| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
signatures errors
* lasso/saml-2.0/login.c:
- in lasso_saml20_login_process_authn_response_msg keep around all error
codes returned by intermediary steps. At the end report the first one.
|
| |
|
|
|
|
|
|
|
|
| |
missing issuer
* lasso/saml-2.0/profile.c:
Issuer is not a mandatory element of SAML 2.0 response,
but if we do not remember which issuer we sent the request (of if
the response is spontaneous) then we will receive a provider not found
error when trying to check the message signature.
|
| | |
|
| |
|
|
|
|
| |
* lasso/lasso.c:
add a table to Initialization documentation section about
general runtime flags.
|
| |
|
|
|
| |
* lasso/lasso.c:
this flag is useless, that's me that is stupid.
|
| |
|
|
|
|
|
| |
private keys
* lasso/id-ff/server.c lasso/id-ff/serverprivate.h:
add methods lasso_server_get_private_key and lasso_server_get_encryption_private_key.
|
| |
|
|
|
| |
* lasso/id-ff/login.c:
list all error codes and their semantic with respect to this call.
|
| |
|
|
|
| |
* lasso/id-ff/login.c:
add code for intializaing request for SAML 2.0, shows how to handler errors codes.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
errors.c by ordering error codes
* lasso/errors.h lasso/errors.c
- add to report non schema conforming XML trees, decyrption
failure due to missing private keys and invalid signatures on assertions.
- update documentation of LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND,
LASSO_SERVER_ERROR_ADD_PROVIDER_PROTOCOL_MISMATCH,
* lasso/build_strerror.py:
before outputting switch cases, order error codes
name lexically in order to reduce change lines
when adding new error codes.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
verifying signature
* lasso/id-ff/provider.c:
there is now 2 methods to verify signatures, methods calling the old
one must now choose whether to call the liberty one of the SAML 2.0
one.
|
| |
|
|
|
|
|
| |
* lasso/xml/tools.c:
this new function is a placeholder for the new SAML 2.0 semantic
following query signature validation function. It will start with the
old code of lasso_query_verify_signature.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* lasso/id-ff/server.c:
mark private_key as not mandatory as regression tests expect it to
not be mandatory.
test if loading of private key to encryption_private_key private
field worked, if not abort the constructor and return NULL.
* lasso/id-ff/server.h:
fix name of constructors argument to corresponds with comments
(binding generator use this correspondance to apply annotation from
comments to the model obtained by parsing the headers).
|
| |
|
|
| |
show warnings
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* lasso/xml/tools.c:
xmlsec is not able to load a certificate public key without checking
it against trusted root certificate, so we must work around and load
the key by hand.
lasso_xmlsec_load_private_key_from_buffer is made more robust in the
same (loading of the key was extracted inside
_lasso_xmlsec_load_key_from_buffer) and now can load certificates and
keys directly embedded inside KeyValue nodes (in total opposition to
the XMLDsig specification but...), with or without PEM headers.
* tests/metadata/Makefile.am tests/metadata/metadata_06.xml
tests/metadata_tests.c:
add test case for RSAKeyValue public keys.
|
| |
|
|
|
|
|
| |
* lasso/xml/tools.c:
adding the flag XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS make
xmlSec able to load certificate, the 'hand made' code to load
certificate is then useless.
|
| |
|
|
|
|
|
|
| |
lasso_xml_parse_memory_with_error
* lasso/id-ff/profile.c: (lasso_profile_get_request_type_from_soap_msg)
use lasso_xml_parse_memory_with_error instead of xmlParseMemory, use
error code output argument to log error reports.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
metadata loading function
* (init_from_xml) fail initialization if we cannot load the metadatas,
and log a warning.
* extract _lasso_provider_load_metadata_from_buffer from
lasso_provider_load_metadata_from_buffer, which accept a length
parameter. use it inside lasso_provider_load_metadata, instead of
xmlParseFile.
* (lasso_provider_load_public_key) use lasso_xmlsec_load_key_info and
lasso_xmlsec_load_private_key to load the public keys.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* tools.c:
add lasso_xml_parse_file, based on g_file_get_contents and
lasso_xml_parse_memory.
add lasso_xml_parse_memory_with_error which instead of logging
errors, can return the xmlError structure.
add lasso_xmlsec_load_key_info, which allows to load keys from
ds:KeyInfo XML nodes. It also support the "Lasso" bug of using
ds:KeyValue directly to store base64 encoded keys and certificates.
|
| | |
|
| |
|
|
|
| |
* lasso/utils.h: add lasso_trace, which as a printf signature.
* xml/xml.c: add more trace to node initialization code.
|
| |
|
|
|
|
|
|
| |
* provider.c:
add annotation for nullable arguments (necessary for bindings of
new_from_buffer).
* server.c: add annotations, allow to set encryption_private_key from
buffers
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
* lasso/id-wsf-2.0/profile.c: release private data object.
* lasso/saml-2.0/login.c: free NameID content after construction.
* lasso/xml/tools.c: free algorithm attribute content in
lasso_node_decrypt_xmlnode.
* lasso/xml/xml.c: release cutom_element->nodename in destructor.
remove useless finalize method.
* tests/basic_tests.c: release xmldoc after use.
* tests/random_tests.c: free resut of lasso_node_dump.
|
| |
|
|
| |
return a const char*
|
| | |
|
| |
|
|
| |
lasso_node_encrypt do not leak the keys manager
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
existing family of macros
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ID-SIS PP 1.1
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* lasso/utils.h:
add:
- lasso_assign_new_xml_node
- lasso_assign_new_list_of_strings
- lasso_assign_new_list_of_xml_node
fix lasso_assign_new_list_of_gobjects, bad naming of release macro.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SOAP headers, complete WS-Addressing support
* docs/reference/lasso/lasso-sections.txt: complete documentation of
LassoSoapEnvelope and LassoSoapFault with ID-WSF additions.
* lasso/id-wsf-2.0/profile.c lasso/id-wsf-2.0/soap_binding.c
lasso/id-wsf-2.0/soap_binding.h:
add internal function _get_node and _get_header to simplify
implementation of accessors for headers.
change signature of lasso_soap_envelope_get_message_id and add new
function lasso_soap_envelope_get_relates_to.
update call points.
add a message id when building a SOAP message.
* lasso/xml/idwsf_strings.h:
add element name for MessageID and RelatesTo WS-Addressing elements.
* lasso/id-wsf/authentication.c lasso/id-wsf/data_service.c
lasso/id-wsf/discovery.c lasso/id-wsf/wsf_profile.c
lasso/id-wsf-2.0/saml2_login.c lasso/xml/disco_description.c:
fix path name of header lasso/id-wsf/wsf_utils.h. make all internal
include path relatives.
|
| |
|
|
|
|
| |
* lasso/xml/xml.c lasso/xml/xml.h:
mark argument of lasso_node_set_custom_namespace and
lasso_node_set_custom_nodename as const char* strings.
|
| |
|
|
|
|
| |
* lasso/xml/xml.c lasso/xml/xml.h:
if a custome namespace is set, return it, otherwise return the class
namespace (klass->node_data->ns->href).
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
'any'
|
| |
|
|
|
|
|
|
|
|
| |
* lasso/utils.h:
fix lasso_list_add_xml_node, it must copy the node before assigning
it.
add lasso_list_add_new_xml_node for keeping the old behaviour.
* lasso/xml/xml.c:
fix use of lasso_list_add_xml_node, because copying the node before
assigning it is a leak now.
|
| |
|
|
|
|
|
|
|
|
| |
lasso_logout_build_response_msg is the finishing call
* lasso/saml-2.0/logout.c:
when calling lasso_logout_build_response_msg(), if we known that we
are in the middle of an SP initiated logout, i.e. if
initial_remote_providerID is not NULL, then we can restore the intial
response.
|
| |
|
|
|
|
|
| |
* lasso/errors.c lasso/errors.h:
LASSO_WSSE_BAD_PASSWORD -> LASSO_WSSEC_ERROR_BAD_PASSWORD
* lasso/xml/ws/wsse_username_token.c:
update client code.
|
