entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity
5,258 Commits 7 Branches 40 Tags 14 MiB
Commit Graph

24 Commits

Author SHA1 Message Date
Benjamin Dauvergne f3409ece4d [saml2] modify behaviour of lasso_saml2_assertion_add_attribute_with_node 
If an AttributeStatement already exists, we add the new attribute to it.
 2012-04-06 09:46:34 +02:00
Benjamin Dauvergne 727f07b1ae Simplify useless complexity in include paths 2011-12-16 14:17:31 +01:00
Benjamin Dauvergne 0c45b252dc [saml2] introduce a lasso_saml2_assertion_get_audirence_restrictions to factorize some code 2011-12-05 12:03:13 +01:00
Benjamin Dauvergne cd017964d0 [core] introduce the LassoSignatureContext context, to pass around signature parameters 
This structure is used to pass around the signature algorithm
and the signature key.
 2011-12-05 12:03:13 +01:00
Benjamin Dauvergne 5192cdf7a0 [core] multiple decryption keys support 
This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.

The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:

 xmlSecKey *encryption_private_key

became:

 GList *encryption_private_keys

All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.

The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
 2011-11-21 10:25:03 +01:00
Benjamin Dauvergne 462c9a1cd0 [Core] replace all use of g_strcmp0 by lasso_strisequal and lasso_strisnotequal 
Too much human errors with strcmp kind of functions. Also change name os
lasso_is_empty_string to lasso_strisempty.
 2010-10-01 15:29:38 +02:00
Benjamin Dauvergne e869899b79 [SAMLv2] add support for encrypted private keys 
* support private key with new internal API in signature setting
   methods

Plug lasso_node_set_signature into
lasso_profile_saml20_setup_message_signature and
lasso_server_saml2_assertion_setup_signature.

 * also use lasso_node_get_signature in has_signature

 * add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch
   cases

For AuthnResponse checking the semantic is now that if HINT_FORCE is
used we verify message signature *and* assertion signature. If
HINT_MAYBE is used we check the assertion signature if its issuer
differs from the message issuer.
 2010-07-16 19:34:30 +00:00
Benjamin Dauvergne 49deb1ffcb SAMLv2: rename lasso_saml2_name_id_build_persistent to lasso_saml2_name_id_new_with_persistent_format 
* keep the old one for compatibility
 * new one will be picked by bindings as a constructor
 2010-06-12 00:43:20 +00:00
Benjamin Dauvergne c7539efbe0 SAMLv2: when initializing signture on assertion, setup an ID if there is none 
* without the ID lasso refuse to sign (it's mandatory)
 2010-06-12 00:43:14 +00:00
Benjamin Dauvergne 2c0ea4d647 Change all logging to use message() 2010-06-09 16:54:55 +00:00
Benjamin Dauvergne ba68d3a7fd SAML 2.0 Helper: add lasso_saml2_assertion_set_one_time_use 2010-05-01 05:40:38 +00:00
Benjamin Dauvergne 05aad98ec3 Fix documentation problems 2010-04-19 11:30:35 +00:00
Benjamin Dauvergne 27247cbd09 SAML 2.0: in lasso_saml2_assertion_get_issuer_provider, check type of server argument 2010-03-02 11:57:35 +00:00
Benjamin Dauvergne 887da70933 SAML 2.0: add more accessors for Conditions 
* lasso/saml-2.0/saml2_helper.{c,h}:
   distribute code from lasso_saml2_assertion_validate_conditions to
   lasso_saml2_assertion_validate_time_checks and
   lasso_saml2_assertion_validate_audience.
   add lasso_saml2_assertion_allows_proxying and
   lasso_saml2_assertion_allows_proxying_to, to respectively check for
   proxying of the current assertion, and for proxying to a specific
   provider (you must call both of them to test completely the proxying
   status of an assertion).
 * docs/reference/lasso/lasso-sections.txt:
   reference new functions into documentation.
 2010-02-22 13:30:48 +00:00
Benjamin Dauvergne 597eaf5cdc SAML 2.0: add lasso_saml2_encrypted_element_server_decrypt and lasso_saml2_assertion_decrypt_subject 2010-02-22 13:30:29 +00:00
Benjamin Dauvergne 017ebd33f9 SAML 2.0: make lasso_saml2_assertion_validate_conditions really work 2010-02-17 10:14:43 +00:00
Benjamin Dauvergne 95f3c0625f SAML 2.0: fix documentation of lasso_saml2_assertion_validate_conditions 2010-02-15 10:37:50 +00:00
Benjamin Dauvergne 78df73e128 SAML 2.0: in saml2_helper.c, better check issuer element and also test the LassoServer object for issuance, lasso_saml2_assertion_get_issuer_provider 2010-02-15 10:37:41 +00:00
Benjamin Dauvergne 60b5029e03 SAML 2.0: add helper method lasso_saml2_assertion_get_in_response_to 
* lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h:
   add a method to access easily the InResponseTo attribute.
 2010-02-10 00:34:43 +00:00
Benjamin Dauvergne 92efc271a4 SAML 2.0: fix annotations, documentation and signatures 2010-01-29 00:43:50 +00:00
Benjamin Dauvergne 7142d50d16 in saml2_helper.{c,h}, remote const modifier from time_t type 2010-01-12 15:40:20 +00:00
Benjamin Dauvergne 845e302415 in saml2_helper.c, remove dead code 2010-01-12 15:40:08 +00:00
Benjamin Dauvergne 2ff13e5414 SAML 2.0: overhaul for ubuquitous binding support, still need work for HTTP-Artefact 2010-01-12 15:39:48 +00:00
Benjamin Dauvergne c01e1231fa SAML 2.0: in saml2_helper.c, add new methods to manipulate SAML2 assertions 
* lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h:
   - add lasso_server_saml2_assertion_setup_signature, to help in
     defining signature upon saml2:Assertion nodes.
   - add new symbols LASSO_DURATION_MINUTE, LASSO_DURATION_HOUR,
     LASSO_DURATION_DAY, LASSO_DURATION_WEEK.
   - add method lasso_saml2_assertion_add_attribute_with_node

 * docs/reference/lasso/lasso-sections.txt:
   declare new functions in saml2_helper section.
 2010-01-04 09:14:17 +00:00