Merge branch 'multi-certificates'
This commit is contained in:
commit
8036813115
|
@ -97,15 +97,15 @@ void _lasso_provider_add_metadata_value_for_role(LassoProvider *provider,
|
|||
typedef int LassoProviderRoleIndex;
|
||||
|
||||
static int
|
||||
lasso_provider_try_loading_public_key(LassoProvider *provider, xmlSecKeyPtr *public_key, gboolean mandatory) {
|
||||
if (provider->public_key || provider->private_data->signing_key_descriptor) {
|
||||
*public_key = lasso_provider_get_public_key(provider);
|
||||
if (*public_key == NULL)
|
||||
lasso_provider_try_loading_public_keys(LassoProvider *provider, GList **public_keys, gboolean mandatory) {
|
||||
if (provider->public_key || provider->private_data->signing_key_descriptors) {
|
||||
*public_keys = lasso_provider_get_public_keys(provider);
|
||||
if (*public_keys == NULL)
|
||||
return LASSO_DS_ERROR_PUBLIC_KEY_LOAD_FAILED;
|
||||
} else {
|
||||
*public_key = NULL;
|
||||
*public_keys = NULL;
|
||||
}
|
||||
if (*public_key == NULL && mandatory)
|
||||
if (*public_keys == NULL && mandatory)
|
||||
return LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY;
|
||||
return 0;
|
||||
}
|
||||
|
@ -521,18 +521,18 @@ static struct XmlSnippet schema_snippets[] = {
|
|||
static LassoNodeClass *parent_class = NULL;
|
||||
|
||||
/**
|
||||
* lasso_provider_get_public_key:
|
||||
* lasso_provider_get_public_keys:
|
||||
* @provider: a #LassoProvider object
|
||||
*
|
||||
* Return the public key associated with this provider.
|
||||
* Return the public keys associated with this provider.
|
||||
*
|
||||
* Return value: an #xmlSecKey object.
|
||||
*/
|
||||
xmlSecKey*
|
||||
lasso_provider_get_public_key(const LassoProvider *provider)
|
||||
GList*
|
||||
lasso_provider_get_public_keys(const LassoProvider *provider)
|
||||
{
|
||||
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
||||
return provider->private_data->public_key;
|
||||
return provider->private_data->signing_public_keys;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -548,11 +548,16 @@ xmlSecKey*
|
|||
lasso_provider_get_encryption_public_key(const LassoProvider *provider)
|
||||
{
|
||||
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
|
||||
GList *public_keys;
|
||||
|
||||
if (provider->private_data->encryption_public_key) {
|
||||
return provider->private_data->encryption_public_key;
|
||||
}
|
||||
return lasso_provider_get_public_key(provider);
|
||||
public_keys = lasso_provider_get_public_keys(provider);
|
||||
if (! public_keys) {
|
||||
return NULL;
|
||||
}
|
||||
return (xmlSecKey*)public_keys->data;
|
||||
}
|
||||
|
||||
static void
|
||||
|
@ -647,7 +652,8 @@ _lasso_provider_load_key_descriptor(LassoProvider *provider, xmlNode *key_descri
|
|||
private_data = provider->private_data;
|
||||
use = xmlGetProp(key_descriptor, (xmlChar*)"use");
|
||||
if (use == NULL || lasso_strisequal((char *)use,"signing")) {
|
||||
lasso_assign_xml_node(private_data->signing_key_descriptor, key_descriptor);
|
||||
lasso_list_add_xml_node(private_data->signing_key_descriptors,
|
||||
key_descriptor);
|
||||
}
|
||||
if (use == NULL || strcmp((char*)use, "encryption") == 0) {
|
||||
lasso_assign_xml_node(private_data->encryption_key_descriptor, key_descriptor);
|
||||
|
@ -835,14 +841,12 @@ dispose(GObject *object)
|
|||
provider->private_data->default_assertion_consumer = NULL;
|
||||
}
|
||||
|
||||
if (provider->private_data->public_key) {
|
||||
xmlSecKeyDestroy(provider->private_data->public_key);
|
||||
provider->private_data->public_key = NULL;
|
||||
if (provider->private_data->signing_public_keys) {
|
||||
lasso_release_list_of_sec_key(provider->private_data->signing_public_keys);
|
||||
}
|
||||
|
||||
if (provider->private_data->signing_key_descriptor) {
|
||||
xmlFreeNode(provider->private_data->signing_key_descriptor);
|
||||
provider->private_data->signing_key_descriptor = NULL;
|
||||
if (provider->private_data->signing_key_descriptors) {
|
||||
lasso_release_list_of_xml_node(provider->private_data->signing_key_descriptors);
|
||||
}
|
||||
|
||||
if (provider->private_data->encryption_key_descriptor) {
|
||||
|
@ -898,8 +902,8 @@ instance_init(LassoProvider *provider)
|
|||
provider->private_data->affiliation_id = NULL;
|
||||
provider->private_data->affiliation_owner_id = NULL;
|
||||
provider->private_data->organization = NULL;
|
||||
provider->private_data->public_key = NULL;
|
||||
provider->private_data->signing_key_descriptor = NULL;
|
||||
provider->private_data->signing_public_keys = NULL;
|
||||
provider->private_data->signing_key_descriptors = NULL;
|
||||
provider->private_data->encryption_key_descriptor = NULL;
|
||||
provider->private_data->encryption_public_key_str = NULL;
|
||||
provider->private_data->encryption_public_key = NULL;
