[core] do not emit a warning for expected decryption errors
The only expected decryption error is on decryption of the symetric key used to crypt the data. All other errors are critical and must be logged. Client of lasso_node_decrypt_xmlnode can then log the decryption failure of the symetric if they tried with all possible keys (key rollover case).
This commit is contained in:
parent
5957f3e230
commit
fd7af65e91
|
@ -1193,8 +1193,11 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
lasso_foreach_full_end();
|
lasso_foreach_full_end();
|
||||||
|
if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) {
|
||||||
if (rc1) {
|
message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey");
|
||||||
|
at_least_one_decryption_failture |= TRUE;
|
||||||
|
continue;
|
||||||
|
} else if (rc1) {
|
||||||
message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1));
|
message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1));
|
||||||
at_least_one_decryption_failture |= TRUE;
|
at_least_one_decryption_failture |= TRUE;
|
||||||
continue;
|
continue;
|
||||||
|
|
|
@ -1574,7 +1574,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
||||||
xmlChar *algorithm = NULL;
|
xmlChar *algorithm = NULL;
|
||||||
xmlSecKeyDataId key_type;
|
xmlSecKeyDataId key_type;
|
||||||
GList *i = NULL;
|
GList *i = NULL;
|
||||||
int rc = LASSO_DS_ERROR_DECRYPTION_FAILED;
|
int rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
|
||||||
|
|
||||||
if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) {
|
if (encryption_private_key == NULL || !xmlSecKeyIsValid(encryption_private_key)) {
|
||||||
message(G_LOG_LEVEL_WARNING, "Invalid decryption key");
|
message(G_LOG_LEVEL_WARNING, "Invalid decryption key");
|
||||||
|
@ -1582,6 +1582,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
xmlSetGenericErrorFunc(NULL, lasso_xml_generic_error_func);
|
||||||
|
|
||||||
/* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */
|
/* Need to duplicate it because xmlSecEncCtxDestroy(encCtx); will destroy it */
|
||||||
encryption_private_key = xmlSecKeyDuplicate(encryption_private_key);
|
encryption_private_key = xmlSecKeyDuplicate(encryption_private_key);
|
||||||
|
|
||||||
|
@ -1655,8 +1657,8 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
||||||
if (key_buffer != NULL) {
|
if (key_buffer != NULL) {
|
||||||
sym_key = xmlSecKeyReadBuffer(key_type, key_buffer);
|
sym_key = xmlSecKeyReadBuffer(key_type, key_buffer);
|
||||||
}
|
}
|
||||||
|
rc = LASSO_DS_ERROR_ENCRYPTION_FAILED;
|
||||||
if (sym_key == NULL) {
|
if (sym_key == NULL) {
|
||||||
message(G_LOG_LEVEL_WARNING, "EncryptedKey decryption failed");
|
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1673,6 +1675,7 @@ lasso_node_decrypt_xmlnode(xmlNode* encrypted_element,
|
||||||
|
|
||||||
/* decrypt the EncryptedData */
|
/* decrypt the EncryptedData */
|
||||||
if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
|
if ((xmlSecEncCtxDecrypt(encCtx, encrypted_data_node) < 0) || (encCtx->result == NULL)) {
|
||||||
|
rc = LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA;
|
||||||
message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed");
|
message(G_LOG_LEVEL_WARNING, "EncryptedData decryption failed");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue