summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* [SAMLv2] comment on SessionIndex support hackBenjamin Dauvergne2010-07-191-0/+8
|
* [SAMLv2] remove empty files, wrongly committedBenjamin Dauvergne2010-07-197-6/+0
|
* [SAMLv2/SSO] when processing AuthnResponse with binding HTTP-Post only the ↵Benjamin Dauvergne2010-07-191-9/+24
| | | | | | | | | | | | assertion need to be signed If the message is signed, the assertion is also covered, but if only the assertion is signed, there is no error to report. If the caller ask for forcing the validation of message signature, then we report an error. This commit also add checking for the binding used, if it is not HTTP-Post lasso_login_process_authn_response_msg will now report an error.
* [Binding java] return empty list for NULL GList value, not nullBenjamin Dauvergne2010-07-161-1/+1
|
* [ID-FFv1.2] add missing namespace declarationsBenjamin Dauvergne2010-07-162-0/+2
|
* [SAMLv2] add support for encrypted private keysBenjamin Dauvergne2010-07-163-20/+58
| | | | | | | | | | | | | | | | | | | * support private key with new internal API in signature setting methods Plug lasso_node_set_signature into lasso_profile_saml20_setup_message_signature and lasso_server_saml2_assertion_setup_signature. * also use lasso_node_get_signature in has_signature * add forgottent LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE in switch cases For AuthnResponse checking the semantic is now that if HINT_FORCE is used we verify message signature *and* assertion signature. If HINT_MAYBE is used we check the assertion signature if its issuer differs from the message issuer.
* [ID-FFv1.2] move all user of lasso_node_export_to_query to ↵Benjamin Dauvergne2010-07-164-16/+23
| | | | lasso_node_export_to_query_with_password
* [Core] Change lasso_apply_signature to use quark stored annotated signature ↵Benjamin Dauvergne2010-07-161-2/+17
| | | | | | | | | | | | parameters The node containing signature do not handle the private keys passwords. As the fields for signature parameters are part of the public ABI we cannot add the password field to the public structure for those nodes. Instead we use the new quark annotation accessed through lasso_node_get/set_signature, and if the sign_type parameter is non-NULL we use it instead of the parameters stored in the public structure. This is a gross hack :( but at least it is documented.
* [Core] add password parameter to lasso_sign_nodeBenjamin Dauvergne2010-07-163-8/+16
|
* [Code] add a lasso_node_export_to_query_with_password methodBenjamin Dauvergne2010-07-162-0/+41
|
* [Core] add a password parameter to lasso_query_signBenjamin Dauvergne2010-07-164-6/+24
| | | | We force use of the password through a custom OpenSSL password callback.
* [Core] dump custom signature parameters in lasso dumpsBenjamin Dauvergne2010-07-161-0/+32
| | | | | | | | | | The signature parameters are serialized as global attributes from the http://lasso.entrouvert.org/lasso/namespaces/0.0 named: SignatureType SignatureMethod PrivateKey PrivateKeyPassword Certificate
* [Tests/python] add test case for WebSSO with providers using encrypted keysBenjamin Dauvergne2010-07-166-4/+171
|
* [Core] add lasso_node_set_signature and lasso_node_get_signatureBenjamin Dauvergne2010-07-162-0/+89
| | | | | | Those two methods allows to associate signature parameters to any node. They keep it inside the CustomElement quark. Using a private structure may be more performant.
* [Core] extract signature adding into base class method lasso_node_get_xmlNodeBenjamin Dauvergne2010-07-129-155/+78
| | | | | | | | | | | | | | | In order to permit subclass to modify the base xmlNode created by lasso_node_impl_get_xmlNode we must defer the concrete to the virtual method wrapper, lasso_node_get_xmlNode. To do that it whas needed to make id_attribute another virtual field of LassoNode subclasses (it can be accessed through an offset registered in the class object). This commit solves signature validation error since the patch for managing more than one SessionIndex element in samlp2:LogoutRequest. It also factorize the creation of signatures in one place.
* [SAMLv2] if service provider supports logout, add a SessionIndex from the ↵Benjamin Dauvergne2010-07-121-0/+6
| | | | | | | | assertion ID The standard mandate to provide a SessionIndex to service provider advertaising their support of the logout profile. We follow the convention of using the assertion ID as a SessionIndex.
* [Tests] add a sso then slo soap testBenjamin Dauvergne2010-07-121-0/+206
|
* [Core] lasso_check_version does not return a proper error codeBenjamin Dauvergne2010-07-121-1/+1
| | | | | lasso_check_version returns 0, 1 or -1 and one is not a proper error code, so the original int return type is kept.
* [Bindings] make is_rc only check for lasso_error_t typeBenjamin Dauvergne2010-07-121-1/+1
|
* [Bindings php5] simplify is_object in php_code.pyBenjamin Dauvergne2010-07-121-2/+1
|
* [Core] change return type of all error returning methodsBenjamin Dauvergne2010-07-1233-191/+191
| | | | | The new return type is lasso_error_t, it should allow to pinpoint easily methods returning an error code in bindings.
