Compare commits
12 Commits
f575ac1a7c
...
aa89aa4672
Author | SHA1 | Date |
---|---|---|
Benjamin Dauvergne | aa89aa4672 | |
Benjamin Dauvergne | b50397c504 | |
Benjamin Dauvergne | 66c9f50f1f | |
Benjamin Dauvergne | 1ca8e8699c | |
Benjamin Dauvergne | 46caef8185 | |
Benjamin Dauvergne | fe27e52da0 | |
Benjamin Dauvergne | 3e6f9076e1 | |
Benjamin Dauvergne | 625bf7d9c1 | |
Benjamin Dauvergne | 5c963205ad | |
Benjamin Dauvergne | 596994307e | |
Benjamin Dauvergne | b3b9584b76 | |
Benjamin Dauvergne | 534d2b9698 |
|
@ -90,6 +90,7 @@ fi
|
|||
dnl
|
||||
dnl Check for programs
|
||||
dnl
|
||||
CFLAGS="$CFLAGS -Werror=implicit-function-declaration"
|
||||
AC_PROG_CC
|
||||
AM_CFLAGS=""
|
||||
AC_HEADER_STDC
|
||||
|
|
|
@ -133,9 +133,6 @@ LASSO_EXPORT gchar *lasso_server_get_endpoint_url_by_id(const LassoServer *serve
|
|||
LASSO_EXPORT GList *lasso_server_get_filtered_provider_list(const LassoServer *server,
|
||||
LassoProviderRole role, LassoMdProtocolType protocol_type, LassoHttpMethod http_method);
|
||||
|
||||
LASSO_EXPORT LassoSignatureMethod lasso_get_default_signature_method();
|
||||
void lasso_set_default_signature_method(LassoSignatureMethod meth);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif /* __cplusplus */
|
||||
|
|
|
@ -354,6 +354,10 @@ gchar* lasso_xmlnode_build_deflated_query(xmlNode *xmlnode);
|
|||
|
||||
xmlTextReader *lasso_xmltextreader_from_message(const char *message, char **to_free);
|
||||
|
||||
void lasso_set_default_signature_method(LassoSignatureMethod meth);
|
||||
void lasso_set_min_signature_method(LassoSignatureMethod meth);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif /* __cplusplus */
|
||||
|
|
|
@ -1039,12 +1039,12 @@ lasso_saml2_query_verify_signature(const char *query, xmlSecKey *sender_public_k
|
|||
goto_cleanup_with_rc(LASSO_PROFILE_ERROR_INVALID_QUERY);
|
||||
}
|
||||
|
||||
if (! sig_alg) {
|
||||
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG);
|
||||
}
|
||||
if (! b64_signature) {
|
||||
goto_cleanup_with_rc(LASSO_DS_ERROR_SIGNATURE_NOT_FOUND);
|
||||
}
|
||||
if (! sig_alg) {
|
||||
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG);
|
||||
}
|
||||
/* build the signed query */
|
||||
if (relaystate) {
|
||||
signed_query = g_strconcat(saml_request_response, "&", relaystate, "&", sig_alg, NULL);
|
||||
|
@ -1261,9 +1261,9 @@ cleanup:
|
|||
if (doc) {
|
||||
xmlRemoveID(doc, id_attr);
|
||||
xmlUnlinkNode(xmlnode);
|
||||
lasso_release_doc(doc);
|
||||
xmlnode->parent = old_parent;
|
||||
xmlSetTreeDoc(xmlnode, NULL);
|
||||
lasso_release_doc(doc);
|
||||
}
|
||||
lasso_release_signature_context(dsig_ctx);
|
||||
return rc;
|
||||
|
|
|
@ -214,6 +214,7 @@ LASSO_EXPORT LassoKeyEncryptionMethod lasso_get_default_key_encryption_method();
|
|||
LASSO_EXPORT void lasso_set_default_key_encryption_method(LassoKeyEncryptionMethod method);
|
||||
|
||||
/* signature method and hash strength */
|
||||
LASSO_EXPORT LassoSignatureMethod lasso_get_default_signature_method();
|
||||
LASSO_EXPORT LassoSignatureMethod lasso_get_min_signature_method();
|
||||
|
||||
void lasso_set_min_signature_method(LassoSignatureMethod meth);
|
||||
|
|
|
@ -292,6 +292,8 @@ START_TEST(test07_saml2_query_verify_signature)
|
|||
* changed to ; */
|
||||
const char query2[] = "Signature=Zfz3DE1VMV3thaV4FWpH0fkWsBMzAFJcfvVWAbo0a3cY48Et%2BXUcbr1nvOJUJmhGoie0pQ4%2BcD9ToQlSk7BbJSBCct%2FQQgn2QNkX%2F1lk4v8RU8p5ptJRJ2iPLb8nC6WZhs81HoihQePSuj7Qe5bRUsDKvnWMq6OkD%2Fe6YO77dMXregTcfmnkrXqRb2T6TFfqyOz9i0%2FjmISsmj%2F3kEEfUzVA4LEbeEgiJDj1hec4XW26gQTih53v0sYukq4Eyb4zS2jVd3apUUxUrjn1NUpr7Z7dZ7w5MQlgZ8aw1xFDE8BkxymvIjwf8ciyx6sfTKbCRsoS9E0pQB1vxvh6OMt1Ww%3D%3D;SAMLRequest=fVHJasMwEP0Vo3tqRXY2YRvcOIFAl9CUHnopwpkkAllyNeMuf1%2FZaSG95PrmLfNmMlSNaWXZ0ck%2BwXsHSNFXYyzKYZCzzlvpFGqUVjWAkmq5K%2B%2FvpLjhsvWOXO0Mu5BcVyhE8KSdZdGmytnbNEmTBV%2Bli9ulKMt5KlbVfDkbizWfcVEmUxa9gMfAz1mQBxFiBxuLpCwFiIvxiE9H48mz4FJMZJq8sqgKHbRVNKhORK2MY71vJzFqezSw00f7GPLXztcw9M7ZQRmE3n0bFtQf8IcUWV9JDqm%2B%2BPXCYNUAqb0ilcWXhOx8zIdQe1NtndH1dx%2FTKLp%2BlR7R%2B9FhoMq2b4wEllhUGuM%2Blx4UhZ3Id8Di4pz5%2F2fFDw%3D%3D;RelayState=fake;SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256";
|
||||
const char query3[] = "SAMLRequest=fVHJasMwEP0Vo3tqRXY2YRvcOIFAl9CUHnopwpkkAllyNeMuf1%2FZaSG95PrmLfNmMlSNaWXZ0ck%2BwXsHSNFXYyzKYZCzzlvpFGqUVjWAkmq5K%2B%2FvpLjhsvWOXO0Mu5BcVyhE8KSdZdGmytnbNEmTBV%2Bli9ulKMt5KlbVfDkbizWfcVEmUxa9gMfAz1mQBxFiBxuLpCwFiIvxiE9H48mz4FJMZJq8sqgKHbRVNKhORK2MY71vJzFqezSw00f7GPLXztcw9M7ZQRmE3n0bFtQf8IcUWV9JDqm%2B%2BPXCYNUAqb0ilcWXhOx8zIdQe1NtndH1dx%2FTKLp%2BlR7R%2B9FhoMq2b4wEllhUGuM%2Blx4UhZ3Id8Di4pz5%2F2fFDw%3D%3D&RelayState=fake&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=rUJ%2B9wVSvdGSmZWGuGXgudAPV5KBxRfxRKraBWGIslBz2XreyNbQjSA47DhIfi%2Bxf0awIIGkKcieN3Qd5sqVn4wvFU8fsmfqrdtouYi46aKsj4W91N19TxJ%2BCgrP7ygVEGDaGdc%2BrCQC3%2FuoYTELXq0gYP7tHaXA%2FCaZHfx5Z159crpRxS6eabZ6BGf4ImxiKhE1FuYzKHeISEV1iSyvgx5%2FE8ydSO%2FSP6yA5Rck4JxVJWH6ImbswCVQ80qfqR4NoJ%2BxiZqilbDJnQaSKZggx%2FgjNVoX%2FMVW1FqEmgJNcZpSjNUQqy9u4veSllpxPc2aB%2FpiUjzpbq9XzyFDOQfkUQ%3D%3D";
|
||||
/* Deleting SigAlg & Signature fields */
|
||||
const char query4[] = "SAMLRequest=fVHJasMwEP0Vo3tqRXY2YRvcOIFAl9CUHnopwpkkAllyNeMuf1%2FZaSG95PrmLfNmMlSNaWXZ0ck%2BwXsHSNFXYyzKYZCzzlvpFGqUVjWAkmq5K%2B%2FvpLjhsvWOXO0Mu5BcVyhE8KSdZdGmytnbNEmTBV%2Bli9ulKMt5KlbVfDkbizWfcVEmUxa9gMfAz1mQBxFiBxuLpCwFiIvxiE9H48mz4FJMZJq8sqgKHbRVNKhORK2MY71vJzFqezSw00f7GPLXztcw9M7ZQRmE3n0bFtQf8IcUWV9JDqm%2B%2BPXCYNUAqb0ilcWXhOx8zIdQe1NtndH1dx%2FTKLp%2BlR7R%2B9FhoMq2b4wEllhUGuM%2Blx4UhZ3Id8Di4pz5%2F2fFDw%3D%3D&RelayState=fake";
