func (sc SubjectConfirmation) MakeXMLNode(d types.Document) (types.Node, error) {
scxml, err := d.CreateElement(ns.SAML.AddPrefix("SubjectConfirmation"))
if err != nil {
return nil, err
}
scxml.MakeMortal()
defer scxml.AutoFree()
method := sc.Method
if sc.Method == "" {
method = Bearer
}
scxml.SetAttribute("Method", method.String())
scd, err := d.CreateElement(ns.SAML.AddPrefix("SubjectConfirmationData"))
if err != nil {
return nil, err
}
scd.SetAttribute("InResponseTo", sc.InResponseTo)
scd.SetAttribute("Recipient", sc.Recipient)
scd.SetAttribute("NotOnOrAfter", sc.NotOnOrAfter.Format(TimeFormat))
scxml.AddChild(scd)
scxml.MakePersistent()
return scxml, nil
}
func (a Assertion) MakeXMLNode(d types.Document) (types.Node, error) {
axml, err := d.CreateElementNS(ns.SAML.URI, ns.SAML.AddPrefix("Assertion"))
if err != nil {
return nil, err
}
axml.SetNamespace(ns.XMLSchema.URI, ns.XMLSchema.Prefix, false)
axml.SetNamespace(ns.XMLSchemaInstance.URI, ns.XMLSchemaInstance.Prefix, false)
axml.SetAttribute("ID", a.ID)
axml.SetAttribute("Version", a.Version)
axml.SetAttribute("IssueInstant", a.IssueInstant.Format(TimeFormat))
iss, err := d.CreateElementNS(ns.SAML.URI, ns.SAML.AddPrefix("Issuer"))
if err != nil {
return nil, err
}
iss.AppendText(a.Issuer)
axml.AddChild(iss)
for _, noder := range []MakeXMLNoder{a.Subject, a.Conditions, a.AuthnStatement, a.AttributeStatement} {
n, err := noder.MakeXMLNode(d)
if err != nil {
return nil, err
}
axml.AddChild(n)
}
return axml, nil
}
func XMLSecTmplSignatureCreateNsPref(doc types.Document, c14nMethod TransformID, signMethod TransformID, id string, prefix string) (types.Node, error) {
docptr := (*C.xmlDoc)(unsafe.Pointer(doc.Pointer()))
if docptr == nil {
return nil, clib.ErrInvalidDocument
}
var xcid *C.xmlChar
if id != "" {
xcid = stringToXMLChar(id)
defer C.free(unsafe.Pointer(xcid))
}
var xcprefix *C.xmlChar
if prefix != "" {
xcprefix = stringToXMLChar(prefix)
defer C.free(unsafe.Pointer(xcprefix))
}
ptr := C.xmlSecTmplSignatureCreateNsPref(
docptr,
c14nMethod.ptr,
signMethod.ptr,
xcid,
xcprefix,
)
if ptr == nil {
return nil, errors.New("failed to create signature template")
}
return dom.WrapNode(uintptr(unsafe.Pointer(ptr)))
}
func (m Message) MakeXMLNode(d types.Document) (types.Node, error) {
mxml, err := d.CreateElement("Message")
if err != nil {
return nil, err
}
mxml.MakeMortal()
defer mxml.AutoFree()
mxml.SetAttribute("ID", m.ID)
mxml.SetAttribute("Version", m.Version)
mxml.SetAttribute("IssueInstant", m.IssueInstant.Format(TimeFormat))
if v := m.Destination; v != "" {
mxml.SetAttribute("Destination", v)
}
if v := m.Consent; v != "" {
mxml.SetAttribute("Consent", v)
}
// XXX Comeback later.
iss, err := d.CreateElementNS(ns.SAML.URI, ns.SAML.AddPrefix("Issuer"))
if err != nil {
return nil, err
}
iss.AppendText(m.Issuer)
mxml.AddChild(iss)
mxml.MakePersistent()
return mxml, nil
}
func XMLSecDSigCtxSignDocument(ctx PtrSource, doc types.Document) error {
ctxptr, err := validDSigCtxPtr(ctx)
if err != nil {
return err
}
root, err := doc.DocumentElement()
if err != nil {
return err
}
rootptr, err := validNodePtr(root)
if err != nil {
return err
}
cname := stringToXMLChar(SignatureNode)
cns := stringToXMLChar(DSigNs)
defer C.free(unsafe.Pointer(cname))
defer C.free(unsafe.Pointer(cns))
nodeptr := C.xmlSecFindNode(rootptr, cname, cns)
if nodeptr == nil {
return errors.New("failed to find start node")
}
return xmlSecDSigCtxSignRaw(ctxptr, nodeptr)
}
func (n NameID) MakeXMLNode(d types.Document) (types.Node, error) {
nameid, err := d.CreateElement(ns.SAML.AddPrefix("NameID"))
if err != nil {
return nil, err
}
nameid.SetAttribute("Format", n.Format.String())
nameid.AppendText(n.Value)
return nameid, nil
}
func (nif Format) MakeXMLNode(doc types.Document) (types.Node, error) {
root, err := doc.CreateElement("md:NameIDFormat")
if err != nil {
return nil, err
}
root.AppendText(Transient)
return root, nil
}
func constructAuthnRequest(doc types.Document) (*AuthnRequest, error) {
root, err := doc.DocumentElement()
if err != nil {
return nil, errors.New("failed to fetch document element: " + err.Error())
}
ar := &AuthnRequest{}
if err := ar.PopulateFromXML(root); err != nil {
return nil, errors.New("failed to populate from xml: " + err.Error())
}
return ar, nil
}
func (a Attribute) MakeXMLNode(d types.Document) (types.Node, error) {
axml, err := d.CreateElement(ns.SAML.AddPrefix("Attribute"))
if err != nil {
return nil, err
}
axml.MakeMortal()
defer axml.AutoFree()
axml.SetAttribute("Name", a.Name)
// Process xmlns first
for k, v := range a.Attrs {
if !strings.HasPrefix(k, "xmlns") {
continue
}
prefix := ""
if i := strings.IndexByte(k, ':'); i > 0 {
prefix = k[i+1:]
}
if err := axml.SetNamespace(v, prefix, false); err != nil {
return nil, err
}
}
for k, v := range a.Attrs {
if strings.HasPrefix(k, "xmlns") {
continue
}
if i := strings.IndexByte(k, ':'); i > 0 {
if _, err := axml.LookupNamespaceURI(k[:i]); err != nil {
return nil, err
}
axml.SetAttribute(k, v)
}
}
if v := a.FriendlyName; v != "" {
axml.SetAttribute("FriendlyName", v)
}
for _, v := range a.Values {
vxml, err := v.MakeXMLNode(d)
if err != nil {
return nil, err
}
axml.AddChild(vxml)
}
axml.MakePersistent()
return axml, nil
}
func (av AttributeValue) MakeXMLNode(d types.Document) (types.Node, error) {
avxml, err := d.CreateElement(ns.SAML.AddPrefix("AttributeValue"))
if err != nil {
return nil, err
}
avxml.MakeMortal()
defer avxml.AutoFree()
avxml.SetAttribute(ns.XMLSchemaInstance.AddPrefix("type"), av.Type)
avxml.AppendText(av.Value)
avxml.MakePersistent()
return avxml, nil
}
func (s AssertionConsumerService) MakeXMLNode(doc types.Document) (types.Node, error) {
root, err := doc.CreateElement("md:AssertionConsumerService")
if err != nil {
return nil, err
}
defer root.AutoFree()
root.MakeMortal()
root.SetAttribute("Binding", s.ProtocolBinding)
root.SetAttribute("Location", s.Location)
root.SetAttribute("index", strconv.Itoa(s.Index))
root.MakePersistent()
return root, nil
}
func (e Endpoint) MakeXMLNode(doc types.Document) (types.Node, error) {
root, err := doc.CreateElement(fmt.Sprintf("md:%s", e.Name))
if err != nil {
return nil, err
}
if v := e.ProtocolBinding.String(); v != "" {
root.SetAttribute("Binding", v)
}
if v := e.Location; v != "" {
root.SetAttribute("Location", v)
}
if v := e.ResponseLocation; v != "" {
root.SetAttribute("ResponseLocation", v)
}
return root, nil
}
func (ac AuthnContext) MakeXMLNode(d types.Document) (types.Node, error) {
acxml, err := d.CreateElement(ns.SAML.AddPrefix("AuthnContext"))
if err != nil {
return nil, err
}
acxml.MakeMortal()
defer acxml.AutoFree()
accxml, err := d.CreateElement(ns.SAML.AddPrefix("AuthnContextClassRef"))
if err != nil {
return nil, err
}
acxml.AddChild(accxml)
accxml.AppendText(ac.AuthnContextClassRef.String())
acxml.MakePersistent()
return acxml, nil
}
func (as AuthnStatement) MakeXMLNode(d types.Document) (types.Node, error) {
asxml, err := d.CreateElement(ns.SAML.AddPrefix("AuthnStatement"))
if err != nil {
return nil, err
}
asxml.MakeMortal()
defer asxml.AutoFree()
asxml.SetAttribute("AuthnInstant", as.AuthnInstant.Format(TimeFormat))
asxml.SetAttribute("SessionIndex", as.SessionIndex)
acxml, err := as.AuthnContext.MakeXMLNode(d)
if err != nil {
return nil, err
}
asxml.AddChild(acxml)
asxml.MakePersistent()
return asxml, nil
}
func (ar AudienceRestriction) MakeXMLNode(d types.Document) (types.Node, error) {
axml, err := d.CreateElement(ns.SAML.AddPrefix("AudienceRestriction"))
if err != nil {
return nil, err
}
axml.MakeMortal()
defer axml.AutoFree()
for _, a := range ar.Audience {
audxml, err := d.CreateElement(ns.SAML.AddPrefix("Audience"))
if err != nil {
return nil, err
}
axml.AddChild(audxml)
audxml.AppendText(string(a))
}
axml.MakePersistent()
return axml, nil
}
func (nip NameIDPolicy) MakeXMLNode(d types.Document) (types.Node, error) {
nipxml, err := d.CreateElement(ns.SAML.AddPrefix("NameIDPolicy"))
if err != nil {
return nil, err
}
nipxml.MakeMortal()
defer nipxml.AutoFree()
nipxml.SetAttribute("AllowCreate", strconv.FormatBool(nip.AllowCreate))
if v := nip.Format; v != "" {
nipxml.SetAttribute("Format", v.String())
}
if v := nip.SPNameQualifier; v != "" {
nipxml.SetAttribute("SPNameQualifier", v)
}
nipxml.MakePersistent()
return nipxml, nil
}
func (as AttributeStatement) MakeXMLNode(d types.Document) (types.Node, error) {
asxml, err := d.CreateElement(ns.SAML.AddPrefix("AttributeStatement"))
if err != nil {
return nil, err
}
asxml.MakeMortal()
defer asxml.AutoFree()
for _, attr := range as.Attributes {
attrxml, err := attr.MakeXMLNode(d)
if err != nil {
return nil, err
}
asxml.AddChild(attrxml)
}
asxml.MakePersistent()
return asxml, nil
}
func (s Subject) MakeXMLNode(d types.Document) (types.Node, error) {
sub, err := d.CreateElement(ns.SAML.AddPrefix("Subject"))
if err != nil {
return nil, err
}
sub.MakeMortal()
defer sub.AutoFree()
for _, noder := range []MakeXMLNoder{s.NameID, s.SubjectConfirmation} {
n, err := noder.MakeXMLNode(d)
if err != nil {
return nil, err
}
sub.AddChild(n)
}
sub.MakePersistent()
return sub, nil
}
func (res Response) MakeXMLNode(d types.Document) (types.Node, error) {
oresxml, err := res.Message.MakeXMLNode(d)
if err != nil {
return nil, err
}
resxml := oresxml.(types.Element)
resxml.MakeMortal()
defer resxml.AutoFree()
resxml.SetNodeName("Response")
resxml.SetNamespace(ns.SAMLP.URI, ns.SAMLP.Prefix, true)
resxml.SetNamespace(ns.SAML.URI, ns.SAML.Prefix, false)
if v := res.InResponseTo; v != "" {
resxml.SetAttribute("InResponseTo", v)
}
st, err := d.CreateElement("samlp:Status")
if err != nil {
return nil, err
}
stc, err := d.CreateElement("samlp:StatusCode")
if err != nil {
return nil, err
}
stc.SetAttribute("Value", res.Status.String())
st.AddChild(stc)
resxml.AddChild(st)
if assertion := res.Assertion; assertion != nil {
axml, err := assertion.MakeXMLNode(d)
if err != nil {
return nil, err
}
resxml.AddChild(axml)
}
resxml.MakePersistent()
return resxml, nil
}
func (rac RequestedAuthnContext) MakeXMLNode(d types.Document) (types.Node, error) {
racxml, err := d.CreateElement(ns.SAML.AddPrefix("RequestedAuthnContext"))
if err != nil {
return nil, err
}
racxml.MakeMortal()
defer racxml.AutoFree()
racxml.SetAttribute("Comparison", rac.Comparison)
accxml, err := d.CreateElement(ns.SAML.AddPrefix("AuthnContextClassRef"))
if err != nil {
return nil, err
}
racxml.AddChild(accxml)
accxml.AppendText(rac.AuthnContextClassRef)
racxml.MakePersistent()
return racxml, nil
}
func (c Conditions) MakeXMLNode(d types.Document) (types.Node, error) {
cxml, err := d.CreateElement(ns.SAML.AddPrefix("Conditions"))
if err != nil {
return nil, err
}
cxml.MakeMortal()
defer cxml.AutoFree()
// XXX shobosso says to use RFC3339
cxml.SetAttribute("NotBefore", c.NotBefore.Format(time.RFC3339))
cxml.SetAttribute("NotOnOrAfter", c.NotOnOrAfter.Format(time.RFC3339))
arxml, err := c.AudienceRestriction.MakeXMLNode(d)
if err != nil {
return nil, err
}
cxml.AddChild(arxml)
cxml.MakePersistent()
return cxml, err
}
func (kd KeyDescriptor) MakeXMLNode(doc types.Document) (types.Node, error) {
kdnode, err := doc.CreateElement("md:KeyDescriptor")
if err != nil {
return nil, err
}
defer kdnode.AutoFree()
kdnode.MakeMortal()
if v := kd.Use; v != "" {
kdnode.SetAttribute("use", v)
}
keynode, err := kd.Key.MakeXMLNode(doc)
if err != nil {
return nil, err
}
kdnode.AddChild(keynode)
kdnode.MakePersistent()
return kdnode, nil
}
func XMLSecDSigCtxVerifyDocument(ctx PtrSource, doc types.Document) error {
ctxptr, err := validDSigCtxPtr(ctx)
if err != nil {
return err
}
root, err := doc.DocumentElement()
if err != nil {
return err
}
rootptr, err := validNodePtr(root)
if err != nil {
return err
}
nodeptr := findSignatureNode(rootptr)
if nodeptr == nil {
return errors.New("failed to find start node")
}
return XMLSecDSigCtxVerifyRaw(ctxptr, nodeptr)
}
func (key *RSA) MakeXMLNode(doc types.Document) (types.Node, error) {
var root types.Node
var err error
prefix, err := doc.LookupNamespacePrefix(xmlsec.DSigNs)
if err != nil {
// namespace does not exist. make me a namespace
root, err = doc.CreateElementNS(xmlsec.DSigNs, xmlsec.Prefix+":KeyInfo")
if err != nil {
return nil, err
}
prefix = xmlsec.Prefix
} else {
root, err = doc.CreateElement(prefix + ":KeyInfo")
if err != nil {
return nil, err
}
}
defer root.AutoFree()
root.MakeMortal()
kvnode, err := doc.CreateElement(prefix + ":KeyValue")
if err != nil {
return nil, err
}
root.AddChild(kvnode)
rsakeynode, err := doc.CreateElement(prefix + ":RSAKeyValue")
if err != nil {
return nil, err
}
kvnode.AddChild(rsakeynode)
mnode, err := doc.CreateElement(prefix + ":Modulus")
if err != nil {
return nil, err
}
mnode.AppendText(base64.StdEncoding.EncodeToString(key.key.N.Bytes()))
rsakeynode.AddChild(mnode)
enode, err := doc.CreateElement(prefix + ":Exponent")
if err != nil {
return nil, err
}
data := make([]byte, 8)
binary.BigEndian.PutUint64(data, uint64(key.key.E))
i := 0
for ; i < len(data); i++ {
if data[i] != 0x0 {
break
}
}
enode.AppendText(base64.StdEncoding.EncodeToString(data[i:]))
rsakeynode.AddChild(enode)
root.MakePersistent()
return root, nil
}
// MakeXMLNode creates a libxml2 node tree to represent this DSA key
func (key *DSA) MakeXMLNode(doc types.Document) (types.Node, error) {
var root types.Node
var err error
prefix, err := doc.LookupNamespacePrefix(xmlsec.DSigNs)
if err != nil {
// namespace does not exist. make me a namespace
root, err = doc.CreateElementNS(xmlsec.DSigNs, xmlsec.Prefix+":KeyInfo")
if err != nil {
return nil, err
}
prefix = xmlsec.Prefix
} else {
root, err = doc.CreateElement(prefix + ":KeyInfo")
if err != nil {
return nil, err
}
}
defer root.AutoFree()
root.MakeMortal()
kvnode, err := doc.CreateElement(prefix + ":KeyValue")
if err != nil {
return nil, err
}
root.AddChild(kvnode)
dsakeynode, err := doc.CreateElement(prefix + ":DSAKeyValue")
if err != nil {
return nil, err
}
kvnode.AddChild(dsakeynode)
pnode, err := doc.CreateElement(prefix + ":P")
if err != nil {
return nil, err
}
pnode.AppendText(base64.StdEncoding.EncodeToString(key.key.P.Bytes()))
dsakeynode.AddChild(pnode)
qnode, err := doc.CreateElement(prefix + ":Q")
if err != nil {
return nil, err
}
qnode.AppendText(base64.StdEncoding.EncodeToString(key.key.Q.Bytes()))
dsakeynode.AddChild(qnode)
gnode, err := doc.CreateElement(prefix + ":G")
if err != nil {
return nil, err
}
gnode.AppendText(base64.StdEncoding.EncodeToString(key.key.G.Bytes()))
dsakeynode.AddChild(gnode)
ynode, err := doc.CreateElement(prefix + ":Y")
if err != nil {
return nil, err
}
ynode.AppendText(base64.StdEncoding.EncodeToString(key.key.Y.Bytes()))
dsakeynode.AddChild(ynode)
root.MakePersistent()
return root, nil
}
func (desc IDPDescriptor) MakeXMLNode(doc types.Document) (types.Node, error) {
root, err := doc.CreateElementNS(ns.Metadata.URI, ns.Metadata.AddPrefix("EntityDescriptor"))
if err != nil {
return nil, err
}
defer root.AutoFree()
root.MakeMortal()
root.SetNamespace(ns.XMLDSignature.URI, ns.XMLDSignature.Prefix, false)
root.SetAttribute("entityID", desc.ID())
idpdesc, err := doc.CreateElement("md:IDPSSODescriptor")
if err != nil {
return nil, err
}
root.AddChild(idpdesc)
if len(desc.RoleDescriptor.ProtocolSupportEnumerations) == 0 {
desc.RoleDescriptor.ProtocolSupportEnumerations = []string{ns.SAMLP.URI}
}
protobuf := bytes.Buffer{}
for i, proto := range desc.RoleDescriptor.ProtocolSupportEnumerations {
protobuf.WriteString(proto)
if i != len(desc.RoleDescriptor.ProtocolSupportEnumerations)-1 {
protobuf.WriteString(" ")
}
}
idpdesc.SetAttribute("protocolSupportEnumeration", protobuf.String())
if k := desc.KeyDescriptor; k != nil {
kdesc, err := k.MakeXMLNode(doc)
if err != nil {
return nil, err
}
idpdesc.AddChild(kdesc)
}
if v := desc.ErrorURL; v != "" {
idpdesc.SetAttribute("errorURL", v)
}
for _, sls := range desc.SingleLogoutServices() {
sls.Name = "SingleLogoutService"
slsdesc, err := sls.MakeXMLNode(doc)
if err != nil {
return nil, err
}
idpdesc.AddChild(slsdesc)
}
{
nif, err := desc.NameIDFormat.MakeXMLNode(doc)
if err != nil {
return nil, err
}
idpdesc.AddChild(nif)
}
for _, ssos := range desc.SingleSignOnService {
ssos.Name = "SingleSignOnService"
ssosdesc, err := ssos.MakeXMLNode(doc)
if err != nil {
return nil, err
}
idpdesc.AddChild(ssosdesc)
}
if cp := desc.ContactPerson; cp != nil {
cpnode, err := cp.MakeXMLNode(doc)
if err != nil {
return nil, err
}
root.AddChild(cpnode)
}
root.MakePersistent()
return root, nil
}
func (cp ContactPerson) MakeXMLNode(doc types.Document) (types.Node, error) {
root, err := doc.CreateElement("md:ContactPerson")
if err != nil {
return nil, err
}
defer root.AutoFree()
root.MakeMortal()
root.SetAttribute("contactType", cp.Type)
if v := cp.Company; v != "" {
c, err := doc.CreateElement("md:Company")
if err != nil {
return nil, err
}
c.AppendText(v)
root.AddChild(c)
}
if v := cp.GivenName; v != "" {
gn, err := doc.CreateElement("md:GivenName")
if err != nil {
return nil, err
}
gn.AppendText(v)
root.AddChild(gn)
}
if v := cp.SurName; v != "" {
sn, err := doc.CreateElement("md:SurName")
if err != nil {
return nil, err
}
sn.AppendText(v)
root.AddChild(sn)
}
if v := cp.EmailAddress; v != "" {
ea, err := doc.CreateElement("md:EmailAddress")
if err != nil {
return nil, err
}
ea.AppendText(v)
root.AddChild(ea)
}
if v := cp.TelephoneNumber; v != "" {
tn, err := doc.CreateElement("md:TelephoneNumber")
if err != nil {
return nil, err
}
tn.AppendText(v)
root.AddChild(tn)
}
root.MakePersistent()
return root, nil
}
