The new implementations of lasso_node_impl_init_from_xml now validate
namespace of all child nodes befores parsing. It stops on any error. For
node which implement their own parsing of an attribute or a node, it
must declare an XmlSnippet with an offset field set to 0. The 0 value is
invalid for public GObject structure (it's the place of the GObject
machinery like the reference count). The 0 offset can be used for
XmlSnippet in a private structure, so never set the offset to 0 with the
flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode
virtual method.
Other ameliorations in this commit is the possibility to set attributes
with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The
syntax for an attribute is inspired by the element tree API from Python:
{namespace}attribute_name
an example:
{http://www.w3.org/2001/XMLSchema-instance}type
for the classic xsi:type attribute.
The only expected decryption error is on decryption of the symetric key
used to crypt the data. All other errors are critical and must be
logged.
Client of lasso_node_decrypt_xmlnode can then log the decryption failure
of the symetric if they tried with all possible keys (key rollover
case).
An empty reference means the complete document, so the signed node is
the root element of this document. We must check that the parameter
signe_node dmatches our assumption.
The node containing signature do not handle the private keys passwords.
As the fields for signature parameters are part of the public ABI we
cannot add the password field to the public structure for those nodes.
Instead we use the new quark annotation accessed through
lasso_node_get/set_signature, and if the sign_type parameter is non-NULL
we use it instead of the parameters stored in the public structure.
This is a gross hack :( but at least it is documented.
In order to permit subclass to modify the base xmlNode created by
lasso_node_impl_get_xmlNode we must defer the concrete to the virtual
method wrapper, lasso_node_get_xmlNode.
To do that it whas needed to make id_attribute another virtual field of
LassoNode subclasses (it can be accessed through an offset registered in
the class object).
This commit solves signature validation error since the patch for
managing more than one SessionIndex element in samlp2:LogoutRequest.
It also factorize the creation of signatures in one place.
* We now support the two possible formats for xsdtime XSchema datatype:
- dddd-dd-ddTdd:dd:ddZ
- dddd-dd-ddTdd:dd:dd.d*Z
Where d denotes a digit, and * is the kleene star.
XSD datetime also supports negative years, but as we cannot represent
them with time_t, we can reject it at the lexical level.
* lasso/xml/tools.h:
add new header to export lasso_build_unique_id as a public API.
* lasso/xml/Makefile.am:
add tools.h to header list
* lasso/xml/tools.c:
add GObjectIntrospection annotations to exported functions.
* lasso/xml/tools.c lasso/xml/private.h:
lots of functions duplicate this code, so we factorized it there.
It has two parameters, the xmlnode and boolean deciding whether to
format the resulting content (good for reading but bad for
signatures).
* lasso/xml/tools.c:
in lasso_saml2_verify_query_signature, extract needed field and order
them appropriately before computing digest, expect ';' as well as '&'
as separator.
* tests/random_test.c:
add non-regression tests for query signature validation.
* tests/Makefile.am:
make tests link agains static version of liblasso, to get access to
private functions.
* lasso/xml/tools.c:
this new function is a placeholder for the new SAML 2.0 semantic
following query signature validation function. It will start with the
old code of lasso_query_verify_signature.