* use a direct mapping to map this class to SubjectConfirmationData
node having the xsi:type attribute.
* overload get_xmlNode method to add the xsi:type attribute on output.
If the node has no attributes and has a simple string content, we use the
classic embedding by setting, name, ns_href, ns_prefix. Otherwise the complete
xmlNode is copied.
When used inside lasso_node_impl_init_from_xml the error logging is
prematurely sent as there is a backup procedure for parsing unknown
nodes inside a SNIPPET_LIST_NODES by creating a LassoMiscTextNode
containing a copy of the parsed xmlNode child.
The idea was to replace every use of an xmlSecKey* by a loop over a
GList* of xmlSecKey*.
- In the structure LassoProviderPrivate changed
xmlSecKey*public_key -> GList* signing_public_keys
xmlNode*signing_key_descriptor -> GList* signing_key_descriptors.
- Renamed lasso_provider_try_loading_public_key to
lasso_provider_try_loading_public_keys and chaned its signature
accordingly
- Renamed lasso_provider_get_public_key to
lasso_provider_get_public_keys and changed the signature accordingly.
- Changed lasso_provider_get_encryption_public_key to return the first
signing key from the list as a temporary work around. Multiple
encryption keys will be supported later.
- Changed lasso_provider_load_public_key to load keys from the passed
file on the LassoProvider constructor, from every key descriptors
found for signing and eventually from the key descriptor marked for
encryption.
- Every failure to load from a file or an XML KeyInfo descriptor are
noew reported as warning.
- Query signature checking was completely moved to
lasso_provider_verify_query_signature and
lasso_provider_verify_signature now calls it.
- lasso_provider_verify_signature is now using lasso_verify_signature
from the xml/tools.o module.
- lasso_provider_verify_single_signature was modified to support
multiple signing keys.
lasso_saml20_login_process_response_status_and_assertion does analyze
the response status code login specific error codes, if the generic
processing from lasso_saml20_profile_process_any_response returns a
status of response is not success, we must continue processing.
The flags parameter allows to control the checking of digital signature
upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata
files.
The default behaviour is to check all found signatures and to inherit
signature from EntitiesDescriptor to their children.
By only enabling checking of EntityDescrtiptor node signatures it's also
possible to only check signature at the EntityDescriptor level and so
only trust individual entities and not the aggregating provider.
An empty reference means the complete document, so the signed node is
the root element of this document. We must check that the parameter
signe_node dmatches our assumption.
The aim of this function is now to load any metadata file, and to
replace completely the use of lasso_server_add_provider.
The metadata content argument is replaced by a metadata file path to
more closely match other APIs.
Benjamin Dauvergne