summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [tests] fix tests to comply with new implementation of parsingBenjamin Dauvergne2011-12-162-17/+37
| | | | | The test around parsing of EncryptedAssertion was wrong since it was missing the XMLEnc namespace declaration.
* [xml] rewrite schema directed serialization/deserialization methodsBenjamin Dauvergne2011-12-1620-557/+661
| | | | | | | | | | | | | | | | | | | | | | | | The new implementations of lasso_node_impl_init_from_xml now validate namespace of all child nodes befores parsing. It stops on any error. For node which implement their own parsing of an attribute or a node, it must declare an XmlSnippet with an offset field set to 0. The 0 value is invalid for public GObject structure (it's the place of the GObject machinery like the reference count). The 0 offset can be used for XmlSnippet in a private structure, so never set the offset to 0 with the flag SNIPPET_PRIVATE, for a field which is parsed by you get_xmlNode virtual method. Other ameliorations in this commit is the possibility to set attributes with namespace when using the flags SNIPPET_ATTRIBUTE|SNIPPET_ANY. The syntax for an attribute is inspired by the element tree API from Python: {namespace}attribute_name an example: {http://www.w3.org/2001/XMLSchema-instance}type for the classic xsi:type attribute.
* [xml] add LASSO_XMLENC_PREFIX and LASSO_XMLENC_HREF definesBenjamin Dauvergne2011-12-161-0/+14
|
* [xml] add missing nodes to LassoIsInteractionRequestBenjamin Dauvergne2011-12-162-3/+6
|
* [xml] change saml_advice.h to declarer the real node typeBenjamin Dauvergne2011-12-162-2/+4
| | | | | It also needed a change to bindings.py to parse struct as well as typedef node classes.
* [xml] complete missing namespace declarations for child nodesBenjamin Dauvergne2011-12-1663-114/+168
| | | | | | | To allow lasso_node_impl_init_from_xmlnode to do proper namespace checking, child node which are not of the same namespace as their parent in their XSD schema must have an explicit namespace declared in the XmlSnippet.
* [core] mark private_data field of the LassoKey structure as privateBenjamin Dauvergne2011-12-161-0/+1
|
* [tests] improve checking for log outputBenjamin Dauvergne2011-12-166-10/+98
| | | | | | | | | | | - now any non expected log output is considered an error, by setting a g_log default handler. - block_lasso_logs()/unblock_lasso_logs() will block logging output at the DEBUG level - begin_check_do_log(level, message, endswith)/end_check_do_log() with check that the only message emitted between the two macros is one equals to "message" at the level "level", or ending (to work around variable parts in a log message) with "message" if "endswith" is True.
* [tests] rename login test suite, with mentions of ID-FF 1.2 and SAML 2.0Benjamin Dauvergne2011-12-162-2/+2
|
* [Makefile] fix missing soap11 nodes when compiling for MingwBenjamin Dauvergne2011-12-161-0/+1
|
* [core] fix uninitialized pointer to a GError structureBenjamin Dauvergne2011-12-161-1/+1
|
* [core] move XMLDsig related nodes in their own sub-library, add X509Data ↵Benjamin Dauvergne2011-12-1620-42/+464
| | | | | | node implementation The goal is to use the KeyInfo structure as a transport format for our cryptographic keys
* remove debugging printf statementBenjamin Dauvergne2011-12-091-2/+0
|
* [provider] fix doc commentBenjamin Dauvergne2011-12-081-4/+3
|
* [id-ff] move LassoLogout to use LassoSignatureContextBenjamin Dauvergne2011-12-081-135/+98
|
* [logging] add an error() macroBenjamin Dauvergne2011-12-081-0/+17
|
* [id-ff] move LassoLogin to use LassoSignatureContextBenjamin Dauvergne2011-12-081-92/+49
|
* [core] rename lasso_provider_set_specific_signing_key to ↵Benjamin Dauvergne2011-12-054-6/+6
| | | | lasso_provider_set_server_signing_key
* [perfs] add command line options, add option to use shared secret key ↵Benjamin Dauvergne2011-12-051-11/+41
| | | | | | cryptography Performance with HMAC-SHA1 is 100x the one with 2048 bits RSA.
* [core] add the HMAC-SHA1 shared secret signature methodBenjamin Dauvergne2011-12-056-1/+205
|
* [core] refactor lasso_query_verify_signature and ↵Benjamin Dauvergne2011-12-051-149/+108
| | | | | | | lasso_saml2_query_verify_signature This commit introduces lasso_query_verify_helper which factorize cryptographic operations.
* [tests] use helper macros in id-ff test caseBenjamin Dauvergne2011-12-051-31/+26
|
* [core] add lasso_provider_add_key to add other key for signature validationBenjamin Dauvergne2011-12-052-0/+43
| | | | | | The added key can be appended or prepended, depending on the need for the key: - rollover - improving performances (using simpler cryptographic algorithmss using shared secret keys)
* [core] add method lasso_provider_set_specific_signing_keyBenjamin Dauvergne2011-12-052-0/+32
| | | | | | | Using this method you can specify a signing which will be used for communication with the specified provider instead of the one configured on the LassoServer object. The main objective is to allow shared secret cryptography instead of public key cryptography.
* [core] add a new class LassoKeyBenjamin Dauvergne2011-12-056-3/+390
| | | | | | LassoKey currenly store a LassoSignatureContext inside a reference-counted and bindable object. It will be used to export API around key management to bindings.
* [core] set the xmlSec log handler globallyBenjamin Dauvergne2011-12-052-14/+11
| | | | The log handler is not set in lasso_init().
* [saml2] introduce a lasso_saml2_assertion_get_audirence_restrictions to ↵Benjamin Dauvergne2011-12-052-20/+33
| | | | factorize some code
* [core] introduce the LassoSignatureContext context, to pass around signature ↵Benjamin Dauvergne2011-12-0511-496/+608
| | | | | | | parameters This structure is used to pass around the signature algorithm and the signature key.
* [core] add a lasso_base64_decode functionBenjamin Dauvergne2011-12-052-0/+34
|
* [core] replace explicit allocation of LassoProviderPrivate by use of ↵Benjamin Dauvergne2011-12-051-13/+3
| | | | | | g_type_class_add_private The private part is allocated contiguously to the public structure data.
* [configure.ac] fix compilation on Mac Os XBenjamin Dauvergne2011-12-051-1/+1
|
* [xml] use lasso_node_export_to_query_with_password to implement ↵Benjamin Dauvergne2011-12-051-18/+3
| | | | lasso_node_export_to_query
* [tools] fix lasso_sha1 to return a glib allocated stringBenjamin Dauvergne2011-12-051-1/+1
|
* [id-ff/saml2] add a lasso_server_add_provider2Benjamin Dauvergne2011-12-052-0/+24
| | | | | It allows to add LassoProvider objects directly to a LassoServer object, without using the metadata loading methods.
* [utils] add lasso_crypto_memequal functionBenjamin Dauvergne2011-12-051-0/+20
| | | | This method compare byte strings in constant time.
* [tools] add a LassoSignatureContext structure to pass signature parameters ↵Benjamin Dauvergne2011-12-051-0/+35
| | | | | | around Signature parameters are mainly a LassoSignatureMethod and a xmlSecKey.
* [xml] add an inline function to validate LassoSignatureMethod valuesBenjamin Dauvergne2011-12-052-1/+10
| | | | - add also a LASSO_SIGNATURE_METHOD_NONE value
* [utils] add lasso_transfer_xml_node macrosBenjamin Dauvergne2011-12-051-0/+3
|
* [core] simplify lasso_provider_load_public_keyBenjamin Dauvergne2011-12-051-9/+10
|
* [web] fix link on the download pageBenjamin Dauvergne2011-11-291-1/+1
|
* Merge branch 'multi-certificates'Benjamin Dauvergne2011-11-2926-84/+583
|\
| * [integration tests] does not use full leak reportBenjamin Dauvergne2011-11-221-1/+1
| |
| * [integration tests] show more callers when using valgrind memcheck looking ↵Benjamin Dauvergne2011-11-221-1/+1
| | | | | | | | for leaks in authentic and lcs
| * [tests] add test for rollover on the SP side, i.e. rollover of encryption keysBenjamin Dauvergne2011-11-228-0/+380
| | | | | | | | | | | | This test case is the first to abstract the workflow between two LassoLogin object (for the idp and sp side). This part of the code could be used to simplify the code of other tests in the future.
| * [core] do not emit a warning for expected decryption errorsBenjamin Dauvergne2011-11-222-4/+10
| | | | | | | | | | | | | | | | | | | | The only expected decryption error is on decryption of the symetric key used to crypt the data. All other errors are critical and must be logged. Client of lasso_node_decrypt_xmlnode can then log the decryption failure of the symetric if they tried with all possible keys (key rollover case).
| * [core] add a new class of errors for xml encryption errorsBenjamin Dauvergne2011-11-222-0/+9
| | | | | | | | | | add LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA for generic unrecoverable xml decryption errors.
| * [leakcheck] fix leaks seen by the unit testsBenjamin Dauvergne2011-11-228-21/+91
| | | | | | | | | | This commit also improved valgrind suppression file to hide static allocations done by the GLib type system.
| * [core] multiple decryption keys supportBenjamin Dauvergne2011-11-217-58/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit complements the support for multiple signing certificate support in the metadata files. The use-case is still key roll-over. The structure LassoServerPrivateData was changed to accomodate multiple decryption keys, and so: xmlSecKey *encryption_private_key became: GList *encryption_private_keys All uses of this key were replaced by a loop over this list, terminating with the first key to be able to decrypt the content. The private key passed to lasso_server_new() or lasso_server_new_from_buffers() is first added to the list of decryption keys. Any other call to lasso_server_set_encryption_private_key_with_password() or lasso_server_set_encryption_private_key() will add a new key to the list.
* | Merge branch 'excl-c14n-fix'Benjamin Dauvergne2011-11-297-5/+66
|\ \ | |/ |/|
| * [web] add release news for release 2.3.6Benjamin Dauvergne2011-11-291-0/+16
| |
generated by cgit (git 2.34.1) at 2024-06-19 08:05:44 +0000