Adds a new utility function lasso_allowed_signature_method() that checks
if the signature method is allowed. Previously, the code would only
check if the method was valid.
This new function is used whenever lasso_validate_signature_method was
previously used through lasso_ok_signature_method() which wraps both
validate and allowed.
lasso_allowed_signature_method() is also used on a couple of places,
notably lasso_query_verify_helper().
Related:
https://dev.entrouvert.org/issues/54037
Adds two new configure options:
--with-default-sign-algo
--min-hash-algo
--with-default-sign-algo sets the default signing algorithm and defaults
to rsa-sha1. At the moment, two algorithms are supported: rsa-sha1 and
rsa-sha256.
--min-hash-algo sets the minimum hash algorithm to be accepted. The
default is sha1 for backwards compatibility as well.
Related:
https://dev.entrouvert.org/issues/54037
As implemented lasso_server_add_provider2 could not be used as a publik
API as it dit not increase the reference count of the LassoProvider
object before adding it to the providers hashtable.
lasso_server_add_provider_helper had to be modified to decrement the
reference count of the new LassoProvider object after using
lasso_server_add_provider2.
Add lasso_server_get_filtered_provider_list() utility.
Iterate over the server providers and build a list of provider EntityID's who
have the specified role and at least one endpoint matching the
protocol_type and http_method. Return a GList list of EntityID's
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
Locate the provider in the server's list of providers, then select an
endpoint given the @endpoint_description and return that endpoint's URL.
If the provider cannot be found or if the provider does not have a
matching endpoint NULL will be returned.
Signed-off-by: John Dennis <jdennis@redhat.com>
License: MIT
Fix a mistake in the documentation markup that prevented the
doc from building, needed to reverse the order of two tags.
Remove the $(PYTHON) from TESTS_ENVIRONMENT, it was causing
python to be invoked passing /bin/sh to it as a script.
License: MIT
Signed-off-by: John Dennis <jdennis@redhat.com>
Instad of referring to an old FSF address, point the reader to the FSF
website where the latest licenses and addresses are published.
Signed-off-by: Simo Sorce <simo@redhat.com>
The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
The flags parameter allows to control the checking of digital signature
upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata
files.
The default behaviour is to check all found signatures and to inherit
signature from EntitiesDescriptor to their children.
By only enabling checking of EntityDescrtiptor node signatures it's also
possible to only check signature at the EntityDescriptor level and so
only trust individual entities and not the aggregating provider.
The aim of this function is now to load any metadata file, and to
replace completely the use of lasso_server_add_provider.
The metadata content argument is replaced by a metadata file path to
more closely match other APIs.
This method allows to load providers in bulk from what is called a
federation file, i.e a SAML metadata file containing declarations for
more than one provider. Those file are usually signed to bind some trust
to its content, so lasso_server_load_federation can take an optional
file path to a certificate chain file used to check the signature on the
given XML content. Only same document signature is accepted (i.e. there
must be only one XML signature reference and it should be to the empty
string meaning the « current » document).
We currently do not store the encryption private key, instead on reload
of a dump, we try to use the signing private key as the encryption
private key. But we forgot to use the stored private key password.
That's now fixed.
Next step would be to keep the encryption private key around also.
* server.c,serverprivate.h: add new private method
lasso_server_get_firs_providerID_by_role(server, role)w
* defederation.c: use new private method
lasso_server_get_first_providerID_by_role for find providerID
when the argument remote_providerID is null in
lasso_defederation_init_notification.
* lasso/id-ff/login.c (lasso_login_init_authn_request): use new private
method lasso_server_get_first_providerID_by_role.
* provider.h: add thre new provider role (authn,pdp,attribute) and
four new services (authn,assertionid,attribute,authz) and also
a ROLE_ANY value (-1) for catchall purpose and a ROLE_LAST for
array sizing.
* provider.h: add a LAST member to LassoMdProtocolType enum.
* providerprivate.h,provider.c:
- removes separate hashtable for descriptors depending on provider role,
use only one table named Descriptors.
- use the LAST members of enumerations to dimention static string arrays.
* provider.h: add a LAST member to the e
* lasso/id-ff/provider.c:
fix lasso_provider_get_base64_succinct_id, it returned a libxml
string, copy it with g_strdup before releasing it to stay with GLib
allocated string in return values.
* lasso/id-ff/server.c:
constructor for LassoProvider load public keys but they are not
called by LassoServer constructors, so we have to explicitely
duplicate calls to lasso_provider_load_public_keys.
* lasso/id-ff/server.c:
mark private_key as not mandatory as regression tests expect it to
not be mandatory.
test if loading of private key to encryption_private_key private
field worked, if not abort the constructor and return NULL.
* lasso/id-ff/server.h:
fix name of constructors argument to corresponds with comments
(binding generator use this correspondance to apply annotation from
comments to the model obtained by parsing the headers).
* provider.c:
add annotation for nullable arguments (necessary for bindings of
new_from_buffer).
* server.c: add annotations, allow to set encryption_private_key from
buffers
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* id-ff/login.c:
* id-ff/logout.c:
* id-ff/profile.c:
* id-ff/provider.c:
* id-ff/server.c:
fix leaks by using field setting macros which frees previous values,
it also reduce code length sometimes.
* lasso/utils.h:
change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to
goto_cleanup_. rename goto_cleanup_if_fail to
goto_cleanup_if_fail_with_rc and add a
goto_cleanup_if_fail for function which do not return an integer
value. add documentation for goto_cleanup macro family.
* lasso/id-ff/login.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
* lasso/saml-2.0/profile.c:
* lasso/utils.h:
* lasso/xml/lib_logout_request.c:
* lasso/xml/tools.c:
* lasso/xml/xml.c:
update name of goto_exit_if_fail macros. rename 'exit' labels to
'cleanup'.
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
use macros to release previous value when necessary,
release object used as parameters to constructors,
free the encryption key associated with a provider,
release the key manager created for a saml signature
verification.
Benjamin Dauvergne
Jakub Hrozek
John Dennis
Simo Sorce