The added key can be appended or prepended, depending on the need for the key:
- rollover
- improving performances (using simpler cryptographic algorithmss using shared secret keys)
Using this method you can specify a signing which will be used for
communication with the specified provider instead of the one configured
on the LassoServer object. The main objective is to allow shared secret
cryptography instead of public key cryptography.
LassoKey currenly store a LassoSignatureContext inside a
reference-counted and bindable object. It will be used to export API
around key management to bindings.
This test case is the first to abstract the workflow between two
LassoLogin object (for the idp and sp side). This part of the code could
be used to simplify the code of other tests in the future.
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
- added new macros SNIPPET_STRUCT_MEMBER and SNIPPET_STRUCT_MEMBER_P
replaces use of G_STRUCT_MEMBER/_P macros.
- we use the GType of the class containing a given XmlSnippet to find
the proper private structure.
- added flag SNIPPET_PRIVATE to state XmlSnippet whose value
should be extracted from the private structure and not the public
one.
- gcc now warns when you compate a typedef to the anonymous enum which
define it.
- some inline function in the zend.h header do compare between signed
and unsigned char.
* use a direct mapping to map this class to SubjectConfirmationData
node having the xsi:type attribute.
* overload get_xmlNode method to add the xsi:type attribute on output.
Benjamin Dauvergne