The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
An empty reference means the complete document, so the signed node is
the root element of this document. We must check that the parameter
signe_node dmatches our assumption.
The node containing signature do not handle the private keys passwords.
As the fields for signature parameters are part of the public ABI we
cannot add the password field to the public structure for those nodes.
Instead we use the new quark annotation accessed through
lasso_node_get/set_signature, and if the sign_type parameter is non-NULL
we use it instead of the parameters stored in the public structure.
This is a gross hack :( but at least it is documented.
In order to permit subclass to modify the base xmlNode created by
lasso_node_impl_get_xmlNode we must defer the concrete to the virtual
method wrapper, lasso_node_get_xmlNode.
To do that it whas needed to make id_attribute another virtual field of
LassoNode subclasses (it can be accessed through an offset registered in
the class object).
This commit solves signature validation error since the patch for
managing more than one SessionIndex element in samlp2:LogoutRequest.
It also factorize the creation of signatures in one place.
* We now support the two possible formats for xsdtime XSchema datatype:
- dddd-dd-ddTdd:dd:ddZ
- dddd-dd-ddTdd:dd:dd.d*Z
Where d denotes a digit, and * is the kleene star.
XSD datetime also supports negative years, but as we cannot represent
them with time_t, we can reject it at the lexical level.
* lasso/xml/tools.h:
add new header to export lasso_build_unique_id as a public API.
* lasso/xml/Makefile.am:
add tools.h to header list
* lasso/xml/tools.c:
add GObjectIntrospection annotations to exported functions.
* lasso/xml/tools.c lasso/xml/private.h:
lots of functions duplicate this code, so we factorized it there.
It has two parameters, the xmlnode and boolean deciding whether to
format the resulting content (good for reading but bad for
signatures).
* lasso/xml/tools.c:
in lasso_saml2_verify_query_signature, extract needed field and order
them appropriately before computing digest, expect ';' as well as '&'
as separator.
* tests/random_test.c:
add non-regression tests for query signature validation.
* tests/Makefile.am:
make tests link agains static version of liblasso, to get access to
private functions.
* lasso/xml/tools.c:
this new function is a placeholder for the new SAML 2.0 semantic
following query signature validation function. It will start with the
old code of lasso_query_verify_signature.
* lasso/xml/tools.c:
xmlsec is not able to load a certificate public key without checking
it against trusted root certificate, so we must work around and load
the key by hand.
lasso_xmlsec_load_private_key_from_buffer is made more robust in the
same (loading of the key was extracted inside
_lasso_xmlsec_load_key_from_buffer) and now can load certificates and
keys directly embedded inside KeyValue nodes (in total opposition to
the XMLDsig specification but...), with or without PEM headers.
* tests/metadata/Makefile.am tests/metadata/metadata_06.xml
tests/metadata_tests.c:
add test case for RSAKeyValue public keys.
* lasso/xml/tools.c:
adding the flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS make
xmlSec able to load certificate, the 'hand made' code to load
certificate is then useless.
* tools.c:
add lasso_xml_parse_file, based on g_file_get_contents and
lasso_xml_parse_memory.
add lasso_xml_parse_memory_with_error which instead of logging
errors, can return the xmlError structure.
add lasso_xmlsec_load_key_info, which allows to load keys from
ds:KeyInfo XML nodes. It also support the "Lasso" bug of using
ds:KeyValue directly to store base64 encoded keys and certificates.
Benjamin Dauvergne
Frédéric Péters