderRole role,LassoMdProtocolType protocol_type,LassoHttpMethod http_method);
Iterate over the server
providers and build a list of provider EntityID's who
have the specified role
and at least one endpoint matching the
protocol_type
and http_method
. Return a GList list of EntityID's at the
provider_list
pointer. The caller is responsible for freeing the provider_list
by calling lasso_release_list_of_strings().
server |
||
role |
each returned provider will match this LassoProviderRole |
|
protocol_type |
provider must have endpoint matching LassoMdProtocolType and |
|
http_method |
provider must have endpoint matching LassoHttpMethod and |
lasso_error_t lasso_server_saml2_assertion_setup_signature (LassoServer *server,LassoSaml2Assertion *saml2_assertion);
Configure signature on a saml2:Assertion element.
struct LassoServer {
LassoProvider parent;
GHashTable *providers; /* of LassoProvider */
/* Can actually contain LassoDataService or LassoIdWsf2DataService or any subclass */
gchar *private_key;
gchar *private_key_password;
gchar *certificate;
LassoSignatureMethod signature_method;
};