diff options
Diffstat (limited to 'lasso/saml-2.0/login.c')
-rw-r--r-- | lasso/saml-2.0/login.c | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c index 3955b62c..acc9125a 100644 --- a/lasso/saml-2.0/login.c +++ b/lasso/saml-2.0/login.c @@ -1160,16 +1160,16 @@ _lasso_check_assertion_issuer(LassoSaml2Assertion *assertion, const gchar *provi static gint _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *samlp2_response) { - xmlSecKey *encryption_private_key; - GList *it; + GList *encryption_private_keys = NULL; + GList *it = NULL; gboolean at_least_one_decryption_failture = FALSE; gboolean at_least_one_malformed_element = FALSE; if (! samlp2_response->EncryptedAssertion) return 0; /* nothing to do */ - encryption_private_key = lasso_server_get_encryption_private_key(login->parent.server); - if (! encryption_private_key) { + encryption_private_keys = lasso_server_get_encryption_private_keys(login->parent.server); + if (! encryption_private_keys) { message(G_LOG_LEVEL_WARNING, "Missing private encryption key, cannot decrypt assertions."); return LASSO_DS_ERROR_DECRYPTION_FAILED_MISSING_PRIVATE_KEY; } @@ -1185,9 +1185,19 @@ _lasso_saml20_login_decrypt_assertion(LassoLogin *login, LassoSamlp2Response *sa continue; } encrypted_assertion = (LassoSaml2EncryptedElement*)it->data; - rc1 = lasso_saml2_encrypted_element_decrypt(encrypted_assertion, encryption_private_key, (LassoNode**)&assertion); - - if (rc1) { + lasso_foreach_full_begin(xmlSecKey*, encryption_private_key, it, + encryption_private_keys) + { + rc1 = lasso_saml2_encrypted_element_decrypt(encrypted_assertion, encryption_private_key, (LassoNode**)&assertion); + if (rc1 == 0) + break; + } + lasso_foreach_full_end(); + if (rc1 == LASSO_DS_ERROR_DECRYPTION_FAILED) { + message(G_LOG_LEVEL_WARNING, "Could not decrypt the EncryptedKey"); + at_least_one_decryption_failture |= TRUE; + continue; + } else if (rc1) { message(G_LOG_LEVEL_WARNING, "Could not decrypt an assertion: %s", lasso_strerror(rc1)); at_least_one_decryption_failture |= TRUE; continue; @@ -1429,6 +1439,7 @@ lasso_saml20_login_build_authn_response_msg(LassoLogin *login) lasso_check_good_rc(lasso_saml20_profile_build_response_msg(profile, NULL, http_method, url)); cleanup: + lasso_release_string(url); return rc; } @@ -1486,7 +1497,7 @@ lasso_saml20_login_init_idp_initiated_authn_request(LassoLogin *login, return LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND; lasso_assign_string(profile->remote_providerID, remote_providerID); - lasso_assign_gobject(profile->request, lasso_samlp2_authn_request_new()); + lasso_assign_new_gobject(profile->request, lasso_samlp2_authn_request_new()); lasso_assign_new_gobject(LASSO_SAMLP2_AUTHN_REQUEST(profile->request)->NameIDPolicy, lasso_samlp2_name_id_policy_new()); lasso_assign_new_gobject(LASSO_SAMLP2_REQUEST_ABSTRACT(profile->request)->Issuer, |