Commit 8abef3a9 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

SAML:

* perltidy
* use XML::Simple instead of XML::LibXML to parse XML
* Add initializeFromConfHash method to use directly configuration hash object
* Create Lasso server with metadata in buffers rather than XML files
parent 01785de7
...@@ -8,15 +8,13 @@ package Lemonldap::NG::Portal::AuthSAML; ...@@ -8,15 +8,13 @@ package Lemonldap::NG::Portal::AuthSAML;
use strict; use strict;
use Lemonldap::NG::Portal::Simple; use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_SAML; #inherits use Lemonldap::NG::Portal::_SAML; #inherits
use Lemonldap::NG::Common::Conf::SAML::Metadata;
our $VERSION = '0.1'; our $VERSION = '0.1';
our $metadata_dir = "/tmp";
our $service_metadata_file = $metadata_dir . "/metadata.xml";
our $service_private_key_file = $metadata_dir . "/private-key.pem";
## @apmethod int authInit() ## @apmethod int authInit()
# Load Lasso and metadata # Load Lasso and metadata
# TODO - cache Lasso::Server
# @return Lemonldap::NG::Portal error code # @return Lemonldap::NG::Portal error code
sub authInit { sub authInit {
my $self = shift; my $self = shift;
...@@ -27,15 +25,27 @@ sub authInit { ...@@ -27,15 +25,27 @@ sub authInit {
# Activate SOAP # Activate SOAP
$self->{Soap} = 1; $self->{Soap} = 1;
# Load service metadata # Check presence of service metadata in configuration
unless ( -r $service_metadata_file || -r $service_private_key_file ) { return PE_ERROR unless $self->{samlServiceMetaData};
# TODO - serialize XML from configuration data # Get metadata from configuration
# TODO - use a test to rebuild XML if file is too old my $service_metadata = Lemonldap::NG::Common::Conf::SAML::Metadata->new();
unless (
$service_metadata->initializeFromConfHash(
$self->{samlServiceMetaData}
)
)
{
$self->lmLog( "Fail to read Service Metadata from configuration",
'error' );
return PE_ERROR;
} }
my $server = # Create Lasso server with service metadata
$self->createServer( $service_metadata_file, $service_private_key_file ); # Provate key has to be inside service metadata
my $xml = $service_metadata->toXML();
my $server = $self->createServer($xml);
return PE_ERROR unless $server; return PE_ERROR unless $server;
......
...@@ -18,6 +18,9 @@ our $VERSION = '0.01'; ...@@ -18,6 +18,9 @@ our $VERSION = '0.01';
sub loadLasso { sub loadLasso {
my $self = shift; my $self = shift;
# Do not load Lasso twice
return 1 if $self->{_lasso};
# Load Lasso.pm # Load Lasso.pm
eval { use Lasso; }; eval { use Lasso; };
if ($@) { if ($@) {
...@@ -26,21 +29,21 @@ sub loadLasso { ...@@ -26,21 +29,21 @@ sub loadLasso {
return 0; return 0;
} }
# Check version # Check Lasso version >= 2.2.91
my $lasso_check_version_mode = Lasso::Constants::CHECK_VERSION_NUMERIC; my $lasso_check_version_mode = Lasso::Constants::CHECK_VERSION_NUMERIC;
my $check_version =
# TODO - wait for perl binding correction Lasso::check_version( 2, 2, 91, $lasso_check_version_mode );
# See http://perso.entrouvert.org/~bdauvergne/git/cgit.cgi?url=lasso-perso/commit/&h=release-2.2.91&id=2da646f9629f3e148fce619ff7de322dbb34cd8d
my $check_version = 1;
# my $check_version = Lasso::check_version( 2, 2, 91, $lasso_check_version_mode );
unless ($check_version) { unless ($check_version) {
$self->lmLog( 'Lasso version too old', 'error' ); $self->lmLog( 'Lasso version >= 2.2.91 required', 'error' );
return 0; return 0;
} }
$self->lmLog( "Module Lasso loaded", 'debug' ); $self->lmLog( "Module Lasso loaded", 'debug' );
# Remember we have loaded Lasso
$self->{_lasso} = 1;
return 1; return 1;
} }
...@@ -69,24 +72,24 @@ sub checkLassoError { ...@@ -69,24 +72,24 @@ sub checkLassoError {
## @method Lasso::Server createServer(string metadata, string private key, string private key password, string certificate) ## @method Lasso::Server createServer(string metadata, string private key, string private key password, string certificate)
# Load service metadata and create Lasso::Server object # Load service metadata and create Lasso::Server object
# @param string metadata file # @param string metadata
# @param string private key # @param string optional private key
# @param string private key password # @param string optional private key password
# @param string certificate # @param string optional certificate
# @return Lasso::Server object # @return Lasso::Server object
sub createServer { sub createServer {
my $self = shift; my $self = shift;
my $metadata = shift; my $metadata = shift;
my $private_key = shift; my $private_key = shift || '';
my $private_key_password = shift; my $private_key_password = shift || '';
my $certificate = shift; my $certificate = shift || '';
my $server = my $server = Lasso::Server::new_from_buffers( $metadata, $private_key,
new Lasso::Server( $metadata, $private_key, $private_key_password, $private_key_password, $certificate );
$certificate );
unless ($server) { unless ($server) {
$self->lmLog( 'Unable to create Lasso server', 'error' ); $self->lmLog( 'Unable to create Lasso server', 'error' );
return;
} }
$self->lmLog( 'Lasso server dump ' . Lasso::Server::dump($server), $self->lmLog( 'Lasso server dump ' . Lasso::Server::dump($server),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment