Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
libocci
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
2
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e5ef02d9
authored
Apr 25, 2017
by
Fukász Rómeó Ervin
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'master' of git.ik.bme.hu:circle/libocci
parents
330deb56
644c4ca3
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
230 additions
and
5 deletions
+230
-5
Makefile
+3
-3
occisession.cpp
+48
-1
occisession.h
+7
-0
occisession.i
+5
-0
saml2_ecp.cpp
+118
-0
saml2_ecp.h
+41
-0
setup.py
+8
-1
No files found.
Makefile
View file @
e5ef02d9
...
@@ -19,11 +19,11 @@ CPP=g++
...
@@ -19,11 +19,11 @@ CPP=g++
CC
=
gcc
CC
=
gcc
AR
=
ar
AR
=
ar
CFLAGS
=
-fPIC
-Ofast
CFLAGS
=
-fPIC
-Ofast
CPPFLAGS
=
-fPIC
--std
=
c++11
-Ofast
-Irestclient-cpp
/include
CPPFLAGS
=
-fPIC
--std
=
c++11
-Ofast
-Irestclient-cpp
/include
`
pkg-config
--cflags
lasso
`
LDFLAGS
=
--shared
LDFLAGS
=
--shared
LIBS
=
-lrestclient-cpp
-lcurl
LIBS
=
-lrestclient-cpp
-lcurl
`
pkg-config
--libs
lasso
`
-lgobject-2
.0
-lgumbo
-lgq
SONAME
=
_occi.so
SONAME
=
_occi.so
SOURCES
=
compute.cpp entity.cpp network.cpp occisession.cpp resource.cpp storage.cpp template.cpp link.cpp
SOURCES
=
compute.cpp entity.cpp network.cpp occisession.cpp resource.cpp storage.cpp template.cpp link.cpp
saml2_ecp.cpp
SWIG
=
swig
SWIG
=
swig
SWIG_INTERFACES
=
occilib.i
SWIG_INTERFACES
=
occilib.i
...
...
occisession.cpp
View file @
e5ef02d9
...
@@ -23,6 +23,10 @@
...
@@ -23,6 +23,10 @@
#include "json.hpp"
#include "json.hpp"
#include "occisession.h"
#include "occisession.h"
#include "saml2_ecp.h"
#include <gq/Document.h>
#include <gq/Node.h>
using
std
::
string
;
using
std
::
string
;
using
nlohmann
::
json
;
using
nlohmann
::
json
;
...
@@ -40,7 +44,7 @@ void OcciSession::setCsrfTokenHeader(){
...
@@ -40,7 +44,7 @@ void OcciSession::setCsrfTokenHeader(){
this
->
connection
->
AppendHeader
(
"X-CSRFToken"
,
csrftoken
);
this
->
connection
->
AppendHeader
(
"X-CSRFToken"
,
csrftoken
);
}
}
OcciSession
::
OcciSession
(
const
char
*
url
,
bool
insecure
,
bool
csrf
){
OcciSession
::
OcciSession
(
const
char
*
url
,
bool
insecure
,
bool
csrf
)
:
url
(
url
)
{
RestClient
::
init
();
RestClient
::
init
();
this
->
connection
=
new
RestClient
::
Connection
(
url
);
this
->
connection
=
new
RestClient
::
Connection
(
url
);
if
(
insecure
)
{
if
(
insecure
)
{
...
@@ -111,6 +115,49 @@ void OcciSession::circleOcciLogin(string username, string password){
...
@@ -111,6 +115,49 @@ void OcciSession::circleOcciLogin(string username, string password){
post
(
"login/"
,
json
::
parse
(
body
));
post
(
"login/"
,
json
::
parse
(
body
));
}
}
void
OcciSession
::
BMELogin
(
string
username
,
string
password
,
bool
insecure
){
std
::
string
&
sp_url
=
url
;
auto
con
=
new
RestClient
::
Connection
(
""
);
if
(
insecure
)
{
con
->
SetHostVerify
(
false
);
con
->
SetPeerVerify
(
false
);
}
con
->
FollowRedirects
(
true
);
auto
r
=
con
->
get
(
sp_url
+
"/saml2/login/"
);
auto
idp_auth_url
=
con
->
GetInfo
().
lastRequest
.
effectiveUrl
;
std
::
string
body
=
"j_username="
+
username
+
"&j_password="
+
password
;
con
->
setCookies
(
r
.
cookies
);
r
=
con
->
post
(
idp_auth_url
,
body
);
CDocument
doc
;
doc
.
parse
(
r
.
body
.
c_str
());
CSelection
c
=
doc
.
find
(
"input[name=RelayState]"
);
auto
RelayState
=
c
.
nodeAt
(
0
).
attribute
(
"value"
);
c
=
doc
.
find
(
"input[name=SAMLResponse]"
);
auto
SAMLResponse
=
c
.
nodeAt
(
0
).