|
||||
|
@ -1230,44 +1234,72 @@ gboolean
|
|||
lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType public_key_type)
|
||||
{
|
||||
gchar *public_key = NULL;
|
||||
GList *keys_descriptors = NULL;
|
||||
xmlNode *key_descriptor = NULL;
|
||||
xmlSecKey *pub_key = NULL;
|
||||
GList *keys = NULL;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), FALSE);
|
||||
if (public_key_type == LASSO_PUBLIC_KEY_SIGNING) {
|
||||
public_key = provider->public_key;
|
||||
key_descriptor = provider->private_data->signing_key_descriptor;
|
||||
keys_descriptors = provider->private_data->signing_key_descriptors;
|
||||
} else {
|
||||
key_descriptor = provider->private_data->encryption_key_descriptor;
|
||||
}
|
||||
|
||||
if (public_key == NULL && key_descriptor == NULL) {
|
||||
if (public_key == NULL && keys_descriptors == NULL && key_descriptor == NULL) {
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
if (public_key == NULL) {
|
||||
pub_key = lasso_xmlsec_load_key_info(key_descriptor);
|
||||
if (! pub_key) {
|
||||
if (public_key != NULL) {
|
||||
xmlSecKey *key = lasso_xmlsec_load_private_key(public_key, NULL);
|
||||
if (key) {
|
||||
lasso_list_add_new_sec_key(keys, key);
|
||||
} else {
|
||||
message(G_LOG_LEVEL_WARNING, "Could not read public key from file %s", public_key);
|
||||
}
|
||||
}
|
||||
if (key_descriptor) {
|
||||
xmlSecKey *key = lasso_xmlsec_load_key_info(key_descriptor);
|
||||
if (key) {
|
||||
lasso_list_add_new_sec_key(keys, key);
|
||||
} else {
|
||||
message(G_LOG_LEVEL_WARNING, "Could not read KeyInfo from %s KeyDescriptor", public_key_type == LASSO_PUBLIC_KEY_SIGNING ? "signing" : "encryption");
|
||||
}
|
||||
} else {
|
||||
pub_key = lasso_xmlsec_load_private_key(public_key, NULL);
|
||||
}
|
||||
|
||||
if (pub_key) {
|
||||
if (keys_descriptors) {
|
||||
lasso_foreach_full_begin(xmlNode*, key_descriptor, it, keys_descriptors);
|
||||
{
|
||||
xmlSecKey *key = lasso_xmlsec_load_key_info(key_descriptor);
|
||||
if (key) {
|
||||
lasso_list_add_new_sec_key(keys, key);
|
||||
} else {
|
||||
message(G_LOG_LEVEL_WARNING, "Could not read KeyInfo from %s "
|
||||
"KeyDescriptor",
|
||||
public_key_type == LASSO_PUBLIC_KEY_SIGNING ? "signing" :
|
||||
"encryption");
|
||||
}
|
||||
}
|
||||
lasso_foreach_full_end();
|
||||
}
|
||||
|
||||
if (keys) {
|
||||
switch (public_key_type) {
|
||||
case LASSO_PUBLIC_KEY_SIGNING:
|
||||
lasso_assign_new_sec_key(provider->private_data->public_key, pub_key);
|
||||
lasso_transfer_full(provider->private_data->signing_public_keys, keys,
|
||||
list_of_sec_key);
|
||||
break;
|
||||
case LASSO_PUBLIC_KEY_ENCRYPTION:
|
||||
lasso_assign_new_sec_key(provider->private_data->encryption_public_key, pub_key);
|
||||
lasso_assign_new_sec_key(provider->private_data->encryption_public_key,
|
||||
(xmlSecKey*)keys->data);
|
||||
break;
|
||||
default:
|
||||
xmlSecKeyDestroy(pub_key);
|
||||
lasso_release_list_of_sec_key(keys);
|
||||
}
|
||||
return TRUE;
|
||||
} else {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return (pub_key != NULL);
|
||||
}
|
||||
|
||||
|
||||
|
@ -1297,9 +1329,10 @@ lasso_provider_verify_saml_signature(LassoProvider *provider,
|
|||
{
|
||||
const char *id_attribute_name = NULL;
|
||||
const xmlChar *node_ns = NULL;
|
||||
xmlSecKey *public_key = NULL;
|
||||
GList *public_keys = NULL;
|
||||
xmlSecKeysMngr *keys_manager = NULL;
|
||||
int rc = 0;
|
||||
int signature_rc = 0;
|
||||
|
||||
lasso_bad_param(PROVIDER, provider);
|
||||
lasso_null_param(signed_node);
|
||||
|
@ -1320,9 +1353,17 @@ lasso_provider_verify_saml_signature(LassoProvider *provider,
|
|||
goto_cleanup_if_fail_with_rc(id_attribute_name, LASSO_PARAM_ERROR_INVALID_VALUE);
|
||||
/* Get provider credentials */
|
||||
lasso_check_good_rc(lasso_provider_try_loading_ca_cert_chain(provider, &keys_manager));
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_key(provider, &public_key, keys_manager == NULL));
|
||||
rc = lasso_verify_signature(signed_node, doc, id_attribute_name, keys_manager, public_key,
|
||||
NO_OPTION, NULL);
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_keys(provider, &public_keys, keys_manager == NULL));
|
||||
lasso_foreach_full_begin(xmlSecKey*, public_key, it, public_keys);
|
||||
{
|
||||
signature_rc = lasso_verify_signature(signed_node, doc, id_attribute_name, keys_manager, public_key,
|
||||
NO_OPTION, NULL);
|
||||
if (signature_rc == 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
lasso_foreach_full_end();
|
||||
rc = signature_rc;
|
||||
cleanup:
|
||||
lasso_release_key_manager(keys_manager);
|
||||
return rc;
|
||||
|
@ -1336,45 +1377,35 @@ lasso_provider_verify_signature(LassoProvider *provider,
|
|||
* reflection about code reuse is under way...
