Merge branch 'hotfixes-2.3.4'

4 files changed, 65 insertions, 5 deletions

diff --git a/NEWS b/NEWS
index 6b84baa9..9f391c34 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@ NEWS
 14 commits, 10 files changed, 199 insertions, 49 deletions
 
 Generic
- * fix warning for compiling on pardus and EL5
+ * fix warning for compiling on Pardus and EL5
  * the release tarball now contains the figures for the documentation
  * lasso_login_process_authn_request documentation gained details on returned errors
 
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index d7cf8810..23f54eee 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -145,8 +145,10 @@ lasso_provider_get_assertion_consumer_service_url(LassoProvider *provider, const
 	char *name = NULL;
 	char *assertion_consumer_service_url = NULL;
 
+	g_return_val_if_fail(LASSO_IS_PROVIDER(provider), NULL);
+
 	if (provider->private_data->conformance == LASSO_PROTOCOL_SAML_2_0) {
-		int sid = -1;
+		long sid = -1;
 		if (service_id != NULL) {
 			if (lasso_string_to_xsd_integer(service_id, &sid)) {
 				if (sid < 0) {
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 40f6fe89..f5c91755 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -1513,6 +1513,7 @@ cleanup:
 gint
 lasso_profile_saml20_setup_message_signature(LassoProfile *profile, LassoNode *request_or_response)
 {
+	LassoSignatureMethod sign_method;
 	lasso_bad_param(PROFILE, profile);
 
 	switch (lasso_profile_get_signature_hint(profile)) {
@@ -1544,7 +1545,7 @@ lasso_profile_saml20_setup_message_signature(LassoProfile *profile, LassoNode *r
 		} else {
 			request->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
 		}
-		request->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
+		request->sign_method = profile->server->signature_method;
 		lasso_assign_string(request->private_key_file,
 				profile->server->private_key);
 		lasso_assign_string(request->certificate_file,
@@ -1562,7 +1563,7 @@ lasso_profile_saml20_setup_message_signature(LassoProfile *profile, LassoNode *r
 		} else {
 			response->sign_type = LASSO_SIGNATURE_TYPE_SIMPLE;
 		}
-		response->sign_method = LASSO_SIGNATURE_METHOD_RSA_SHA1;
+		response->sign_method = profile->server->signature_method;
 		lasso_assign_string(response->private_key_file,
 				profile->server->private_key);
 		lasso_assign_string(response->certificate_file,
diff --git a/tests/non_regression_tests.c b/tests/non_regression_tests.c
index 208bc30d..03f6045f 100644
--- a/tests/non_regression_tests.c
+++ b/tests/non_regression_tests.c
@@ -32,6 +32,7 @@
 #include <../lasso/xml/lib_authentication_statement.h>
 #include <../lasso/xml/saml_name_identifier.h>
 #include <../lasso/xml/samlp_response.h>
+#include <../lasso/id-ff/provider.h>
 #include "../lasso/utils.h"
 
 
@@ -81,11 +82,67 @@ Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\"\n\
 }
 END_TEST
 
+START_TEST(indexed_endpoints_20101008)
+{
+	LassoProvider *provider = NULL;
+	char *meta01 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
+<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"wrong\" index=\"1\" />\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"ok\" index=\"0\" />\n\
+</SPSSODescriptor>\n\
+</md:EntityDescriptor>\n";
+	char *meta02 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
+<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"wrong\" index=\"0\" isDefault=\"false\" />\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"ok\" index=\"1\" />\n\
+</SPSSODescriptor>\n\
+</md:EntityDescriptor>\n";
+	char *meta03 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
+<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"wrong\" index=\"0\" isDefault=\"false\" />\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"ok\" index=\"1\" />\n\
+</SPSSODescriptor>\n\
+</md:EntityDescriptor>\n";
+	char *meta04 = "<md:EntityDescriptor entityID=\"google.com\" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\">\n\
+<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\" Location=\"wrong\" index=\"0\" />\n\
+<AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"ok\" index=\"1\" isDefault=\"true\" />\n\
+</SPSSODescriptor>\n\
+</md:EntityDescriptor>\n";
+
+	provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta01, NULL, NULL);
+	check_not_null(provider);
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "ok");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "wrong");
+	lasso_release_gobject(provider);
+	provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta02, NULL, NULL);
+	check_not_null(provider);
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "wrong");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "ok");
+	lasso_release_gobject(provider);
+	provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta03, NULL, NULL);
+	check_not_null(provider);
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "wrong");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "ok");
+	lasso_release_gobject(provider);
+	provider = lasso_provider_new_from_buffer(LASSO_PROVIDER_ROLE_SP, meta04, NULL, NULL);
+	check_not_null(provider);
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, NULL), "ok");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "0"), "wrong");
+	check_str_equals(lasso_provider_get_assertion_consumer_service_url(provider, "1"), "ok");
+	lasso_release_gobject(provider);
+}
+END_TEST
+
 struct {
 	char *name;
 	void *function;
 } tests[] = {
-	{ "Googleapps error from coudot@ on 27-09-2010", test01_googleapps_27092010}
+	{ "Googleapps error from coudot@ on 27-09-2010", test01_googleapps_27092010},
+	{ "Wrong assertionConsumer ordering on 08-10-2010", indexed_endpoints_20101008}
 };
 
 Suite*