Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with lasso_get_default_signature_method() (#54037)
This should be backwards-compatible but at the same time use the selected default instead of RSA-SHA1. Related: https://dev.entrouvert.org/issues/54037
This commit is contained in:
parent
f095ac8f57
commit
0d34c97be1
|
@ -251,7 +251,7 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem
|
|||
nameIdentifier,
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
||||
lasso_get_default_signature_method());
|
||||
if (profile->msg_relayState) {
|
||||
message(G_LOG_LEVEL_WARNING,
|
||||
"RelayState was defined but can't be used "\
|
||||
|
|
|
@ -396,7 +396,7 @@ lasso_logout_build_response_msg(LassoLogout *logout)
|
|||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 :
|
||||
LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1));
|
||||
lasso_get_default_signature_method()));
|
||||
} else if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
|
||||
lasso_assign_new_gobject(profile->response,
|
||||
lasso_lib_logout_response_new_full(
|
||||
|
@ -608,7 +608,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
|
|||
nameIdentifier,
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
||||
lasso_get_default_signature_method());
|
||||
} else { /* http_method == LASSO_HTTP_METHOD_REDIRECT */
|
||||
is_http_redirect_get_method = TRUE;
|
||||
lib_logout_request = (LassoLibLogoutRequest*)lasso_lib_logout_request_new_full(
|
||||
|
@ -990,7 +990,7 @@ lasso_logout_validate_request(LassoLogout *logout)
|
|||
logout_request,
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1));
|
||||
lasso_get_default_signature_method()));
|
||||
}
|
||||
if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
|
||||
lasso_assign_new_gobject(profile->response, lasso_lib_logout_response_new_full(
|
||||
|
|
|
@ -259,7 +259,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping,
|
|||
targetNamespace,
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
||||
lasso_get_default_signature_method());
|
||||
if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
|
||||
}
|
||||
|
@ -458,7 +458,7 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi
|
|||
request,
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
||||
lasso_get_default_signature_method());
|
||||
|
||||
if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response) == FALSE) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);
|
||||
|
|
|
@ -339,7 +339,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration,
|
|||
idpNameIdentifier, spNameIdentifier, oldNameIdentifier,
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
||||
lasso_get_default_signature_method());
|
||||
if (profile->request == NULL) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
|
||||
}
|
||||
|
@ -575,7 +575,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio
|
|||
LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request),
|
||||
profile->server->certificate ?
|
||||
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1);
|
||||
lasso_get_default_signature_method());
|
||||
if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) {
|
||||
return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);
|
||||
}
|
||||
|
|
|
@ -1274,7 +1274,7 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi
|
|||
|
||||
if (public_key != NULL) {
|
||||
xmlSecKey *key = lasso_xmlsec_load_private_key(public_key, NULL,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);
|
||||
lasso_get_default_signature_method(), NULL);
|
||||
if (key) {
|
||||
lasso_list_add_new_sec_key(keys, key);
|
||||
} else {
|
||||
|
|
|
@ -2746,7 +2746,7 @@ next:
|
|||
content = xmlNodeGetContent(key_value);
|
||||
if (content) {
|
||||
result = lasso_xmlsec_load_private_key_from_buffer((char*)content,
|
||||
strlen((char*)content), NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);
|
||||
strlen((char*)content), NULL, lasso_get_default_signature_method(), NULL);
|
||||
xmlFree(content);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2008,16 +2008,16 @@ START_TEST(test14_lasso_key)
|
|||
|
||||
check_true(g_file_get_contents(TESTSDATADIR "sp1-la/private-key-raw.pem", &buffer, &length, NULL));
|
||||
check_not_null(key = lasso_key_new_for_signature_from_memory(buffer,
|
||||
length, NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1,
|
||||
length, NULL, lasso_get_default_signature_method(),
|
||||
NULL));
|
||||
lasso_release_gobject(key);
|
||||
check_not_null(key = lasso_key_new_for_signature_from_file(TESTSDATADIR
|
||||
"sp1-la/private-key-raw.pem", NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1,
|
||||
"sp1-la/private-key-raw.pem", NULL, lasso_get_default_signature_method(),
|
||||
NULL));
|
||||
lasso_release_gobject(key);
|
||||
base64_encoded = g_base64_encode(BAD_CAST buffer, length);
|
||||
check_not_null(key = lasso_key_new_for_signature_from_base64_string(base64_encoded, NULL,
|
||||
LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL));
|
||||
lasso_get_default_signature_method(), NULL));
|
||||
lasso_release_string(base64_encoded);
|
||||
lasso_release_string(buffer);
|
||||
lasso_release_gobject(key);
|
||||
|
|
Loading…
Reference in New Issue