Benjamin Dauvergne
5c2fc3b5dc
[id-ff/saml2] add a lasso_server_add_provider2
...
It allows to add LassoProvider objects directly to a LassoServer object,
without using the metadata loading methods.
2011-12-05 12:03:12 +01:00
Benjamin Dauvergne
10edf69bfc
[utils] add lasso_crypto_memequal function
...
This method compare byte strings in constant time.
2011-12-05 12:03:12 +01:00
Benjamin Dauvergne
9de6450f4c
[tools] add a LassoSignatureContext structure to pass signature parameters around
...
Signature parameters are mainly a LassoSignatureMethod and a xmlSecKey.
2011-12-05 12:03:12 +01:00
Benjamin Dauvergne
5a9a447bad
[xml] add an inline function to validate LassoSignatureMethod values
...
- add also a LASSO_SIGNATURE_METHOD_NONE value
2011-12-05 12:03:12 +01:00
Benjamin Dauvergne
4ba067b828
[utils] add lasso_transfer_xml_node macros
2011-12-05 12:03:12 +01:00
Benjamin Dauvergne
ad51948373
[core] simplify lasso_provider_load_public_key
2011-12-05 12:03:12 +01:00
Benjamin Dauvergne
654f9523c2
[web] fix link on the download page
2011-11-29 13:01:32 +01:00
Benjamin Dauvergne
29800377a3
Merge branch 'multi-certificates'
2011-11-29 12:36:47 +01:00
Benjamin Dauvergne
92ebef91f5
Merge branch 'excl-c14n-fix'
2011-11-29 11:05:29 +01:00
Benjamin Dauvergne
70aeff17d2
[web] add release news for release 2.3.6
2011-11-29 10:58:42 +01:00
Benjamin Dauvergne
5f25443c14
[release] 2.3.6
2011-11-29 10:42:16 +01:00
Benjamin Dauvergne
b785881e53
[integration tests] does not use full leak report
2011-11-22 18:51:49 +01:00
Benjamin Dauvergne
d72cc31347
[integration tests] show more callers when using valgrind memcheck looking for leaks in authentic and lcs
2011-11-22 18:51:49 +01:00
Benjamin Dauvergne
95137b1ad1
[tests] add test for rollover on the SP side, i.e. rollover of encryption keys
...
This test case is the first to abstract the workflow between two
LassoLogin object (for the idp and sp side). This part of the code could
be used to simplify the code of other tests in the future.
2011-11-22 18:51:49 +01:00
Benjamin Dauvergne
fd7af65e91
[core] do not emit a warning for expected decryption errors
...
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
2011-11-22 18:51:49 +01:00
Benjamin Dauvergne
5957f3e230
[core] add a new class of errors for xml encryption errors
...
add LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA for generic unrecoverable
xml decryption errors.
2011-11-22 18:51:12 +01:00
Benjamin Dauvergne
26d6b35a49
[leakcheck] fix leaks seen by the unit tests
...
This commit also improved valgrind suppression file to hide static
allocations done by the GLib type system.
2011-11-22 17:45:52 +01:00
Benjamin Dauvergne
9d13fb1933
[core] fix wrong XML canonicalization when assertion is extracted without its namespace context
2011-11-22 00:18:33 +01:00
Benjamin Dauvergne
699f0e42d5
[misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5
...
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
2011-11-21 22:10:12 +01:00
Benjamin Dauvergne
5192cdf7a0
[core] multiple decryption keys support
...
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
2011-11-21 10:25:03 +01:00
Benjamin Dauvergne
055b405387
Merge branch 'extension-abi-respecting'
2011-11-18 15:36:57 +01:00
Benjamin Dauvergne
f286c7cb5c
[saml2] add missing extension point for LassoSaml2SubjectConfirmationData
...
- it can support any content and any attribute without validation
xs:any with processContents="lax"
2011-11-18 15:36:41 +01:00
Benjamin Dauvergne
3ec4a2f294
[xml] allow to store XSchema data into a private stucture
...
- added new macros SNIPPET_STRUCT_MEMBER and SNIPPET_STRUCT_MEMBER_P
replaces use of G_STRUCT_MEMBER/_P macros.
- we use the GType of the class containing a given XmlSnippet to find
the proper private structure.
- added flag SNIPPET_PRIVATE to state XmlSnippet whose value
should be extracted from the private structure and not the public
one.
2011-11-18 15:36:41 +01:00
Benjamin Dauvergne
0e0511c686
[binding python] prevent warning in wrapper_top.c under hardy with gcc 4.2.4
2011-11-18 15:36:41 +01:00
Benjamin Dauvergne
773cdab883
[core] add missing break to switch/case
2011-11-18 15:36:40 +01:00
Benjamin Dauvergne
8002502152
[bindings] fix bug introduced in last commit
2011-11-08 01:10:22 +01:00
Benjamin Dauvergne
3c6970e047
[bindings] fix tree traversal on windows
...
- The file path separator is not / on all platforms, so do not use it
when matching filenames.
