diff options
author | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-10-06 10:40:14 +0200 |
---|---|---|
committer | Benjamin Dauvergne <bdauvergne@entrouvert.com> | 2010-10-06 17:00:52 +0200 |
commit | 5d56e4558eba80b6cffb79797fe124ad90199632 (patch) | |
tree | 184deda8fa1a2e3c87dbf8cca2a5f07083005bfa /lasso | |
parent | 58a3868361ba63d51d5c0f802d3b7d2a9a8ae376 (diff) | |
download | lasso-5d56e4558eba80b6cffb79797fe124ad90199632.tar.gz lasso-5d56e4558eba80b6cffb79797fe124ad90199632.tar.xz lasso-5d56e4558eba80b6cffb79797fe124ad90199632.zip |
[ID-FFv1.2] in lasso_login_process_authn_request_msg() adopt simpler behaviour for checking signatures
There is two sources of advice for signature checking:
AuthnRequestsSigned attribute in service provider metadata files and
value of lasso_profile_get_signature_verify_hint().
If lasso_profile_get_signature_verify_hint() forbid to check signature,
we do not check.
If the SP advise to check signature, we check.
If lasso_profile_get_signature_verify_hint() forces to check signature,
we do not check.
In all other cases we only check if a signature is present, i.e. we
ignore the error LASSO_DS_ERROR_SIGNATURE_NOT_FOUND.
Diffstat (limited to 'lasso')
-rw-r--r-- | lasso/id-ff/login.c | 42 |
1 files changed, 26 insertions, 16 deletions
diff --git a/lasso/id-ff/login.c b/lasso/id-ff/login.c index 2cb6cf30..b605aff5 100644 --- a/lasso/id-ff/login.c +++ b/lasso/id-ff/login.c @@ -2072,28 +2072,38 @@ lasso_login_process_authn_request_msg(LassoLogin *login, const char *authn_reque /* Check authnRequest signature. */ if (authn_request_msg != NULL) { + LassoProfileSignatureVerifyHint sig_verify_hint; + + sig_verify_hint = lasso_profile_get_signature_verify_hint(profile); remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); - if (remote_provider != NULL) { - /* Is authnRequest signed ? */ - authnRequestSigned = lasso_provider_get_metadata_one( - remote_provider, "AuthnRequestsSigned"); - if (authnRequestSigned != NULL) { - must_verify_signature = strcmp(authnRequestSigned, "true") == 0; - lasso_release_string(authnRequestSigned); - } else { - /* missing element in metadata; shouldn't - * happen, assume true */ - must_verify_signature = TRUE; - } - } else { + if (remote_provider == NULL) { return critical_error(LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND); } - - /* verify request signature */ + /* Is authnRequest signed ? */ + must_verify_signature = TRUE; + authnRequestSigned = lasso_provider_get_metadata_one( + remote_provider, "AuthnRequestsSigned"); + if (authnRequestSigned != NULL) { + must_verify_signature = strcmp(authnRequestSigned, "true") == 0; + lasso_release_string(authnRequestSigned); + } + if (sig_verify_hint == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE) { + must_verify_signature = TRUE; + } + if (sig_verify_hint == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) { + must_verify_signature = FALSE; + } + /* reset the signature_status, and if signature validation was not really needed + * just choke on the presence of an invalid signature, if no signature just goes on + * */ + profile->signature_status = 0; if (must_verify_signature) { ret = lasso_provider_verify_signature(remote_provider, authn_request_msg, "RequestID", format); - profile->signature_status = ret; + if (profile == LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE && ret != + LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { + profile->signature_status = ret; + } } } |