summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * [core] add a new class of errors for xml encryption errorsBenjamin Dauvergne2011-11-222-0/+9
| | | | | | | | | | add LASSO_XMLENC_ERROR_INVALID_ENCRYPTED_DATA for generic unrecoverable xml decryption errors.
| * [leakcheck] fix leaks seen by the unit testsBenjamin Dauvergne2011-11-228-21/+91
| | | | | | | | | | This commit also improved valgrind suppression file to hide static allocations done by the GLib type system.
| * [core] multiple decryption keys supportBenjamin Dauvergne2011-11-217-58/+92
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit complements the support for multiple signing certificate support in the metadata files. The use-case is still key roll-over. The structure LassoServerPrivateData was changed to accomodate multiple decryption keys, and so: xmlSecKey *encryption_private_key became: GList *encryption_private_keys All uses of this key were replaced by a loop over this list, terminating with the first key to be able to decrypt the content. The private key passed to lasso_server_new() or lasso_server_new_from_buffers() is first added to the list of decryption keys. Any other call to lasso_server_set_encryption_private_key_with_password() or lasso_server_set_encryption_private_key() will add a new key to the list.
* | Merge branch 'excl-c14n-fix'Benjamin Dauvergne2011-11-297-5/+66
|\ \ | |/ |/|
| * [web] add release news for release 2.3.6Benjamin Dauvergne2011-11-291-0/+16
| |
| * [release] 2.3.6Benjamin Dauvergne2011-11-295-5/+24
| |
| * [core] fix wrong XML canonicalization when assertion is extracted without ↵Benjamin Dauvergne2011-11-221-0/+26
| | | | | | | | its namespace context
| * [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 ↵Benjamin Dauvergne2011-11-212-2/+2
| | | | | | | | | | | | | | | | | | and php 5.3.5 - gcc now warns when you compate a typedef to the anonymous enum which define it. - some inline function in the zend.h header do compare between signed and unsigned char.
* | Merge branch 'extension-abi-respecting'Benjamin Dauvergne2011-11-185-66/+130
|\ \
| * | [saml2] add missing extension point for LassoSaml2SubjectConfirmationDataBenjamin Dauvergne2011-11-181-0/+10
| | | | | | | | | | | | | | | - it can support any content and any attribute without validation xs:any with processContents="lax"
| * | [xml] allow to store XSchema data into a private stuctureBenjamin Dauvergne2011-11-182-65/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - added new macros SNIPPET_STRUCT_MEMBER and SNIPPET_STRUCT_MEMBER_P replaces use of G_STRUCT_MEMBER/_P macros. - we use the GType of the class containing a given XmlSnippet to find the proper private structure. - added flag SNIPPET_PRIVATE to state XmlSnippet whose value should be extracted from the private structure and not the public one.
| * | [binding python] prevent warning in wrapper_top.c under hardy with gcc 4.2.4Benjamin Dauvergne2011-11-181-1/+2
| | |
| * | [core] add missing break to switch/caseBenjamin Dauvergne2011-11-181-0/+1
|/ /
* | [bindings] fix bug introduced in last commitBenjamin Dauvergne2011-11-081-2/+2
| |
* | [bindings] fix tree traversal on windowsBenjamin Dauvergne2011-10-181-4/+6
| | | | | | | | | | - The file path separator is not / on all platforms, so do not use it when matching filenames.
* | [misc] apply changes to remove warning blocking compilation with gcc 4.5.2 ↵Benjamin Dauvergne2011-10-182-2/+2
| | | | | | | | | | | | | | | | | | and php 5.3.5 - gcc now warns when you compate a typedef to the anonymous enum which define it. - some inline function in the zend.h header do compare between signed and unsigned char.
* | [xml saml-2.0] add missing annotation for binding generation to header for ↵Benjamin Dauvergne2011-10-181-1/+1
| | | | | | | | LassoKeyInformationDataType
* | [xml saml-2.0] add a class to handle the KeyInfoConfirmationData typeBenjamin Dauvergne2011-10-135-0/+258
| | | | | | | | | | | | * use a direct mapping to map this class to SubjectConfirmationData node having the xsi:type attribute. * overload get_xmlNode method to add the xsi:type attribute on output.
* | [xml] allow node classes to not defined their nodename, useful for simple TypeBenjamin Dauvergne2011-10-131-2/+7
| |
* | [id-wsf2 profile] check provider->private_data->roles instead of provider->roleBenjamin Dauvergne2011-10-101-1/+8
| | | | | | | | Fixes #140.
* | [id-wsf discovery] provider can now contain multiple public keys, only ↵Benjamin Dauvergne2011-10-101-2/+7
| | | | | | | | | | | | | | consider the first key for id-wsf token generation ID-WSF never contemplated the fact that sometimes key roll-over happend (SubjectConfirmation can only containg on ds:KeyInfo), whatever...
* | [saml-2.0] augment lasso_saml20_provider_get_first_http_method to verify ↵Benjamin Dauvergne2011-10-101-1/+52
| | | | | | | | presence of synchronous bindings
* | [xml] if a SNIPPET_LIST_NODES as the SNIPPET_ANY flag, allows really any ↵Benjamin Dauvergne2011-10-101-6/+3
| | | | | | | | kind of node through LassoMiscTextNode
* | [xml] allows LassoMiscText.init_from_xml to parse any xmlNodeBenjamin Dauvergne2011-10-101-7/+13
| | | | | | | | | | | | If the node has no attributes and has a simple string content, we use the classic embedding by setting, name, ns_href, ns_prefix. Otherwise the complete xmlNode is copied.
