summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2010-02-17 10:15:21 +0000
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2010-02-17 10:15:21 +0000
commitd3932515858eeefe645c877cb505a228fef76f12 (patch)
tree8b137e2809cbcede58efa6b002b29587208e85ec
parentbdac600b56a72a9f62ccccdf598afa1981fedbec (diff)
SAML 2.0: in lasso_saml20_profile_set_session_from_dump_decrypt, really decrypt
* lasso/saml-2.0/profile.c: dump for already signed assertion containing an EncryptedID as Subject does not work as before, the decrypted NameID is no more included in it, so instead of trying to plug it in the NameID field we resort to really deciphering the EncryptedID. That could be a performance problem if the session object is stuffed with a lot of assertions.
Diffstat
-rw-r--r--lasso/saml-2.0/profile.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 68ce9f15..45d22074 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -448,16 +448,26 @@ lasso_profile_is_saml_query(const gchar *query)
static void
lasso_saml20_profile_set_session_from_dump_decrypt(
- LassoSaml2Assertion *assertion, G_GNUC_UNUSED gpointer data)
+ LassoSaml2Assertion *assertion, LassoProfile *profile)
{
if (LASSO_IS_SAML2_ASSERTION(assertion) == FALSE) {
return;
}
- if (assertion->Subject != NULL && assertion->Subject->EncryptedID != NULL) {
- lasso_assign_gobject(assertion->Subject->NameID,
- assertion->Subject->EncryptedID->original_data);
+ if (assertion->Subject != NULL && ! assertion->Subject->NameID && assertion->Subject->EncryptedID != NULL) {
+ if (assertion->Subject->EncryptedID->original_data) { /* already decrypted */
+ lasso_assign_gobject(assertion->Subject->NameID,
+ assertion->Subject->EncryptedID->original_data);
lasso_release_gobject(assertion->Subject->EncryptedID);
+ } else { /* decrypt */
+ int rc;
+ rc = lasso_saml2_encrypted_element_decrypt(assertion->Subject->EncryptedID, lasso_server_get_encryption_private_key(profile->server), (LassoNode**) &assertion->Subject->NameID);
+ if (rc == 0) {
+ lasso_release_gobject(assertion->Subject->EncryptedID);
+ } else {
+ message(G_LOG_LEVEL_WARNING, "Could not decrypt EncrypteID from assertion in session dump: %s", lasso_strerror(rc));
+ }
+ }
}
}
@@ -473,7 +483,7 @@ lasso_saml20_profile_set_session_from_dump(LassoProfile *profile)
g_list_foreach(assertions,
(GFunc)lasso_saml20_profile_set_session_from_dump_decrypt,
- NULL);
+ profile);
lasso_release_list(assertions);
}
generated by cgit (git 2.34.1) at 2026-04-11 14:07:57 +0000