|
||||
/* sp5-saml2 key */
|
||||
const char pkey[] = "-----BEGIN CERTIFICATE-----\n\
|
||||
MIIDnjCCAoagAwIBAgIBATANBgkqhkiG9w0BAQUFADBUMQswCQYDVQQGEwJGUjEP\n\
|
||||
|
@ -324,6 +326,11 @@ LlTxKnCrWAXftSm1rNtewTsF\n\
|
|||
/* test reordering and semi-colon separator support */
|
||||
ck_assert_msg(lasso_saml2_query_verify_signature(query2, key) == 0, "Disordered signature was not validated");
|
||||
ck_assert_msg(lasso_saml2_query_verify_signature(query3, key) != 0, "Altered signature was validated");
|
||||
/* test missing signature error code */
|
||||
ck_assert_msg(lasso_saml2_query_verify_signature(query3, key) == LASSO_DS_ERROR_INVALID_SIGNATURE,
|
||||
"Altered signature do not lead to invalid signature");
|
||||
ck_assert_msg(lasso_saml2_query_verify_signature(query4, key) == LASSO_DS_ERROR_SIGNATURE_NOT_FOUND,
|
||||
"Bad error code when missing signature");
|
||||
xmlSecKeyDestroy(key);
|
||||
}
|
||||
END_TEST
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
<li><a
|
||||
href="/documentation/slides/20050201-lasso-solutions-linux.pdf">General
|
||||
presentation</a> given February 1st 2005 in the "Identity Management" track
|
||||
of <a href="http://www.solutionslinux.fr">Solutions Linux</a> in Paris.
|
||||
of Solutions Linux in Paris.
|
||||
(in French)
|
||||
</li>
|
||||
</ul>
|
||||
|
|
|
@ -14,15 +14,15 @@
|
|||
protocols. Lasso is built on top of <a href="http://www.xmlsoft.org">libxml2</a>,
|
||||
<a href="http://www.aleksey.com/xmlsec/">XMLSec</a> and <a
|
||||
href="http://www.openssl.org">OpenSSL</a> and is licensed under the <a
|
||||
href="/license">GNU General Public License</a>
|
||||
href="https://www.gnu.org/licenses/gpl-3.0.en.html">GNU General Public License</a>
|
||||
(with an <a href="/license#openssl">OpenSSL exception</a>).
|
||||
</p>
|
||||
|
||||
<p>
|
||||
We strongly recommend the use of the <a href="/license">GNU General Public
|
||||
We strongly recommend the use of the <a href="https://www.gnu.org/licenses/gpl-3.0.en.html">GNU General Public
|
||||
License</a> each time it is possible. But for proprietary projects, that
|
||||
wouldn't want to use it, we designed a <a
|
||||
href="http://www.entrouvert.com/en/expertise/licenses/">commercial
|
||||
href="https://www.entrouvert.com/expertise/licences/">commercial
|
||||
license</a>.
|
||||
</p>
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0"?>
|
||||
<div xmlns="http://www.w3.org/1999/xhtml">
|
||||
<h3>2005-02-01: Conference at <a href="http://www.solutionslinux.fr">Solutions Linux</a></h3>
|
||||
<h3>2005-02-01: Conference at Solutions Linux</h3>
|
||||
|
||||
<p>
|
||||
Lasso made a remarked appearance in the "Identity management" track. <a
|
||||
|
|
Loading…
Reference in New Issue