* lasso/xml/tools.c lasso/xml/private.h:
lots of functions duplicate this code, so we factorized it there.
It has two parameters, the xmlnode and boolean deciding whether to
format the resulting content (good for reading but bad for
signatures).
* lasso/xml/tools.c:
this new function is a placeholder for the new SAML 2.0 semantic
following query signature validation function. It will start with the
old code of lasso_query_verify_signature.
* tools.c:
add lasso_xml_parse_file, based on g_file_get_contents and
lasso_xml_parse_memory.
add lasso_xml_parse_memory_with_error which instead of logging
errors, can return the xmlError structure.
add lasso_xmlsec_load_key_info, which allows to load keys from
ds:KeyInfo XML nodes. It also support the "Lasso" bug of using
ds:KeyValue directly to store base64 encoded keys and certificates.
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* lasso/xml/tools.c,lasso/xml/private.h:
- lasso_eval_xpath_expression(xmlXPathContextPtr xpathCtx,
const char *expression, xmlXPathObjectPtr *xpathObjectPtr,
int *xpathErrorCode) is a boolean returning function handling call
to libxml API to evaluate en XPath expression in the xpathCtx
context. It eventually save the returned nodeset in the variable
pointed by xpathObjectPtr if it is not-NULL
(and eventually deallocate previous value)
and if an error happend it copy its code into the variable
pointed to by xpathErrorCode if it is not NULL.
* xml/tools.c:
add lasso_url_add_parameter that concat the string &key=value to an
existing URL where key and value are url-encoded.
* xml/private.h:
declare lasso_url_add_parameter.
* lasso/xml/private.h:
* lasso/xml/tools.c:
replace implementation of lasso_node_decrypt by a new one called
lasso_node_decrypt_xmlnode, and use it where old one was used.
* lasso/id-ff/provider.c:
try to keep some homgeneity between lasso_verify_signature and
lasso_verify_query_signature functions, by having mirror methods
inside the LassoProvider class. this new methods comes with complete
documentation.
* lasso/xml/tools.c:
add a xmlDoc argument to lasso_verify_signature, in order to
reuse an already built message context, and possible problems with
interned string in parsed xml documents.
* lasso/xml/private.h:
* lasso/xml/xml.c:
lasso_node_init_from_message_with_format permit to initialize a node
and to keep the corresponding xml document, in order for example to
validate a signature.
* lasso/xml/tools.c:
lasso_xml_parse_message is able to parse a message of any type, or of
a given type. If a message of another than the one specified is
found, the call fails, and a LASSO_MESSAGE_FORMAT_ERROR is returned.
* lasso/xml/tools.c:
add lasso_xml_is_soap, to verify that a message is SOAP.
add lasso_xml_get_soap_content, to retrieve the first child of the
SOAP body, whatever the SOAP content version.
* lasso/xml/xml_enc.h:
remove old functions
* lasso/xml/private.h:
remove lasso_node_(de/en)crypt from public headers API, they were not
exported anyway. move them to internal header.
* lasso/xml/saml-2.0/saml2_encrypted_element.{c,h}:
add a new decrypt function to convert a EncryptedElement to the
contained encrypted node objects.
* bindings/overrrides.xml:
do not export the new method, wait for implementation of output
arguments.
* lasso/id-ff/server.c:
remove lasso_decrypt_nameid from lasso/id-ff/server.c
* lasso/xml/private.h:
* lasso/xml/xml.h
* lassoi/xml/xml.c:
add an implementation helper for the AttributeValue objects
implementation of get_xmlNode.
make lasso_node_set_original_xmlnode public API.
* lasso/xml/saml-2.0/samlp2_extensions.c:
* lasso/xml/saml-2.0/saml2_attribute_value.c:
* lasso/xml/saml_attribute_value.c:
implement get_xmlNode for the AttributeValue and Extensions objects.
If the any field is empty, use the original_xmlnode value. In order
to support free-style content, you must use the method
lasso_node_set_original_xmlnode, properties and children are
extracted from the given node and added to the node created by the
generic get_xmlNode virtual method.
* private.h:
add the new constant to the enum type
* xml.c:
fix lasso_node_traversal, add support for the new contanst in
lasso_node_imp_init_from_xmlNode.
* lasso/xml/tools.c: in lasso_verify_signature always return success if
lasso_flag_verify_signature is FALSE.
* lasso/xml/private.h: change return type to int.
* lasso/xml/tools.c:
- lasso_saml_constrain_dsigctxt() add constraints following SAML
specifications on XMLDsig signatures to an libxmlsec DSig context.
- lasso_verify_signature() this function given an xmlNode and a key or
a keys manager (for a set of AC or AC chains) validate the
envelopped signature set upon this node. It can be instructed to
follow constraints of the SAML 1.0 specification.
* lots of files: Explicitely set all field of initialized structures,
in order to remove -Wno-missing-field-initilizers from needed
compiler options when using -Wall -Wextra.
looked for a preexisting namespace; the function was previously called with ns
== NULL, which caused namespace to be *removed* from elements (ns was NULL
because xmlNewNs will return NULL when the namespace is already defined).
Benjamin Dauvergne
Frédéric Péters
Damien Laniel
Romain Chantereay