* lasso/xml/tools.c lasso/xml/private.h:
lots of functions duplicate this code, so we factorized it there.
It has two parameters, the xmlnode and boolean deciding whether to
format the resulting content (good for reading but bad for
signatures).
* lasso/xml/tools.c:
in lasso_saml2_verify_query_signature, extract needed field and order
them appropriately before computing digest, expect ';' as well as '&'
as separator.
* tests/random_test.c:
add non-regression tests for query signature validation.
* tests/Makefile.am:
make tests link agains static version of liblasso, to get access to
private functions.
* lasso/xml/tools.c:
this new function is a placeholder for the new SAML 2.0 semantic
following query signature validation function. It will start with the
old code of lasso_query_verify_signature.
* lasso/xml/tools.c:
xmlsec is not able to load a certificate public key without checking
it against trusted root certificate, so we must work around and load
the key by hand.
lasso_xmlsec_load_private_key_from_buffer is made more robust in the
same (loading of the key was extracted inside
_lasso_xmlsec_load_key_from_buffer) and now can load certificates and
keys directly embedded inside KeyValue nodes (in total opposition to
the XMLDsig specification but...), with or without PEM headers.
* tests/metadata/Makefile.am tests/metadata/metadata_06.xml
tests/metadata_tests.c:
add test case for RSAKeyValue public keys.
* lasso/xml/tools.c:
adding the flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS make
xmlSec able to load certificate, the 'hand made' code to load
certificate is then useless.
* tools.c:
add lasso_xml_parse_file, based on g_file_get_contents and
lasso_xml_parse_memory.
add lasso_xml_parse_memory_with_error which instead of logging
errors, can return the xmlError structure.
add lasso_xmlsec_load_key_info, which allows to load keys from
ds:KeyInfo XML nodes. It also support the "Lasso" bug of using
ds:KeyValue directly to store base64 encoded keys and certificates.
* lasso/id-wsf-2.0/data_service.c: fix uninitialized res variable in
lasso_idwsf2_data_service_process_query_response_soap_fault_msg.
* lasso/xml/saml-2.0/saml2_assertion.c: fix uninitialized rc variable
in get_xmlNode.
* lasso/saml-2.0/login.c:
in lasso_saml20_login_accept_sso check for ni and ni->Format
null-ness before dereferencing, remove idp_ni which is not used
anymore.
remote all use of federation->remote_nameIdentifier, SAML 2.0 only
need one NameID, and it will be local_nameIdentifier.
* lasso/xml/xml.c:
in lasso_node_traversal, check null-ness of node before dereferencing
it, add check for class null-ness also.
* lasso/id-ff/provider.c:
in lasso_provider_get_first_http_method, remove useless check for t2
null-ness -- if found is TRUE, t1 and t2 cannot be null.
* lasso/xml/tools.c:
in lasso_sign_node, add documentation, check for private_key_file and
xmlnode null-ness.
in lasso_get_public_key_from_private_key_file, add a cleanup phase,
check for cert variabl null-ness befor appending, count the number of
certificates added.
in lasso_query_verify_signature, check that URL unescaping and base64
decoding are succesfull before using the decoded strings.
* lasso/saml-2.0/name_id_management.c:
in lasso_name_id_management_validate_request, fix mis-handling of
federation, if federation does not match request name_id, return
UNKNOWN_PRINCIPAL.
* lasso/Makefile.am:
distribute extract_sections.py
* docs/references/lasso/lasso.types.in: add missing class (mainly SAML2
and ID-WSF 1.0/2.0) from docs/references/lasso.types.in
* lasso/xml/strings.h:
add lots of documentation, or at least documentation template to
strings constants.
* id-ff/login.h:
* saml-2.0/assertion_query.h:
* xml/xml.h:
document undocumented enumerations.
* lasso/errors.h:
add proper documentation about error codes.
* lasso/errors.c:
new version of the lasso_strerror function
* lasso/build_strerror.py:
update the script that generater lasso_strerror from the
documentation comments.
Remove usage of OFTYPE
* lasso/id-ff/session.c:
* lasso/id-ff/session.h:
remove usage of oftype, prefer gtk-introspection annotations instead.
* lasso/id-wsf/data_service.h:
* lasso/id-wsf/data_service.c:
do the same.
Add a script to build lasso-sections.txt
* lasso/extract_sections.py:
this script parses header files and generated lasso-sections.txt
content for GObject class descriptions.
Add a template file for the lasso-section.txt file
* docs/references/lasso-sections.txt.in:
this file serves as a base for the generation of lasso-sections.txt
Update docs/references/Makefile.am for generating lasso-sections.txt
* docs/references/Makefile.am:
always rebuild template, using out of source build directory is too
weird without it.
call new script extract_sections.py to regenerate lasso-sections.txt
if header files changed.
Update lasso.sgml file with all missing sections
* docs/reference/lasso.sgml:
add all missing sections, mainly objects from XML schemas.
* docs/reference/lasso-sections.txt: update it
* *.c: add section documentation to some files.
* lasso/xml/strings.h: fix bad usage or docbook markup
* nearly all C files: change includes for relative paths.
* lasso/id-wsf/id_wsf.h, lasso/id-wsf-2.0/id_wsf_2.h: add top level
public include files for ID-WSF 1.0 and ID-WSF 2.0.
* lasso/id-ff/server.*, lasso/id-ff/session.*, lasso/id-ff/identity.*:
remove most of the code related to ID-WSF and push into
lasso/id-wsf/id_ff_extensions.* and lasso/id-wsf-2.0/identity.c,
lasso/id-wsf-2.0/server.c, lasso/id-wsf-2.0/session.c.
* lasso/id-wsf-2.0/saml2_login.c,
lasso/id-wsf-2.0/saml2_login_private.h: same change but for ID-WSF
2.0 support in SAML2 SSO profile.
* lasso/xml/tools.c,lasso/xml/private.h:
- lasso_eval_xpath_expression(xmlXPathContextPtr xpathCtx,
const char *expression, xmlXPathObjectPtr *xpathObjectPtr,
int *xpathErrorCode) is a boolean returning function handling call
to libxml API to evaluate en XPath expression in the xpathCtx
context. It eventually save the returned nodeset in the variable
pointed by xpathObjectPtr if it is not-NULL
(and eventually deallocate previous value)
and if an error happend it copy its code into the variable
pointed to by xpathErrorCode if it is not NULL.
* lasso/xml/tools.c:
in SAML message signatures are usually envelopped signatures, so just
lookup for the first direct child which is a Signature node.
* lasso/utils.h:
change 'goto exit' for 'goto cleanup'. rename all goto_exit macros to
goto_cleanup_. rename goto_cleanup_if_fail to
goto_cleanup_if_fail_with_rc and add a
goto_cleanup_if_fail for function which do not return an integer
value. add documentation for goto_cleanup macro family.
* lasso/id-ff/login.c:
* lasso/id-ff/provider.c:
* lasso/id-ff/server.c:
* lasso/id-ff/session.c:
* lasso/id-wsf/discovery.c:
* lasso/id-wsf/wsf_profile.c:
* lasso/saml-2.0/profile.c:
* lasso/utils.h:
* lasso/xml/lib_logout_request.c:
* lasso/xml/tools.c:
* lasso/xml/xml.c:
update name of goto_exit_if_fail macros. rename 'exit' labels to
'cleanup'.
* xml/tools.c:
add lasso_url_add_parameter that concat the string &key=value to an
existing URL where key and value are url-encoded.
* xml/private.h:
declare lasso_url_add_parameter.
* lasso/xml/private.h:
* lasso/xml/tools.c:
replace implementation of lasso_node_decrypt by a new one called
lasso_node_decrypt_xmlnode, and use it where old one was used.
* lasso/id-ff/provider.c:
try to keep some homgeneity between lasso_verify_signature and
lasso_verify_query_signature functions, by having mirror methods
inside the LassoProvider class. this new methods comes with complete
documentation.
* lasso/xml/tools.c:
add a xmlDoc argument to lasso_verify_signature, in order to
reuse an already built message context, and possible problems with
interned string in parsed xml documents.
* lasso/xml/private.h:
* lasso/xml/xml.c:
lasso_node_init_from_message_with_format permit to initialize a node
and to keep the corresponding xml document, in order for example to
validate a signature.
* lasso/xml/tools.c:
lasso_xml_parse_message is able to parse a message of any type, or of
a given type. If a message of another than the one specified is
found, the call fails, and a LASSO_MESSAGE_FORMAT_ERROR is returned.
* lasso/xml/tools.c:
add lasso_xml_is_soap, to verify that a message is SOAP.
add lasso_xml_get_soap_content, to retrieve the first child of the
SOAP body, whatever the SOAP content version.
* lasso/xml/tools.c:
in lasso_load_certs_from_pem_certs_chain_file if
g_io_channel_new_file fails return NULL and print a warning.
If path is NULL or 0-length also returns NULL.
* lasso/xml/tools.c: in lasso_verify_signature always return success if
lasso_flag_verify_signature is FALSE.
* lasso/xml/private.h: change return type to int.
Benjamin Dauvergne