This commit complements the support for multiple signing certificate
support in the metadata files. The use-case is still key roll-over.
The structure LassoServerPrivateData was changed to accomodate multiple
decryption keys, and so:
xmlSecKey *encryption_private_key
became:
GList *encryption_private_keys
All uses of this key were replaced by a loop over this list, terminating
with the first key to be able to decrypt the content.
The private key passed to lasso_server_new() or
lasso_server_new_from_buffers() is first added to the list of decryption
keys. Any other call to
lasso_server_set_encryption_private_key_with_password() or
lasso_server_set_encryption_private_key() will add a new key to the
list.
* support private key with new internal API in signature setting
methods
Plug lasso_node_set_signature into
lasso_profile_saml20_setup_message_signature and
lasso_server_saml2_assertion_setup_signature.
* also use lasso_node_get_signature in has_signature
* add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch
cases
For AuthnResponse checking the semantic is now that if HINT_FORCE is
used we verify message signature *and* assertion signature. If
HINT_MAYBE is used we check the assertion signature if its issuer
differs from the message issuer.
* lasso/saml-2.0/saml2_helper.{c,h}:
distribute code from lasso_saml2_assertion_validate_conditions to
lasso_saml2_assertion_validate_time_checks and
lasso_saml2_assertion_validate_audience.
add lasso_saml2_assertion_allows_proxying and
lasso_saml2_assertion_allows_proxying_to, to respectively check for
proxying of the current assertion, and for proxying to a specific
provider (you must call both of them to test completely the proxying
status of an assertion).
* docs/reference/lasso/lasso-sections.txt:
reference new functions into documentation.
* lasso/saml-2.0/saml2_helper.c lasso/saml-2.0/saml2_helper.h:
- add lasso_server_saml2_assertion_setup_signature, to help in
defining signature upon saml2:Assertion nodes.
- add new symbols LASSO_DURATION_MINUTE, LASSO_DURATION_HOUR,
LASSO_DURATION_DAY, LASSO_DURATION_WEEK.
- add method lasso_saml2_assertion_add_attribute_with_node
* docs/reference/lasso/lasso-sections.txt:
declare new functions in saml2_helper section.