|
||||
*/
|
||||
xmlDoc *doc = NULL;
|
||||
xmlNode *xmlnode = NULL, *sign = NULL, *x509data = NULL;
|
||||
xmlNode *xmlnode = NULL;
|
||||
xmlSecKeysMngr *keys_mngr = NULL;
|
||||
xmlSecDSigCtx *dsigCtx = NULL;
|
||||
int rc = 0;
|
||||
int signature_rc = 0;
|
||||
xmlXPathContext *xpathCtx = NULL;
|
||||
xmlXPathObject *xpathObj = NULL;
|
||||
xmlSecKey *public_key = NULL;
|
||||
GList *public_keys = NULL;
|
||||
|
||||
g_return_val_if_fail(LASSO_IS_PROVIDER(provider), LASSO_PARAM_ERROR_BAD_TYPE_OR_NULL_OBJ);
|
||||
|
||||
if (lasso_flag_verify_signature == FALSE)
|
||||
return 0;
|
||||
|
||||
|
||||
if (message == NULL)
|
||||
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
||||
|
||||
if (format == LASSO_MESSAGE_FORMAT_ERROR)
|
||||
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
||||
|
||||
if (format == LASSO_MESSAGE_FORMAT_UNKNOWN)
|
||||
return LASSO_PROFILE_ERROR_INVALID_MSG;
|
||||
|
||||
if (format == LASSO_MESSAGE_FORMAT_QUERY) {
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_key(provider, &public_key, TRUE));
|
||||
|
||||
switch (lasso_provider_get_protocol_conformance(provider)) {
|
||||
case LASSO_PROTOCOL_LIBERTY_1_0:
|
||||
case LASSO_PROTOCOL_LIBERTY_1_1:
|
||||
case LASSO_PROTOCOL_LIBERTY_1_2:
|
||||
return lasso_query_verify_signature(message, public_key);
|
||||
case LASSO_PROTOCOL_SAML_2_0:
|
||||
return lasso_saml2_query_verify_signature(message, public_key);
|
||||
default:
|
||||
return LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE;
|
||||
}
|
||||
return lasso_provider_verify_query_signature(provider, message);
|
||||
}
|
||||
lasso_check_good_rc(lasso_provider_try_loading_ca_cert_chain(provider, &keys_mngr));
|
||||
/* public key is mandatory if no keys manager is present */
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_key(provider, &public_key, keys_mngr == NULL));
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_keys(provider, &public_keys,
|
||||
keys_mngr == NULL));
|
||||
|
||||
if (format == LASSO_MESSAGE_FORMAT_BASE64) {
|
||||
int len;
|
||||
|
@ -1402,64 +1433,20 @@ lasso_provider_verify_signature(LassoProvider *provider,
|
|||
}
|
||||
|
||||
|
||||
sign = NULL;
|
||||
for (sign = xmlnode->children; sign; sign = sign->next) {
|
||||
if (strcmp((char*)sign->name, "Signature") == 0)
|
||||
lasso_foreach_full_begin(xmlSecKeyPtr, public_key, it, public_keys);
|
||||
{
|
||||
signature_rc = lasso_verify_signature(xmlnode, doc, id_attr_name,
|
||||
keys_mngr, public_key, NO_OPTION, NULL);
|
||||
if (signature_rc == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
/* If no signature was found, look for one in assertion */
|
||||
if (sign == NULL) {
|
||||
for (sign = xmlnode->children; sign; sign = sign->next) {
|
||||
if (strcmp((char*)sign->name, "Assertion") == 0)
|
||||
break;
|
||||
}
|
||||
if (sign != NULL) {
|
||||
xmlnode = sign;
|
||||
for (sign = xmlnode->children; sign; sign = sign->next) {
|
||||
if (strcmp((char*)sign->name, "Signature") == 0)
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
goto_cleanup_if_fail_with_rc (sign != NULL, LASSO_DS_ERROR_SIGNATURE_NOT_FOUND);
|
||||
|
||||
if (id_attr_name) {
|
||||
xmlChar *id_value = xmlGetProp(xmlnode, (xmlChar*)id_attr_name);
|
||||
xmlAttr *id_attr = xmlHasProp(xmlnode, (xmlChar*)id_attr_name);
|
||||
if (id_value != NULL) {
|
||||
xmlAddID(NULL, doc, id_value, id_attr);
|
||||
xmlFree(id_value);
|
||||
}
|
||||
}
|
||||
|
||||
x509data = xmlSecFindNode(xmlnode, xmlSecNodeX509Data, xmlSecDSigNs);
|
||||
if (x509data == NULL) { /* no need for a keys mngr if there is no X509 data */
|
||||
lasso_release_key_manager(keys_mngr);
|
||||
}
|
||||
|
||||
dsigCtx = xmlSecDSigCtxCreate(keys_mngr);
|
||||
if (public_key) {
|
||||
dsigCtx->signKey = xmlSecKeyDuplicate(public_key);
|
||||
}
|
||||
|
||||
goto_cleanup_if_fail_with_rc (xmlSecDSigCtxVerify(dsigCtx, sign) >= 0,
|
||||
LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED);
|
||||
|
||||
if (dsigCtx->status != xmlSecDSigStatusSucceeded) {