* | [tests] add non-regression tests concerning the parsing of any xmlNode tree ↵Benjamin Dauvergne2011-10-101-1/+30
| | | | | | | | by LassoMiscTextNode when SNIPPET_ANY is used by a LassoNode
* | [xml] only try to map an xmlNode to a class ame if the node has a namespaceBenjamin Dauvergne2011-10-101-1/+1
| |
* | [xml saml-2.0] change AttributeValue snippets to accept any childrenBenjamin Dauvergne2011-10-101-1/+1
| | | | | | | | An AttributeValue has an XSchema type of xs:any.
* | [xml] create a static version of lasso_node_new_from_xmlNode_with_type ↵Benjamin Dauvergne2011-10-071-9/+21
| | | | | | | | | | | | | | | | | | without error logging When used inside lasso_node_impl_init_from_xml the error logging is prematurely sent as there is a backup procedure for parsing unknown nodes inside a SNIPPET_LIST_NODES by creating a LassoMiscTextNode containing a copy of the parsed xmlNode child.
* | [configure.ac] default AM_MAINTAINER_MODE to enableBenjamin Dauvergne2011-09-091-1/+1
| |
* | [configure.ac] remove useless semi-colonsBenjamin Dauvergne2011-07-081-1/+1
| |
* | Fix wrong version exported in the PHP bindingBenjamin Dauvergne2011-07-081-1/+3
| |
* | Change the glob expression to match darwin $host_osBenjamin Dauvergne2011-06-031-4/+3
| | | | | | | | Also use the $DARWIN flag to control the setting of JNI_EXTRA_LDFLAGS.
* | [java] try to make test works under Mac Os XBenjamin Dauvergne2011-05-302-3/+10
| |
* | [core] finish transition from single encryption key to multiple onesBenjamin Dauvergne2011-05-302-10/+9
| | | | | | | | | | Some code still reference provider->private->encryption_public_key, this commit make them use lasso_provider_get_encryption_public_key().
* | [bindings perl] remove --as-needed from linker flags, it is not supported ↵Benjamin Dauvergne2011-05-271-1/+0
| | | | | | | | | | | | | | evrywhere It can come back if we add proper checking of the support on the platform, maybe we can leverage tests made by autoconf.
* | Disable metadata loading test with the UK federation filesBenjamin Dauvergne2011-05-271-0/+5
| |
* | Merge branch 'multi-certificates'Benjamin Dauvergne2011-05-239-122/+423
|\ \
| * | [core] start of support multiple keys for encryptionBenjamin Dauvergne2011-05-191-1/+1
| | |
| * | [tests] add unit test for the provider with multiple key featureBenjamin Dauvergne2011-05-191-0/+120
| | |
| * | [tests] add sample metadata for testing metadata with multiple key descriptorsBenjamin Dauvergne2011-05-195-0/+163
| | |
| * | [core] first try at multiple signing keys supportBenjamin Dauvergne2011-05-192-116/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The idea was to replace every use of an xmlSecKey* by a loop over a GList* of xmlSecKey*. - In the structure LassoProviderPrivate changed xmlSecKey*public_key -> GList* signing_public_keys xmlNode*signing_key_descriptor -> GList* signing_key_descriptors. - Renamed lasso_provider_try_loading_public_key to lasso_provider_try_loading_public_keys and chaned its signature accordingly - Renamed lasso_provider_get_public_key to lasso_provider_get_public_keys and changed the signature accordingly. - Changed lasso_provider_get_encryption_public_key to return the first signing key from the list as a temporary work around. Multiple encryption keys will be supported later. - Changed lasso_provider_load_public_key to load keys from the passed file on the LassoProvider constructor, from every key descriptors found for signing and eventually from the key descriptor marked for encryption. - Every failure to load from a file or an XML KeyInfo descriptor are noew reported as warning. - Query signature checking was completely moved to lasso_provider_verify_query_signature and lasso_provider_verify_signature now calls it. - lasso_provider_verify_signature is now using lasso_verify_signature from the xml/tools.o module. - lasso_provider_verify_single_signature was modified to support multiple signing keys.
| * | [utils] add macros to append to and release a list of xmlSecKey*Benjamin Dauvergne2011-05-192-19/+10
| | | | | | | | | | | | [core] make lasso_provider_verify_query_signature use lasso_provider_verify_signature
| * | [bindings perl] in Makefile.am, gives a default template to mktempBenjamin Dauvergne2011-05-191-1/+1
| | |
* | | [bindings perl] in Makefile.am, gives a default template to mktempBenjamin Dauvergne2011-05-191-1/+1
|/ / | | | | | | Thanks to Nathan Sowatskey for the bug report and the fix.
* | [xml] use g_strndup instead of strndup, as it is more portableBenjamin Dauvergne2011-05-181-3/+1
| |
* | [tests] fix broken renater metadata fileBenjamin Dauvergne2011-05-172-1483/+4137
| | | | | | | | | | A modification was introduced which broke the signature, updating to the last version.
* | [tests] move renater metadata files into the metadata/ subdirectoryBenjamin Dauvergne2011-05-163-2/+2
| |
* | [saml2] add proper error code for partial logout status codeBenjamin Dauvergne2011-05-083-0/+12
| |
* | [saml2] fix build_request_msg for AuthzDecision assertion queriesBenjamin Dauvergne2011-05-081-5/+7
| | | | | | | | | | The servicepoints and roles arrays did not match the provider role enumerations.
* | [saml2] if Status is not Success pass continue processing the responseBenjamin Dauvergne2011-04-211-1/+2
| | | | | | | | | | | | | | lasso_saml20_login_process_response_status_and_assertion does analyze the response status code login specific error codes, if the generic processing from lasso_saml20_profile_process_any_response returns a status of response is not success, we must continue processing.
generated by cgit (git 2.34.1) at 2025-09-24 22:02:46 +0000