OpenSSL API is used to sign query-string values in the SAML 2.0 Redirect binding.
Other binding only need the libxmlsec API as signature are XML DSIG signatures.
The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:
--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]
at initialization time with an environment variable:
LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]
or at runtime for a service provider:
lasso_provider_set_key_encryption_method(LassoProvider *provider,
LassoKeyEncryptionMethod key_encryption_method)
The setting is global for all encrypted nodes (Assertion or NameID).
Lasso uses an internal private variable bound to the provider to
indicate which protocol the provider is servicing. It is vital this
value be correctly set because many Lasso routines used it to dispatch
to the appropriate protocol handlers.
Normally the provider's protocol conformance is set as a side-effect
of parsing the XML metadata that describes the provider (e.g. an SP or
IdP). However there are some providers (e.g. an ECP client) which do
not have metadata. For providers lacking metadata it is essential
there be a mechanism to set the protocol conformance otherwise the
library will malfunction.
The function comes with documentation that includes a clear warning
this is to be used only in limited circumstances.
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
Ina number of cases function inputs are not checked for NULL although
values may end up with a NULL value and then they are dereferenced
directly.
Check values in the function (or the caller) if appropriate.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
The compiler complain about these values not being initialized.
come of them do not really matter as they are only really used when
later initialized in the code and the code paths would not use them
if not initialized in a previous block, however some of these seem
real issues.
In all cases make the compiler happy so we get less noise in the build
and less false positives in code chckers.
License: MIT
Signed-off-by: Simo Sorce <simo@redhat.com>
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
The added key can be appended or prepended, depending on the need for the key:
- rollover
- improving performances (using simpler cryptographic algorithmss using shared secret keys)
Using this method you can specify a signing which will be used for
communication with the specified provider instead of the one configured
on the LassoServer object. The main objective is to allow shared secret
cryptography instead of public key cryptography.
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
The idea was to replace every use of an xmlSecKey* by a loop over a
GList* of xmlSecKey*.
- In the structure LassoProviderPrivate changed
xmlSecKey*public_key -> GList* signing_public_keys
xmlNode*signing_key_descriptor -> GList* signing_key_descriptors.
- Renamed lasso_provider_try_loading_public_key to
lasso_provider_try_loading_public_keys and chaned its signature
accordingly
- Renamed lasso_provider_get_public_key to
lasso_provider_get_public_keys and changed the signature accordingly.
- Changed lasso_provider_get_encryption_public_key to return the first
signing key from the list as a temporary work around. Multiple
encryption keys will be supported later.
- Changed lasso_provider_load_public_key to load keys from the passed
file on the LassoProvider constructor, from every key descriptors
found for signing and eventually from the key descriptor marked for
encryption.
- Every failure to load from a file or an XML KeyInfo descriptor are
noew reported as warning.
- Query signature checking was completely moved to
lasso_provider_verify_query_signature and
lasso_provider_verify_signature now calls it.
- lasso_provider_verify_signature is now using lasso_verify_signature
from the xml/tools.o module.
- lasso_provider_verify_single_signature was modified to support
multiple signing keys.
I'm not sure of the need outside lasso so I will let this method private
for the moment. It's an helper method for the
lasso_server_load_federation method which traverses an
EntitiesDescriptor node to find all the EntityDescriptor contained
inside.
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
* lasso/id-ff/provider.c:
there is now 2 methods to verify signatures, methods calling the old
one must now choose whether to call the liberty one of the SAML 2.0
one.
* (init_from_xml) fail initialization if we cannot load the metadatas,
and log a warning.
* extract _lasso_provider_load_metadata_from_buffer from
lasso_provider_load_metadata_from_buffer, which accept a length
parameter. use it inside lasso_provider_load_metadata, instead of
xmlParseFile.
* (lasso_provider_load_public_key) use lasso_xmlsec_load_key_info and
lasso_xmlsec_load_private_key to load the public keys.
* provider.c:
add annotation for nullable arguments (necessary for bindings of
new_from_buffer).
* server.c: add annotations, allow to set encryption_private_key from
buffers
Benjamin Dauvergne
Jakub Hrozek
John Dennis
Simo Sorce