|
||||
rc = LASSO_DS_ERROR_INVALID_SIGNATURE;
|
||||
goto cleanup;
|
||||
}
|
||||
lasso_foreach_full_end();
|
||||
rc = signature_rc;
|
||||
|
||||
cleanup:
|
||||
lasso_release_key_manager(keys_mngr);
|
||||
lasso_release_signature_context(dsigCtx);
|
||||
if (xpathCtx)
|
||||
xmlXPathFreeContext(xpathCtx);
|
||||
if (xpathObj)
|
||||
xmlXPathFreeObject(xpathObj);
|
||||
lasso_release_doc(doc);
|
||||
lasso_release_xpath_job(xpathObj, xpathCtx, doc);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
@ -1543,23 +1530,38 @@ lasso_provider_get_encryption_sym_key_type(const LassoProvider *provider)
|
|||
int
|
||||
lasso_provider_verify_query_signature(LassoProvider *provider, const char *message)
|
||||
{
|
||||
xmlSecKey *provider_public_key;
|
||||
int (*check)(const char *, const xmlSecKey *) = NULL;
|
||||
int rc = 0;
|
||||
int signature_rc = 0;
|
||||
GList *public_keys = NULL;
|
||||
|
||||
lasso_bad_param(PROVIDER, provider);
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_key(provider, &provider_public_key, TRUE));
|
||||
g_return_val_if_fail(provider_public_key, LASSO_PROVIDER_ERROR_MISSING_PUBLIC_KEY);
|
||||
lasso_null_param(message);
|
||||
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_keys(provider, &public_keys, TRUE));
|
||||
|
||||
switch (lasso_provider_get_protocol_conformance(provider)) {
|
||||
case LASSO_PROTOCOL_LIBERTY_1_0:
|
||||
case LASSO_PROTOCOL_LIBERTY_1_1:
|
||||
case LASSO_PROTOCOL_LIBERTY_1_2:
|
||||
return lasso_query_verify_signature(message, provider_public_key);
|
||||
check = lasso_query_verify_signature;
|
||||
break;
|
||||
case LASSO_PROTOCOL_SAML_2_0:
|
||||
return lasso_saml2_query_verify_signature(message, provider_public_key);
|
||||
check = lasso_saml2_query_verify_signature;
|
||||
break;
|
||||
default:
|
||||
return LASSO_ERROR_UNIMPLEMENTED;
|
||||
return LASSO_PROFILE_ERROR_CANNOT_VERIFY_SIGNATURE;
|
||||
}
|
||||
/* Check with all known signing keys... */
|
||||
lasso_foreach_full_begin(xmlSecKeyPtr, public_key, it, public_keys);
|
||||
{
|
||||
signature_rc = check(message, public_key);
|
||||
if (signature_rc == 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
lasso_foreach_full_end();
|
||||
rc = signature_rc;
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
@ -1624,7 +1626,7 @@ int
|
|||
lasso_provider_verify_single_node_signature (LassoProvider *provider, LassoNode *node, const char *id_attr_name)
|
||||
{
|
||||
xmlNode *xmlnode = NULL;
|
||||
xmlSecKey *public_key = NULL;
|
||||
GList *public_keys = NULL;
|
||||
xmlSecKeysMngr *keys_mngr = NULL;
|
||||
int rc = 0;
|
||||
|
||||
|
@ -1633,10 +1635,17 @@ lasso_provider_verify_single_node_signature (LassoProvider *provider, LassoNode
|
|||
return LASSO_DS_ERROR_SIGNATURE_VERIFICATION_FAILED;
|
||||
}
|
||||
lasso_check_good_rc(lasso_provider_try_loading_ca_cert_chain(provider, &keys_mngr));
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_key(provider, &public_key,
|
||||
lasso_check_good_rc(lasso_provider_try_loading_public_keys(provider, &public_keys,
|
||||
keys_mngr == NULL));
|
||||
rc = lasso_verify_signature(xmlnode, NULL, id_attr_name, keys_mngr, public_key,
|
||||
NO_SINGLE_REFERENCE, NULL);
|
||||
|
||||
lasso_foreach_full_begin(xmlSecKey*, public_key, it, public_keys);
|
||||
{
|
||||
rc = lasso_verify_signature(xmlnode, NULL, id_attr_name, keys_mngr, public_key,
|
||||
NO_SINGLE_REFERENCE, NULL);
|
||||
if (rc == 0)
|
||||
break;
|
||||
}
|
||||
lasso_foreach_full_end();
|
||||
cleanup:
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -68,11 +68,11 @@ struct _LassoProviderPrivate
|
|||
char *affiliation_owner_id;
|
||||
char *affiliation_id;
|
||||
|
||||
xmlSecKey *public_key;
|
||||
xmlNode *signing_key_descriptor;
|
||||
GList *signing_public_keys;
|
||||
GList *signing_key_descriptors;
|
||||
xmlNode *encryption_key_descriptor;
|
||||
char *encryption_public_key_str;
|
||||
xmlSecKey *encryption_public_key;
|
||||
GList *encryption_public_keys;
|
||||
LassoEncryptionMode encryption_mode;