* [Bindings java] use is_int instead of custom methods or codeBenjamin Dauvergne2010-07-121-5/+2
|
* [Bindings perl] add lasso_errot_t to type to map to T_IV typemap (integer types)Benjamin Dauvergne2010-07-121-1/+1
|
* [Bindings] add lasso_error_t to return code typesBenjamin Dauvergne2010-07-121-1/+1
|
* [Binding java] use is_rc to match error return typeBenjamin Dauvergne2010-07-121-2/+2
|
* [Binding php5] use is_rc to match error return typeBenjamin Dauvergne2010-07-121-1/+1
|
* [Core] add lasso_error_t to list of integer typesBenjamin Dauvergne2010-07-121-1/+1
|
* [Core] add a lasso_error_t typedefBenjamin Dauvergne2010-07-123-1/+42
| | | | | | This typedef will serve to mark error returning methods. The ctypes.h header piggyback on export.h to be included in all public headers.
* [Provider] Fix loading of provider without a public keyBenjamin Dauvergne2010-07-051-15/+32
| | | | | This commit also emit propre warning when loading fails for a provider *with* a public key.
* [Python binding] do not throw lasso.Error for python exceptionsBenjamin Dauvergne2010-07-051-1/+1
|
* [Perl binding] make include from $(srcdir) works in Perl bindingBenjamin Dauvergne2010-06-292-4/+5
|
* [Bindings] accept simple string in string<->xmlNode converterBenjamin Dauvergne2010-06-296-45/+69
| | | | | | | | | | Some use case ask for passing simple libxml content node (i.e just an UTF-8 string) when a method argument or a field of the xmlNode* type. This commit add a static method in bindings/utils.c named lasso_string_fragment_to_xmlnode which does this transform by trying to parse an XML document then by trying to parse a well balanced XML fragment of only one node (if there is more than one node such as in the string " xxx <tag/> yyy ", we free the node list and return NULL).
* [Core] add macro to release an xmlNodeList objectBenjamin Dauvergne2010-06-291-0/+3
|
* [ID-WSF2] add idwsf2 test script to test suiteBenjamin Dauvergne2010-06-292-3/+7
| | | | | Re-activate ID-WSF 2.0 test script. Fix problem with provider issuing assertion role. Need to be fixed more generally in the future.
* [Core] add macro to release GList of xmlNodeListBenjamin Dauvergne2010-06-291-0/+3
|
* [Core] add macros to manipulate xmlNodeList and GList of xmlNodeListBenjamin Dauvergne2010-06-291-0/+21
| | | | | The method to copy them is xmlCopyNodeList and not xmlCopyNode, so we need another set of macros.
* Merge branch 'issue-101'Benjamin Dauvergne2010-06-291-52/+72
|
* Merge branch 'issue-88'Benjamin Dauvergne2010-06-296-21/+57
|
* Merge branch 'issue-86'Benjamin Dauvergne2010-06-294-1/+158
|
* [Tests/integration] add G_DEBUG=gc-friendly env. var to valgrind-wrapperBenjamin Dauvergne2010-06-181-1/+1
| | | | It should improve valgrind ability to trace memory origin.
* [XML] in lasso_node_export_to_paos_request check return value of ↵Benjamin Dauvergne2010-06-171-0/+4
| | | | lasso_node_get_xmlNode
* [XML] in _lasso_node_export_to_base64 check return value of ↵Benjamin Dauvergne2010-06-171-0/+2
| | | | lasso_node_export_to_xml
* [XML] in _lasso_node_export_to_xml check return value of lasso_node_get_xmlNodeBenjamin Dauvergne2010-06-171-0/+3
|
* Comment out custom silent rules if automake < 1.11Benjamin Dauvergne2010-06-153-0/+6
|
* [Core] do not ignore keep_xmlnode flag inherited from parent classesBenjamin Dauvergne2010-06-151-3/+9
| | | | | | We only looked to the keep_xmlnode flag in the node data of the top level class, but any parent class can set this flag and in this case we must honor it too.
* Test: add non regression test for reloading a server dump with encrypted keysBenjamin Dauvergne2010-06-145-0/+74
|
* Core: when reloading a dump, use the signing private key password for ↵Benjamin Dauvergne2010-06-141-1/+1
| | | | | | | | | | | loading the encryption private key We currently do not store the encryption private key, instead on reload of a dump, we try to use the signing private key as the encryption private key. But we forgot to use the stored private key password. That's now fixed. Next step would be to keep the encryption private key around also.
* Binding python: fix freeing of list return values for methods with the ↵Benjamin Dauvergne2010-06-141-3/+3
| | | | | | transfer full flag The output 'print' were missing, oups :(
* Binding python: find a work around for random behaviour of PyImport_ImportModuleBenjamin Dauvergne2010-06-121-2/+6
| | | | | | | * it seems that PyImport_ImportModule is not deterministic. Sometimes it returns True for modules which we know are present ('logging'). Importing 'sys' first seems to make 'logging' accessible (complete cargo cult programming).
* Core: move logging function and macros to their own module, adapt perl bindingBenjamin Dauvergne2010-06-1210-95/+232
|
generated by cgit (git 2.34.1) at 2025-09-27 16:09:59 +0000