2011-10-18 17:35:55 +02:00
Benjamin Dauvergne
4552f30293
[misc] apply changes to remove warning blocking compilation with gcc 4.5.2 and php 5.3.5
...
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
2011-10-18 17:33:43 +02:00
Benjamin Dauvergne
b8cf183c37
[xml saml-2.0] add missing annotation for binding generation to header for LassoKeyInformationDataType
2011-10-18 17:32:56 +02:00
Benjamin Dauvergne
94a9fe4f02
[xml saml-2.0] add a class to handle the KeyInfoConfirmationData type
...
* use a direct mapping to map this class to SubjectConfirmationData
node having the xsi:type attribute.
* overload get_xmlNode method to add the xsi:type attribute on output.
2011-10-13 01:12:04 +02:00
Benjamin Dauvergne
f69b561c47
[xml] allow node classes to not defined their nodename, useful for simple Type
2011-10-13 01:09:29 +02:00
Benjamin Dauvergne
c6d4076599
[id-wsf2 profile] check provider->private_data->roles instead of provider->role
...
Fixes #140 .
2011-10-10 17:38:03 +02:00
Benjamin Dauvergne
984759ea67
[id-wsf discovery] provider can now contain multiple public keys, only consider the first key for id-wsf token generation
...
ID-WSF never contemplated the fact that sometimes key roll-over happend
(SubjectConfirmation can only containg on ds:KeyInfo), whatever...
2011-10-10 17:26:09 +02:00
Benjamin Dauvergne
b7a94f2db8
[saml-2.0] augment lasso_saml20_provider_get_first_http_method to verify presence of synchronous bindings
2011-10-10 16:31:04 +02:00
Benjamin Dauvergne
aa7fae5fc1
[xml] if a SNIPPET_LIST_NODES as the SNIPPET_ANY flag, allows really any kind of node through LassoMiscTextNode
2011-10-10 16:31:03 +02:00
Benjamin Dauvergne
7b1aa28c2c
[xml] allows LassoMiscText.init_from_xml to parse any xmlNode
...
If the node has no attributes and has a simple string content, we use the
classic embedding by setting, name, ns_href, ns_prefix. Otherwise the complete
xmlNode is copied.
2011-10-10 16:31:03 +02:00
Benjamin Dauvergne
627294f52c
[tests] add non-regression tests concerning the parsing of any xmlNode tree by LassoMiscTextNode when SNIPPET_ANY is used by a LassoNode
2011-10-10 16:31:00 +02:00
Benjamin Dauvergne
94136d639b
[xml] only try to map an xmlNode to a class ame if the node has a namespace
2011-10-10 16:17:28 +02:00
Benjamin Dauvergne
f638f379e7
[xml saml-2.0] change AttributeValue snippets to accept any children
...
An AttributeValue has an XSchema type of xs:any.
2011-10-10 16:14:50 +02:00
Benjamin Dauvergne
a7be1fa114
[xml] create a static version of lasso_node_new_from_xmlNode_with_type without error logging
...
When used inside lasso_node_impl_init_from_xml the error logging is
prematurely sent as there is a backup procedure for parsing unknown
nodes inside a SNIPPET_LIST_NODES by creating a LassoMiscTextNode
containing a copy of the parsed xmlNode child.
2011-10-07 13:08:49 +02:00
Benjamin Dauvergne
9430491963
[configure.ac] default AM_MAINTAINER_MODE to enable
2011-09-09 15:39:43 +02:00
Benjamin Dauvergne
da5260de18
[configure.ac] remove useless semi-colons
2011-07-08 21:17:01 +02:00
Benjamin Dauvergne
b1183fe341
Fix wrong version exported in the PHP binding
2011-07-08 21:15:20 +02:00
Benjamin Dauvergne
14b5c395cc
Change the glob expression to match darwin $host_os
...
Also use the $DARWIN flag to control the setting of JNI_EXTRA_LDFLAGS.
2011-06-03 11:24:02 +02:00
Benjamin Dauvergne
8aadadef4d
[java] try to make test works under Mac Os X
2011-05-30 22:24:39 +02:00
Benjamin Dauvergne
9cedec628e
[core] finish transition from single encryption key to multiple ones
...
Some code still reference provider->private->encryption_public_key, this
commit make them use lasso_provider_get_encryption_public_key().
2011-05-30 22:24:37 +02:00
Benjamin Dauvergne
24a29f954a
[bindings perl] remove --as-needed from linker flags, it is not supported evrywhere
...
It can come back if we add proper checking of the support on the
platform, maybe we can leverage tests made by autoconf.
2011-05-27 16:02:30 +02:00
Benjamin Dauvergne
ed44ea81a8
Disable metadata loading test with the UK federation files
2011-05-27 16:01:44 +02:00
Benjamin Dauvergne
8036813115
Merge branch 'multi-certificates'
2011-05-23 10:53:50 +02:00
Benjamin Dauvergne
bd7e649272
[bindings perl] in Makefile.am, gives a default template to mktemp
...
Thanks to Nathan Sowatskey for the bug report and the fix.
2011-05-19 17:55:12 +02:00