|
||||
LassoEncryptionSymKeyType encryption_sym_key_type;
|
||||
char *valid_until;
|
||||
|
@ -86,7 +86,7 @@ int lasso_provider_verify_signature(LassoProvider *provider,
|
|||
const char *message, const char *id_attr_name, LassoMessageFormat format);
|
||||
gboolean lasso_provider_load_public_key(LassoProvider *provider,
|
||||
LassoPublicKeyType public_key_type);
|
||||
xmlSecKey* lasso_provider_get_public_key(const LassoProvider *provider);
|
||||
GList* lasso_provider_get_public_keys(const LassoProvider *provider);
|
||||
xmlSecKey* lasso_provider_get_encryption_public_key(const LassoProvider *provider);
|
||||
LassoEncryptionSymKeyType lasso_provider_get_encryption_sym_key_type(const LassoProvider* provider);
|
||||
int lasso_provider_verify_saml_signature(LassoProvider *provider, xmlNode *signed_node, xmlDoc *doc);
|
||||
|
|
|
@ -144,6 +144,9 @@
|
|||
#define lasso_release_list_of_xml_node_list(dest) \
|
||||
lasso_release_list_of_full(dest, xmlFreeNodeList)
|
||||
|
||||
#define lasso_release_list_of_sec_key(dest) \
|
||||
lasso_release_list_of_full(dest, xmlSecKeyDestroy)
|
||||
|
||||
#define lasso_release_xml_node(node) \
|
||||
lasso_release_full2(node, xmlFreeNode, xmlNodePtr)
|
||||
|
||||
|
@ -426,6 +429,12 @@
|
|||
} \
|
||||
}
|
||||
|
||||
#define lasso_list_add_new_sec_key(dest, src) \
|
||||
{ \
|
||||
xmlSecKey *__tmp_src = (src); \
|
||||
lasso_list_add_non_null(dest, __tmp_src); \
|
||||
}
|
||||
|
||||
/* List element removal */
|
||||
#define lasso_list_remove_gobject(list, gobject) \
|
||||
do { void *__tmp = gobject; GList **__tmp_list = &(list); \
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIICHjCCAYegAwIBAgIJAIqpRTWoklygMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MTg0MzIwWhcNMTEwMjE4MTg0MzIwWjAV
|
||||
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
||||
gQC3vSEy6WMnyN20hiRAsZ8kAJAS+wgztD3WoyULdTz3S8JlqGRW2cCuoS77o539
|
||||
aA2C2lUehNrw/0h9uyrT2GroAjlw8wb6pQrpydteL8A59RtvhfdqwOfScV6Y9dUw
|
||||
KGvoGtC9sbB3mBtkb7MaWmhFucNe02KV5Tas1Xl6hexjEwIDAQABo3YwdDAdBgNV
|
||||
HQ4EFgQUBe+8IQnCGoU6FG+E2CTD44Mnji0wRQYDVR0jBD4wPIAUBe+8IQnCGoU6
|
||||
FG+E2CTD44Mnji2hGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCKqUU1qJJc
|
||||
oDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABdOD1MRL9hnkc9ilB5V
|
||||
Z2SDYAqH7L6ed1VwQBzNzIyX3Uy9tldn5jGOEeRTax9I/YTEpcwetlUVE+MiJTa+
|
||||
V/XlfPC4BcbRE+EdLAT+pmSFAOo/5XoFIgNBTXS1sj0QJ8mZLgGVWmP8rjtvTVIw
|
||||
995pG1L9No/KM70CaHDKyXq9
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||
LlTxKnCrWAXftSm1rNtewTsF
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,85 @@
|
|||
<?xml version="1.0"?>
|
||||
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
|
||||
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
|
||||
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
|
||||
entityID="http://idp5/metadata">
|
||||
<IDPSSODescriptor
|
||||
WantAuthnRequestsSigned="true"
|
||||
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
|
||||
<KeyDescriptor> <!-- private-key-1.pem -->
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data><ds:X509Certificate>
|
||||
MIICHjCCAYegAwIBAgIJAIqpRTWoklygMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
BAoTCkVudHJvdXZlcnQwHhcNMTEwMTE5MTg0MzIwWhcNMTEwMjE4MTg0MzIwWjAV
|
||||
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
|
||||
gQC3vSEy6WMnyN20hiRAsZ8kAJAS+wgztD3WoyULdTz3S8JlqGRW2cCuoS77o539
|
||||
aA2C2lUehNrw/0h9uyrT2GroAjlw8wb6pQrpydteL8A59RtvhfdqwOfScV6Y9dUw
|
||||
KGvoGtC9sbB3mBtkb7MaWmhFucNe02KV5Tas1Xl6hexjEwIDAQABo3YwdDAdBgNV
|
||||
HQ4EFgQUBe+8IQnCGoU6FG+E2CTD44Mnji0wRQYDVR0jBD4wPIAUBe+8IQnCGoU6
|
||||
FG+E2CTD44Mnji2hGaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQCKqUU1qJJc
|
||||
oDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBABdOD1MRL9hnkc9ilB5V
|
||||
Z2SDYAqH7L6ed1VwQBzNzIyX3Uy9tldn5jGOEeRTax9I/YTEpcwetlUVE+MiJTa+
|
||||
V/XlfPC4BcbRE+EdLAT+pmSFAOo/5XoFIgNBTXS1sj0QJ8mZLgGVWmP8rjtvTVIw
|
||||
995pG1L9No/KM70CaHDKyXq9
|
||||
</ds:X509Certificate></ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
<KeyDescriptor> <!-- private-key-2.pem -->
|
||||
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
|
||||
<ds:X509Data><ds:X509Certificate>
|
||||
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP
|
||||
MA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJpczETMBEGA1UEChMKRW50cm91
|
||||
dmVydDEPMA0GA1UEAxMGRGFtaWVuMB4XDTA2MTAyNzA5MDc1NFoXDTExMTAyNjA5
|
||||
MDc1NFowVDELMAkGA1UEBhMCRlIxDzANBgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMF
|
||||
UGFyaXMxEzARBgNVBAoTCkVudHJvdXZlcnQxDzANBgNVBAMTBkRhbWllbjCCASIw
|
||||
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM06Hx6VgHYR9wUf/tZVVTRkVWNq
|
||||
h9x+PvHA2qH4OYMuqGs4Af6lU2YsZvnrmRdcFWv0+UkdAgXhReCWAZgtB1pd/W9m
|
||||
6qDRldCCyysow6xPPKRz/pOTwRXm/fM0QGPeXzwzj34BXOIOuFu+n764vKn18d+u
|
||||
uVAEzk1576pxTp4pQPzJfdNLrLeQ8vyCshoFU+MYJtp1UA+h2JoO0Y8oGvywbUxH
|
||||
ioHN5PvnzObfAM4XaDQohmfxM9Uc7Wp4xKAc1nUq5hwBrHpjFMRSz6UCfMoJSGIi
|
||||
+3xJMkNCjL0XEw5NKVc5jRKkzSkN5j8KTM/k1jPPsDHPRYzbWWhnNtd6JlkCAwEA
|
||||
AaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
|
||||
ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFP2WWMDShux3iF74+SoO1xf6qhqaMB8G
|
||||
A1UdIwQYMBaAFGjl6TRXbQDHzSlZu+e8VeBaZMB5MA0GCSqGSIb3DQEBBQUAA4IB
|
||||
AQAZ/imK7UMognXbs5RfSB8cMW6iNAI+JZqe9XWjvtmLfIIPbHM96o953SiFvrvQ
|
||||
BZjGmmPMK3UH29cjzDx1R/RQaYTyMrHyTePLh3BMd5mpJ/9eeJCSxPzE2ECqWRUa
|
||||
pkjukecFXqmRItwgTxSIUE9QkpzvuQRb268PwmgroE0mwtiREADnvTFkLkdiEMew
|
||||
fiYxZfJJLPBqwlkw/7f1SyzXoPXnz5QbNwDmrHelga6rKSprYKb3pueqaIe8j/AP
|
||||
NC1/bzp8cGOcJ88BD5+Ny6qgPVCrMLE5twQumJ12V3SvjGNtzFBvg2c/9S5OmVqR
|
||||
LlTxKnCrWAXftSm1rNtewTsF
|
||||
</ds:X509Certificate></ds:X509Data>
|
||||
</ds:KeyInfo>
|
||||
</KeyDescriptor>
|
||||
|
||||
<ArtifactResolutionService isDefault="true" index="0"
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/artifact" />
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/singleLogoutSOAP" />
|
||||
<SingleLogoutService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://idp5/singleLogout"
|
||||
ResponseLocation="http://idp5/singleLogoutReturn" />
|
||||
<ManageNameIDService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/manageNameIdSOAP" />
|
||||
<ManageNameIDService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://idp5/manageNameId"
|
||||
ResponseLocation="http://idp5/manageNameIdReturn" />
|
||||
<SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
|
||||
Location="http://idp5/singleSignOn" />
|
||||
<SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
|
||||
Location="http://idp5/singleSignOnSOAP" />
|
||||
<SingleSignOnService
|
||||
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
|
||||
Location="http://idp5/singleSignOnArtifact" />
|
||||
</IDPSSODescriptor>
|
||||
<Organization>
|
||||
<OrganizationName xml:lang="en">Entr'ouvert</OrganizationName>
|
||||
</Organization>
|
||||
|
||||
</EntityDescriptor>
|
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXQIBAAKBgQC3vSEy6WMnyN20hiRAsZ8kAJAS+wgztD3WoyULdTz3S8JlqGRW
|
||||
2cCuoS77o539aA2C2lUehNrw/0h9uyrT2GroAjlw8wb6pQrpydteL8A59Rtvhfdq
|
||||
wOfScV6Y9dUwKGvoGtC9sbB3mBtkb7MaWmhFucNe02KV5Tas1Xl6hexjEwIDAQAB
|
||||
AoGBAJQa7NbYD+gy3ps0gaZwRsJDfd7+4NaklDAeY67/urvwImvFN9RWRB2/qVqH
|
||||
wcNRC4sNqQ0ntEAM1wcaRuRqj4jDdB8KG2ecE1ASNP1LaaL3AbDY9zADLRGW93W7
|
||||
FKBksd7PyQoTknzpPoZl2u+dmxKZ7lJrQHilqLcE0VgCLZchAkEA7tr+S+vkPQe6
|
||||
Bw50vUB8CygB5qN/y96afMm/7guMMVzGvZqfqOPIdLNaJBqTcMWYQKZBLDPrccRE
|
||||
uPVJ1zt8AwJBAMTtW+tFvlKtBN3NVf7xArWilAEhNtHUUhl0V5w/iWSSnpJyDG5D
|
||||
M1kuMLjn0yR94YJu14/+ozXcsho8qzYNN7ECQQDWfcoGm5qmQ54GYDDtEk9SJWcv
|
||||
mntUtF2+2d2FAtGuMkY2VfgyTfrg8X5tFYB5sLd8ts+nxigUTc/42CyrHzvJAkBh
|
||||
pdULf8TVGCgul7AJv5Z5XImJWd/mAiNHrfH3b2YAcdehhF33mujuUsIkHggLs0PM
|
||||
Oow3QavKfInwCp9XKQyxAkBTHNG2wBF81ZITfrxJ2XekJYH81P6nPw/UrKerB6qa
|
||||
BLSQBiELJrHLC8w4hkL4MFDUSS2NJd3kjwXfCQs/HSca
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAzTofHpWAdhH3BR/+1lVVNGRVY2qH3H4+8cDaofg5gy6oazgB
|
||||
/qVTZixm+euZF1wVa/T5SR0CBeFF4JYBmC0HWl39b2bqoNGV0ILLKyjDrE88pHP+
|
||||
k5PBFeb98zRAY95fPDOPfgFc4g64W76fvri8qfXx3665UATOTXnvqnFOnilA/Ml9
|
||||
00ust5Dy/IKyGgVT4xgm2nVQD6HYmg7Rjyga/LBtTEeKgc3k++fM5t8AzhdoNCiG
|
||||
Z/Ez1RztanjEoBzWdSrmHAGsemMUxFLPpQJ8yglIYiL7fEkyQ0KMvRcTDk0pVzmN
|
||||
EqTNKQ3mPwpMz+TWM8+wMc9FjNtZaGc213omWQIDAQABAoIBAEPj5keHzWdBqiXX
|
||||
38WnlPgv+M9afndCjDANTEYoh14OIUjWzlIe/ufd6HLkrVA89hkwgQbewbyQOT2C
|
||||
YiSlQLl0PlKMCTIKIzVHD07HvXNTAwykEqNfTZChSYEa1/Ixre+MXvugF8nwdKxk
|
||||
8xN0qXTQF6OXeVYvQNAAdng743YON4ubqKlEezIwnfG/jcoZrGkiTpx+k1JXJsZN
|
||||
4dHKFP12RRhUTGjaOkBo41w8GNKQLFpy1vqAOYMyi1SJcrwpAu3H0iQug9SylQaM
|
||||
bFjt8j/m13gu3zXIJbi8xbyg3nqpxl9dxcZG/cDA9z2tLu/h3G3nPq7CXvkZxmjl
|
||||
ePvOCwECgYEA9zbwYMtd8tT3PHtrCtjwkfxV0dvMmfNw/rRT4ShWtKLmgX+K9nz/
|
||||
T4qpbehz4z7OvsLjQ6Bt6wjMNMw9SEBeEMyDVTpmzSD2PowARegmeLX4CsilqHHl
|
||||
/AMYUtywEQ2f65/CWPiMIt8mLnEyJ/dsyVLpuzGUNNt34Yaqpu2qXnUCgYEA1IUy
|
||||
PObmTh3I8ZyESyGhbu2TYs0A8Zy6eTIAv0ijOIpmUykzjE5pR9sB3nYEd4GTHPEv
|
||||
hF6SWfNIDDr83TqThJYzkFyXMCxiVLH55U42wlsvwp4jTnOI3K/7Y7U/lEmBlgcl
|
||||
JbIIv1t9okg3+Kuu4i7iB6JR89cSO/Wfcdu/c9UCgYAHE5eF7cxeqyH4pT/HK7aX
|
||||
NzXtr/EHZySQ5fCQvWrd+NvIUTJVI/ba/AklkEXg92dLpqCCyxDabYIK8N3AN7d5
|
||||
m6EWy3kt3geueqt3VNHlGrBi/qNfUwNWV3BWzuJrWox9XjFeAp9gUCrzoWHiKv7+
|
||||
NFVkemLXsICaABTaemsqEQKBgQDJJ4n1u1gieG7Kwqs1sg9rP9RRoFlUWFTogjvS
|
||||
0p4r1lQkQstX8qAUM2gBeROhSjRFIMUpNZqxKWT4rpzJibg3tzP3YKx6HIi2Qf+W
|
||||
3AFY1ZbPT397sj/JI4l/Rv93DFxr9TdkBq/g8GhqQpE3/sj5rgaj0zBe7SOFPWg+
|
||||
DRGaQQKBgEEcSF5KmpIHnhi3WlfGiEtx3kcD63orKME0YYA5BM6wnmRT4QiSw+qj
|
||||
i7ljrKGSbmdMFC3ArM42/k2lXYpVLsYWmyaRYSgbdowxLM1XxDJMFIPR2uG6N+vi
|
||||
HzWkRxi2SXKU42vfs5eA0itHvQP2DfUx8VuvtwVbOxDGgntYia70
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -682,6 +682,123 @@ START_TEST(test04_sso_then_slo_soap)
|
|||
}
|
||||
END_TEST
|
||||
|
||||
START_TEST(test05_sso_idp_with_key_rollover)
|
||||
{
|
||||
LassoServer *idpContext1 = NULL;
|
||||
LassoServer *idpContext2 = NULL;
|
||||
LassoServer *spContext = NULL;
|
||||
LassoLogin *idpLoginContext1 = NULL;
|
||||
LassoLogin *idpLoginContext2 = NULL;
|
||||
LassoLogin *spLoginContext = NULL;
|
||||
|
||||
/* Create an IdP context for IdP initiated SSO with private key 1 */
|
||||
idpContext1 = lasso_server_new(
|
||||
TESTSDATADIR "idp11-multikey-saml2/metadata.xml",
|
||||
TESTSDATADIR "idp11-multikey-saml2/private-key-1.pem",
|
||||
NULL, /* Secret key to unlock private key */
|
||||
TESTSDATADIR "idp11-multikey-saml2/certificate-1.pem");
|
||||
check_not_null(idpContext1)
|
||||
check_good_rc(lasso_server_add_provider(
|
||||
idpContext1,
|
||||
LASSO_PROVIDER_ROLE_SP,
|
||||
TESTSDATADIR "/sp6-saml2/metadata.xml",
|
||||
NULL,
|
||||
NULL));
|
||||
/* Create an IdP context for IdP initiated SSO with private key 2 */
|
||||
idpContext2 = lasso_server_new(
|
||||
TESTSDATADIR "idp11-multikey-saml2/metadata.xml",
|
||||
TESTSDATADIR "idp11-multikey-saml2/private-key-2.pem",
|
||||
NULL, /* Secret key to unlock private key */
|
||||
TESTSDATADIR "idp11-multikey-saml2/certificate-2.pem");
|
||||
check_not_null(idpContext2)
|
||||
check_good_rc(lasso_server_add_provider(
|
||||
idpContext2,
|
||||
LASSO_PROVIDER_ROLE_SP,
|
||||
TESTSDATADIR "/sp6-saml2/metadata.xml",
|
||||
NULL,
|
||||
NULL));
|
||||
/* Create an SP context */
|
||||
spContext = lasso_server_new(
|
||||
TESTSDATADIR "/sp6-saml2/metadata.xml",
|
||||
TESTSDATADIR "/sp6-saml2/private-key.pem",
|
||||
NULL, /* Secret key to unlock private key */
|
||||
NULL);
|
||||
check_not_null(spContext)
|
||||
check_good_rc(lasso_server_add_provider(
|
||||
spContext,
|
||||
LASSO_PROVIDER_ROLE_IDP,
|
||||
TESTSDATADIR "/idp11-multikey-saml2/metadata.xml",
|
||||
NULL,
|
||||
NULL));
|
||||
|
||||
/* Create login contexts */
|
||||
idpLoginContext1 = lasso_login_new(idpContext1);
|
||||
check_not_null(idpLoginContext1);
|
||||
idpLoginContext2 = lasso_login_new(idpContext2);
|
||||
check_not_null(idpLoginContext2);
|
||||
spLoginContext = lasso_login_new(spContext);
|
||||
check_not_null(spLoginContext);
|
||||
|
||||
/* Create first response signed with key 1*/
|
||||
check_good_rc(lasso_login_init_idp_initiated_authn_request(idpLoginContext1, "http://sp6/metadata"));
|
||||
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(idpLoginContext1->parent.request)->ProtocolBinding,
|
||||
LASSO_SAML2_METADATA_BINDING_POST);
|
||||
check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext1, NULL));
|
||||
check_good_rc(lasso_login_validate_request_msg(idpLoginContext1,
|
||||
1, /* authentication_result */
|
||||
0 /* is_consent_obtained */
|
||||
));
|
||||
|
||||
check_good_rc(lasso_login_build_assertion(idpLoginContext1,
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
|
||||
"FIXME: authenticationInstant",
|
||||
"FIXME: reauthenticateOnOrAfter",
|
||||
"FIXME: notBefore",
|
||||
"FIXME: notOnOrAfter"));
|
||||
check_good_rc(lasso_login_build_authn_response_msg(idpLoginContext1));
|
||||
check_not_null(idpLoginContext1->parent.msg_body);
|
||||
check_not_null(idpLoginContext1->parent.msg_url);
|
||||
|
||||
/* Create second response signed with key 2 */
|
||||
check_good_rc(lasso_login_init_idp_initiated_authn_request(idpLoginContext2, "http://sp6/metadata"));
|
||||
lasso_assign_string(LASSO_SAMLP2_AUTHN_REQUEST(idpLoginContext2->parent.request)->ProtocolBinding,
|
||||
LASSO_SAML2_METADATA_BINDING_POST);
|
||||
check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext2, NULL));
|
||||
check_good_rc(lasso_login_validate_request_msg(idpLoginContext2,
|
||||
1, /* authentication_result */
|
||||
0 /* is_consent_obtained */
|
||||
));
|
||||
|
||||
check_good_rc(lasso_login_build_assertion(idpLoginContext2,
|
||||
LASSO_SAML_AUTHENTICATION_METHOD_PASSWORD,
|
||||
"FIXME: authenticationInstant",
|
||||
"FIXME: reauthenticateOnOrAfter",
|
||||
"FIXME: notBefore",
|
||||
"FIXME: notOnOrAfter"));
|
||||
check_good_rc(lasso_login_build_authn_response_msg(idpLoginContext2));
|
||||
check_not_null(idpLoginContext2->parent.msg_body);
|
||||
check_not_null(idpLoginContext2->parent.msg_url);
|
||||
|
||||
/* Process response 1 */
|
||||
check_good_rc(lasso_login_process_authn_response_msg(spLoginContext,
|
||||
idpLoginContext1->parent.msg_body));
|
||||
check_good_rc(lasso_login_accept_sso(spLoginContext));
|
||||
|
||||
/* Process response 2 */
|
||||
check_good_rc(lasso_login_process_authn_response_msg(spLoginContext,
|
||||
idpLoginContext2->parent.msg_body));
|
||||
check_good_rc(lasso_login_accept_sso(spLoginContext));
|
||||
|
||||
/* Cleanup */
|
||||
lasso_release_gobject(idpLoginContext1);
|
||||
lasso_release_gobject(idpLoginContext2);
|
||||
lasso_release_gobject(spLoginContext);
|
||||
lasso_release_gobject(idpContext1);
|
||||
lasso_release_gobject(idpContext2);
|
||||
lasso_release_gobject(spContext);
|
||||
}
|
||||
END_TEST
|
||||
|
||||
Suite*
|
||||
login_saml2_suite()
|
||||
{
|
||||
|
@ -690,14 +807,17 @@ login_saml2_suite()
|
|||
TCase *tc_spLogin = tcase_create("Login initiated by service provider");
|
||||
TCase *tc_spLoginMemory = tcase_create("Login initiated by service provider without key loading");
|
||||
TCase *tc_spSloSoap = tcase_create("Login initiated by service provider without key loading and with SLO SOAP");
|
||||
TCase *tc_idpKeyRollover = tcase_create("Login initiated by idp, idp use two differents signing keys (simulate key roll-over)");
|
||||
suite_add_tcase(s, tc_generate);
|
||||
suite_add_tcase(s, tc_spLogin);
|
||||
suite_add_tcase(s, tc_spLoginMemory);
|
||||
suite_add_tcase(s, tc_spSloSoap);
|
||||
suite_add_tcase(s, tc_idpKeyRollover);
|
||||
tcase_add_test(tc_generate, test01_saml2_generateServersContextDumps);
|
||||
tcase_add_test(tc_spLogin, test02_saml2_serviceProviderLogin);
|
||||
tcase_add_test(tc_spLoginMemory, test03_saml2_serviceProviderLogin);
|
||||
tcase_add_test(tc_spSloSoap, test04_sso_then_slo_soap);
|
||||
tcase_add_test(tc_idpKeyRollover, test05_sso_idp_with_key_rollover);
|
||||
return s;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue