entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
5,236 Commits 7 Branches 40 Tags 14 MiB
Commit Graph

5236 Commits

Author SHA1 Message Date
Benjamin Dauvergne 5c2fc3b5dc [id-ff/saml2] add a lasso_server_add_provider2 
It allows to add LassoProvider objects directly to a LassoServer object,
without using the metadata loading methods.
 2011-12-05 12:03:12 +01:00
Benjamin Dauvergne 10edf69bfc [utils] add lasso_crypto_memequal function 
This method compare byte strings in constant time.
 2011-12-05 12:03:12 +01:00
Benjamin Dauvergne 9de6450f4c [tools] add a LassoSignatureContext structure to pass signature parameters around 
Signature parameters are mainly a LassoSignatureMethod and a xmlSecKey.
 2011-12-05 12:03:12 +01:00
Benjamin Dauvergne 5a9a447bad [xml] add an inline function to validate LassoSignatureMethod values 
- add also a LASSO_SIGNATURE_METHOD_NONE value
 2011-12-05 12:03:12 +01:00
Benjamin Dauvergne 4ba067b828 [utils] add lasso_transfer_xml_node macros 2011-12-05 12:03:12 +01:00
Benjamin Dauvergne ad51948373 [core] simplify lasso_provider_load_public_key 2011-12-05 12:03:12 +01:00
Benjamin Dauvergne 654f9523c2 [web] fix link on the download page 2011-11-29 13:01:32 +01:00
Benjamin Dauvergne 29800377a3 Merge branch 'multi-certificates' 2011-11-29 12:36:47 +01:00
Benjamin Dauvergne 92ebef91f5 Merge branch 'excl-c14n-fix' 2011-11-29 11:05:29 +01:00
Benjamin Dauvergne 70aeff17d2 [web] add release news for release 2.3.6 2011-11-29 10:58:42 +01:00
Benjamin Dauvergne 5f25443c14 [release] 2.3.6 2011-11-29 10:42:16 +01:00
Benjamin Dauvergne b785881e53 [integration tests] does not use full leak report 2011-11-22 18:51:49 +01:00
Benjamin Dauvergne d72cc31347 [integration tests] show more callers when using valgrind memcheck looking for leaks in authentic and lcs 2011-11-22 18:51:49 +01:00
Benjamin Dauvergne 95137b1ad1 [tests] add test for rollover on the SP side, i.e. rollover of encryption keys 
This test case is the first to abstract the workflow between two
LassoLogin object (for the idp and sp side). This part of the code could
be used to simplify the code of other tests in the future.
 2011-11-22 18:51:49 +01:00
Benjamin Dauvergne fd7af65e91 [core] do not emit a warning for expected decryption errors 
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.

Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
 2011-11-22 18:51:49 +01:00
Benjamin Dauvergne 5957f3e230 [core] add a new class of errors for xml encryption errors 
add LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA for generic unrecoverable
xml decryption errors.
 2011-11-22 18:51:12 +01:00
Benjamin Dauvergne 26d6b35a49 [leakcheck] fix leaks seen by the unit tests 
This commit also improved valgrind suppression file to hide static
allocations done by the GLib type system.
 2011-11-22 17:45:52 +01:00
Benjamin Dauvergne 9d13fb1933 [core] fix wrong XML canonicalization when assertion is extracted without its namespace context 2011-11-22 00:18:33 +01:00
Benjamin Dauvergne 699f0e42d5 [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5 
- gcc now warns when you compate a typedef to the anonymous enum which
   define it.
 - some inline function in the zend.h header do compare between signed
   and unsigned char.
 2011-11-21 22:10:12 +01:00
Benjamin Dauvergne 5192cdf7a0 [core] multiple decryption keys support 
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.

The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:

 xmlSecKey *encryption_private_key

became:

 GList *encryption_private_keys

All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.

The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
 2011-11-21 10:25:03 +01:00
Benjamin Dauvergne 055b405387 Merge branch 'extension-abi-respecting' 2011-11-18 15:36:57 +01:00
Benjamin Dauvergne f286c7cb5c [saml2] add missing extension point for LassoSaml2SubjectConfirmationData 
- it can support any content and any attribute without validation
   xs:any with processContents="lax"
 2011-11-18 15:36:41 +01:00
Benjamin Dauvergne 3ec4a2f294 [xml] allow to store XSchema data into a private stucture 
- added new macros SNIPPET_STRUCT_MEMBER and SNIPPET_STRUCT_MEMBER_P
   replaces use of G_STRUCT_MEMBER/_P macros.
 - we use the GType of the class containing a given XmlSnippet to find
   the proper private structure.
 - added flag SNIPPET_PRIVATE to state XmlSnippet whose value
   should be extracted from the private structure and not the public
   one.
 2011-11-18 15:36:41 +01:00
Benjamin Dauvergne 0e0511c686 [binding python] prevent warning in wrapper_top.c under hardy with gcc 4.2.4 2011-11-18 15:36:41 +01:00
Benjamin Dauvergne 773cdab883 [core] add missing break to switch/case 2011-11-18 15:36:40 +01:00
Benjamin Dauvergne 8002502152 [bindings] fix bug introduced in last commit 2011-11-08 01:10:22 +01:00
Benjamin Dauvergne 3c6970e047 [bindings] fix tree traversal on windows 
- The file path separator is not / on all platforms, so do not use it
   when matching filenames.
 2011-10-18 17:35:55 +02:00
Benjamin Dauvergne 4552f30293 [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5 
- gcc now warns when you compate a typedef to the anonymous enum which
   define it.
 - some inline function in the zend.h header do compare between signed
   and unsigned char.
 2011-10-18 17:33:43 +02:00
Benjamin Dauvergne b8cf183c37 [xml saml-2.0] add missing annotation for binding generation to header for LassoKeyInformationDataType 2011-10-18 17:32:56 +02:00
Benjamin Dauvergne 94a9fe4f02 [xml saml-2.0] add a class to handle the KeyInfoConfirmationData type 
* use a direct mapping to map this class to SubjectConfirmationData
   node having the xsi:type attribute.
 * overload get_xmlNode method to add the xsi:type attribute on output.
 2011-10-13 01:12:04 +02:00
Benjamin Dauvergne f69b561c47 [xml] allow node classes to not defined their nodename, useful for simple Type 2011-10-13 01:09:29 +02:00
Benjamin Dauvergne c6d4076599 [id-wsf2 profile] check provider->private_data->roles instead of provider->role 
Fixes #140.
 2011-10-10 17:38:03 +02:00
Benjamin Dauvergne 984759ea67 [id-wsf discovery] provider can now contain multiple public keys, only consider the first key for id-wsf token generation 
ID-WSF never contemplated the fact that sometimes key roll-over happend
(SubjectConfirmation can only containg on ds:KeyInfo), whatever...
 2011-10-10 17:26:09 +02:00
Benjamin Dauvergne b7a94f2db8 [saml-2.0] augment lasso_saml20_provider_get_first_http_method to verify presence of synchronous bindings 2011-10-10 16:31:04 +02:00
Benjamin Dauvergne aa7fae5fc1 [xml] if a SNIPPET_LIST_NODES as the SNIPPET_ANY flag, allows really any kind of node through LassoMiscTextNode 2011-10-10 16:31:03 +02:00
Benjamin Dauvergne 7b1aa28c2c [xml] allows LassoMiscText.init_from_xml to parse any xmlNode 
If the node has no attributes and has a simple string content, we use the
classic embedding by setting, name, ns_href, ns_prefix. Otherwise the complete
xmlNode is copied.
 2011-10-10 16:31:03 +02:00
Benjamin Dauvergne 627294f52c [tests] add non-regression tests concerning the parsing of any xmlNode tree by LassoMiscTextNode when SNIPPET_ANY is used by a LassoNode 2011-10-10 16:31:00 +02:00
Benjamin Dauvergne 94136d639b [xml] only try to map an xmlNode to a class ame if the node has a namespace 2011-10-10 16:17:28 +02:00
Benjamin Dauvergne f638f379e7 [xml saml-2.0] change AttributeValue snippets to accept any children 
An AttributeValue has an XSchema type of xs:any.
 2011-10-10 16:14:50 +02:00
Benjamin Dauvergne a7be1fa114 [xml] create a static version of lasso_node_new_from_xmlNode_with_type without error logging 
When used inside lasso_node_impl_init_from_xml the error logging is
prematurely sent as there is a backup procedure for parsing unknown
nodes inside a SNIPPET_LIST_NODES by creating a LassoMiscTextNode
containing a copy of the parsed xmlNode child.
 2011-10-07 13:08:49 +02:00
Benjamin Dauvergne 9430491963 [configure.ac] default AM_MAINTAINER_MODE to enable 2011-09-09 15:39:43 +02:00
Benjamin Dauvergne da5260de18 [configure.ac] remove useless semi-colons 2011-07-08 21:17:01 +02:00
Benjamin Dauvergne b1183fe341 Fix wrong version exported in the PHP binding 2011-07-08 21:15:20 +02:00
Benjamin Dauvergne 14b5c395cc Change the glob expression to match darwin $host_os 
Also use the $DARWIN flag to control the setting of JNI_EXTRA_LDFLAGS.
 2011-06-03 11:24:02 +02:00
Benjamin Dauvergne 8aadadef4d [java] try to make test works under Mac Os X 2011-05-30 22:24:39 +02:00
Benjamin Dauvergne 9cedec628e [core] finish transition from single encryption key to multiple ones 
Some code still reference provider->private->encryption_public_key, this
commit make them use lasso_provider_get_encryption_public_key().
 2011-05-30 22:24:37 +02:00
Benjamin Dauvergne 24a29f954a [bindings perl] remove --as-needed from linker flags, it is not supported evrywhere 
It can come back if we add proper checking of the support on the
platform, maybe we can leverage tests made by autoconf.
 2011-05-27 16:02:30 +02:00
Benjamin Dauvergne ed44ea81a8 Disable metadata loading test with the UK federation files 2011-05-27 16:01:44 +02:00
Benjamin Dauvergne 8036813115 Merge branch 'multi-certificates' 2011-05-23 10:53:50 +02:00
Benjamin Dauvergne bd7e649272 [bindings perl] in Makefile.am, gives a default template to mktemp 
Thanks to Nathan Sowatskey for the bug report and the fix.
 2011-05-19 17:55:12 +02:00