attribute
(
"value"
);
RestClient
::
PostData
data
;
data
[
"RelayState"
]
=
RelayState
;
data
[
"SAMLResponse"
]
=
SAMLResponse
;
con
->
clearCookies
();
r
=
con
->
post
(
sp_url
+
"/saml2/acs/"
,
data
);
this
->
connection
->
setCookies
(
r
.
cookies
);
}
void
OcciSession
::
saml2EcpLogin
(
std
::
string
username
,
std
::
string
password
,
std
::
string
metadata
,
bool
insecure
){
auto
r
=
saml2_ecp_login
(
username
,
password
,
url
+
"/saml2/login/"
,
metadata
,
insecure
);
this
->
connection
->
setCookies
(
r
.
cookies
);
}
json
OcciSession
::
queryInterface
(){
json
OcciSession
::
queryInterface
(){
return
get
(
"-/"
);
return
get
(
"-/"
);
}
}
occisession.h
View file @
e5ef02d9
...
@@ -34,6 +34,7 @@ namespace OcciClient {
...
@@ -34,6 +34,7 @@ namespace OcciClient {
private
:
private
:
std
::
string
url
;
RestClient
::
Connection
*
connection
=
nullptr
;
RestClient
::
Connection
*
connection
=
nullptr
;
bool
csrftokenRequired
=
false
;
bool
csrftokenRequired
=
false
;
std
::
string
csrfuri
;
std
::
string
csrfuri
;
...
@@ -58,6 +59,12 @@ namespace OcciClient {
...
@@ -58,6 +59,12 @@ namespace OcciClient {
void
circleOcciLogin
(
std
::
string
username
,
std
::
string
password
);
void
circleOcciLogin
(
std
::
string
username
,
std
::
string
password
);
void
BMELogin
(
std
::
string
username
,
std
::
string
password
,
bool
insecure
=
false
);
void
saml2EcpLogin
(
std
::
string
username
,
std
::
string
password
,
std
::
string
metadata
,
bool
insecure
=
false
);
nlohmann
::
json
queryInterface
();
nlohmann
::
json
queryInterface
();
};
};
}
}
...
...
occisession.i
View file @
e5ef02d9
...
@@ -8,5 +8,10 @@ namespace OcciClient{
...
@@ -8,5 +8,10 @@ namespace OcciClient{
OcciSession(const char* url, bool insecure = false, bool csrf = false);
OcciSession(const char* url, bool insecure = false, bool csrf = false);
~OcciSession();
~OcciSession();
void circleOcciLogin(std::string username, std::string password);
void circleOcciLogin(std::string username, std::string password);
void BMELogin(std::string username, std::string password, bool insecure=false);
void saml2EcpLogin(std::string username,
std::string password,
std::string metadata,
bool insecure=false);
};
};
}
}
saml2_ecp.cpp
0 → 100644
View file @
e5ef02d9
#include "saml2_ecp.h"
#include <restclient-cpp/connection.h>
#include <lasso/lasso.h>
#include <lasso/xml/soap-1.1/xml_soap11.h>
#include <iostream>
#include <fstream>
#include <string>
using
namespace
RestClient
;
namespace
OcciClient
{
static
inline
void
check_error
(
int
error_code
){
if
(
error_code
<
0
)
throw
std
::
runtime_error
(
lasso_strerror
(
error_code
));
}
static
inline
void
check_http_error
(
Response
resp
){
if
(
resp
.
code
<
400
)
return
;
LassoSoapFault
*
fault
=
lasso_soap_fault_new_from_message
(
resp
.
body
.
c_str
());
const
char
*
message
=
fault
->
faultstring
;
if
(
message
==
NULL
)
message
=
resp
.
body
.
c_str
();
throw
HttpError
(
message
,
resp
.
code
);
}
// SAML2 Profile for ECP (Section 4.2) defines these steps for an ECP
// transaction
//
// 1. ECP issues HTTP Request to SP
// 2. SP issues <AuthnRequest> to ECP using PAOS
// 3. ECP determines IdP
// 4. ECP conveys <AuthnRequest> to IdP using SOAP
// 5. IdP identifies principal
// 6. IdP issues <Response> to ECP, targeted at SP using SOAP
// 7. ECP conveys <Response> to SP using PAOS
// 8. SP grants or denies access to principal
RestClient
::
Response
saml2_ecp_login
(
std
::
string
username
,
std
::
string
password
,
std
::
string
login_url
,
std
::
string
metadata
,
bool
insecure
){
lasso_init
();
auto
con
=
Connection
(
""
);
Response
r
;
if
(
insecure
)
{
con
.
SetHostVerify
(
false
);
con
.
SetPeerVerify
(
false
);
}
// init ECP session
LassoServer
*
ecpContext
=
lasso_server_new
(
NULL
,
NULL
,
NULL
,
NULL
);
if
(
ecpContext
==
NULL
)
throw
std
::
runtime_error
(
"Cannot create ECP client (ecpContext)"
);
lasso_provider_set_protocol_conformance
(
LASSO_PROVIDER
(
ecpContext
),
LASSO_PROTOCOL_SAML_2_0
);
check_error
(
lasso_server_add_provider
(
ecpContext
,
LASSO_PROVIDER_ROLE_IDP
,
metadata
.
c_str
(),
NULL
,
NULL
));
LassoEcp
*
ecp
=
lasso_ecp_new
(
ecpContext
);
if
(
ecp
==
NULL
)
throw
std
::
runtime_error
(
"Cannot create ECP client (ecp)"
);
try
{
// phase 1.
HeaderFields
headers
;
headers
[
"Accept"
]
=
MEDIA_TYPE_PAOS
;
headers
[
"PAOS"
]
=
PAOS_HEADER
;
con
.
SetHeaders
(
headers
);
r
=
con
.
get
(
login_url
);
check_http_error
(
r
);
// phase 2-6.
check_error
(
lasso_ecp_process_authn_request_msg
(
ecp
,
r
.
body
.
c_str
()));
con
.
SetBasicAuth
(
username
,
password
);
headers
[
"Content-Type"
]
=
MEDIA_TYPE_SOAP
;
con
.
SetHeaders
(
headers
);
LassoProfile
*
profile
=
LASSO_PROFILE
(
ecp
);
r
=
con
.
post
(
profile
->
msg_url
,
profile
->
msg_body
);
check_http_error
(
r
);
// phase 7-8.
check_error
(
lasso_ecp_process_response_msg
(
ecp
,
r
.
body
.
c_str
()));
headers
=
HeaderFields
();
headers
[
"Content-Type"
]
=
MEDIA_TYPE_PAOS
;
con
.
SetHeaders
(
headers
);
r
=
con
.
post
(
profile
->
msg_url
,
profile
->
msg_body
);
check_http_error
(
r
);
}
catch
(
std
::
exception
&
){
// destroy session
lasso_server_destroy
(
ecpContext
);
lasso_ecp_destroy
(
ecp
);
lasso_shutdown
();
throw
;
}
// destroy session
lasso_server_destroy
(
ecpContext
);
lasso_ecp_destroy
(
ecp
);
lasso_shutdown
();
return
r
;
}
}
saml2_ecp.h
0 → 100644
View file @
e5ef02d9
#ifndef SAML2_ECP_H
#define SAML2_ECP_H
#include <restclient-cpp/restclient.h>
#include <stdexcept>
#define MEDIA_TYPE_PAOS "application/vnd.paos+xml"
#define PAOS_HEADER ("ver=\"" LASSO_PAOS_HREF "\";\"" LASSO_ECP_HREF "\"")
#define MEDIA_TYPE_SOAP "application/soap+xml"
namespace
OcciClient
{
struct
HttpError
:
public
std
::
runtime_error
{
int
status_code
;
std
::
string
message
;
HttpError
(
std
::
string
message
,
int
status_code
)
:
runtime_error
(
""
),
status_code
(
status_code
){
this
->
message
=
std
::
string
(
"Status code: "
)
+
std
::
to_string
(
status_code
)
+
" Message: "
+
message
;
}
const
char
*
what
()
const
noexcept
{
return
message
.
c_str
();
}
};
RestClient
::
Response
saml2_ecp_login
(
std
::
string
username
,
std
::
string
password
,
std
::
string
login_url
,
std
::
string
metadata
,
bool
insecure
=
false
);
}
#endif // SAML2_ECP_H
setup.py
View file @
e5ef02d9
...
@@ -17,7 +17,13 @@ _occi = Extension('_occi',
...
@@ -17,7 +17,13 @@ _occi = Extension('_occi',
library_dirs
=
[
'.'
],
library_dirs
=
[
'.'
],
swig_opts
=
[
'-c++'
],
swig_opts
=
[
'-c++'
],
extra_compile_args
=
[
'-std=c++11'
,
'-Ofast'
],
extra_compile_args
=
[
'-std=c++11'
,
'-Ofast'
],
libraries
=
[
'occi'
,
'restclient-cpp'
,
'curl'
]
libraries
=
[
'occi'
,
'restclient-cpp'
,
'curl'
,
# for BMElogin method
'gq'
,
'gumbo'
,
# for saml2EcpLogin method
'lasso'
,
'xmlsec1'
,
'gobject-2.0'
,
'ffi'
,
'xslt'
,
'dl'
,
'xml2'
,
'z'
,
'm'
,
'glib-2.0'
,
]
)
)
...
@@ -27,6 +33,7 @@ class Build(build_ext):
...
@@ -27,6 +33,7 @@ class Build(build_ext):
check_call
([
'make'
,
'lib'
])
check_call
([
'make'
,
'lib'
])
build_ext
.
run
(
self
)
build_ext
.
run
(
self
)
setup
(
setup
(
name
=
'libocci'
,
name
=
'libocci'
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment