Release 2.8.1

-·Major·overhaul·of·OpenSSL·API·usage·by·using·only·the·EVP·API·as·the·low¶
··level·API·(RSA*,·HMAC*)·is·deprecated.¶
-·Fix·wrong·parsing·of·Count·attribute·on·saml:ProxyRestriction,·thanks·to¶
··Maxime·Besson·from·Worteks.¶
-·Perl:·pass·LDFLAGS·to·Makefile.PL¶
-·Replace·use·of·deprecated·xmlSecBase64Decode·by·xmlSecBase64Decode_ex¶
-·Fix·overwrite·of·profile.signature_status·in·lasso_saml20_login_process_response_status_and_assertion¶
-·Fix·lot·of·GCC·warnings¶

Jenkinsfile

@@ -20,7 +20,19 @@ pipeline {
             }
             steps {
                 script {
-                    sh 'sudo -H -u eobuilder /usr/local/bin/eobuilder -d buster,bullseye lasso'
+                    env.SHORT_JOB_NAME=sh(
+                        returnStdout: true,
+                        // given JOB_NAME=gitea/project/PR-46, returns project
+                        // given JOB_NAME=project/main, returns project
+                        script: '''
+                            echo "${JOB_NAME}" | sed "s/gitea\\///" | awk -F/ '{print $1}'
+                        '''
+                    ).trim()
+                    if (env.GIT_BRANCH == 'main' || env.GIT_BRANCH == 'origin/main') {
+                        sh "sudo -H -u eobuilder /usr/local/bin/eobuilder -d bullseye ${SHORT_JOB_NAME}"
+                    } else if (env.GIT_BRANCH.startsWith('hotfix/')) {
+                        sh "sudo -H -u eobuilder /usr/local/bin/eobuilder -d bullseye --branch ${env.GIT_BRANCH} --hotfix ${SHORT_JOB_NAME}"
+                    }
                 }
             }
         }

debian-bullseye/tests/control

@@ -0,0 +1,3 @@
+Test-Command: for py in $(py3versions -s); do echo "[*] testing on $py:"; $py debian/tests/sso.py ; done
+
+Test-Command: /usr/bin/perl bindings/perl/test.pl

debian-bullseye/tests/sso.py

@@ -0,0 +1,36 @@
+import os
+import lasso
+
+DATA_DIR = 'tests/data'
+
+
+def server(local_name, remote_role, remote_name):
+    pwd = os.path.join(DATA_DIR, local_name, 'password')
+    password = None
+    if os.path.exists(pwd):
+        password = open(pwd).read()
+    s = lasso.Server(
+        os.path.join(DATA_DIR, local_name, 'metadata.xml'),
+        os.path.join(DATA_DIR, local_name, 'private-key.pem'),
+        password,
+    )
+    s.addProvider(remote_role, os.path.join(DATA_DIR, remote_name, 'metadata.xml'))
+    return s
+
+
+sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2')
+idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2')
+
+sp_login = lasso.Login(sp_server)
+sp_login.initAuthnRequest()
+sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
+sp_login.buildAuthnRequestMsg()
+idp_login = lasso.Login(idp_server)
+idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
+idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
+idp_login.validateRequestMsg(True, True)
+idp_login.buildAssertion("None", "None", "None", "None", "None")
+idp_login.buildAuthnResponseMsg()
+sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
+sp_login.processAuthnResponseMsg(idp_login.msgBody)
+sp_login.acceptSso()