In case VERIFY_HINT was set to IGNORE and the login signature was
incorrect, lasso_saml20_login_process_response_status_and_assertion
would have jumped straight to the cleanup label which just returns the
return code.
Related: https://dev.entrouvert.org/issues/54689
License: MIT
OpenSSL API is used to sign query-string values in the SAML 2.0 Redirect binding.
Other binding only need the libxmlsec API as signature are XML DSIG signatures.
The following functions where part of the experimental ID-WSF support
recently removed but where incorrectly included in the official ABI, so we
restore dummy versions of them (they do nothing or return NULL):
- lasso_get_prefix_for_dst_service_href
- lasso_get_prefix_for_idwsf2_dst_service_href
- lasso_register_dst_service
- lasso_register_idwsf2_dst_service
Lasso log using the GLib logging API and the Python binding install a
hook to delegate logging to a Python logger named "lasso".
During the logging call the error indicator can be set to signal an
exception. The indicator will still be set when we return from the Lasso
API call, and is not handled by the Python wrapping of the C functions.
If our function returns a non-NULL value, the Python interpreter will
raise because this situation is forbidden.
To prevent it, if we detect that an exception occurred during logging
calls, we print it to stderr, clear the error indicator and return
immediately.
The key encryption padding algorithm is now configurable, the default
being changed to OAEP. It's possible to set the default through
./configure with:
--with-default-key-encryption-method=[rsa-pkcs1|rsa-oaep]
at initialization time with an environment variable:
LASSO_DEFAULT_KEY_ENCRYPTION_METHOD=[rsa-pkcs1|rsa-oaep]
or at runtime for a service provider:
lasso_provider_set_key_encryption_method(LassoProvider *provider,
LassoKeyEncryptionMethod key_encryption_method)
The setting is global for all encrypted nodes (Assertion or NameID).
Adds a new utility function lasso_allowed_signature_method() that checks
if the signature method is allowed. Previously, the code would only
check if the method was valid.
This new function is used whenever lasso_validate_signature_method was
previously used through lasso_ok_signature_method() which wraps both
validate and allowed.
lasso_allowed_signature_method() is also used on a couple of places,
notably lasso_query_verify_helper().
Related:
https://dev.entrouvert.org/issues/54037
Adds two new configure options:
--with-default-sign-algo
--min-hash-algo
--with-default-sign-algo sets the default signing algorithm and defaults
to rsa-sha1. At the moment, two algorithms are supported: rsa-sha1 and
rsa-sha256.
--min-hash-algo sets the minimum hash algorithm to be accepted. The
default is sha1 for backwards compatibility as well.
Related:
https://dev.entrouvert.org/issues/54037
These tests use a hardcoded query and private key which makes it
unsuitable to make the tests use the configured default digest. Let's
just convert them to SHA256 unconditionally.
The switch clause was using SHA1 digests for all digest types when
signing. This obviously breaks verifying the signatures if HMAC-SHAXXX
is used and XXX is something else than 1.