From 8be7b0414dc19cca7b892deeccc64b5fcedaf62c Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Thu, 14 Apr 2011 16:45:43 +0200 Subject: [core] add flags parameter to lasso_server_load_metadata to tune signature checking on metadata files The flags parameter allows to control the checking of digital signature upon EntityDescriptor and EntitiesDescriptor nodes in SAML 2.0 metadata files. The default behaviour is to check all found signatures and to inherit signature from EntitiesDescriptor to their children. By only enabling checking of EntityDescrtiptor node signatures it's also possible to only check signature at the EntityDescriptor level and so only trust individual entities and not the aggregating provider. --- tests/basic_tests.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'tests/basic_tests.c') diff --git a/tests/basic_tests.c b/tests/basic_tests.c index 2d5af9db..d469c474 100644 --- a/tests/basic_tests.c +++ b/tests/basic_tests.c @@ -1956,9 +1956,17 @@ START_TEST(test13_test_lasso_server_load_metadata) check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP, TESTSDATADIR "/renater-metadata.xml", TESTSDATADIR "/metadata-federation-renater.crt", - &blacklisted_1, &loaded_entity_ids)); + &blacklisted_1, &loaded_entity_ids, + LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT)); check_equals(g_hash_table_size(server->providers), 101); check_equals(g_list_length(loaded_entity_ids), 101); + check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP, + TESTSDATADIR "/ukfederation-metadata.xml", + TESTSDATADIR "/ukfederation.pem", + &blacklisted_1, &loaded_entity_ids, + LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT)); + check_equals(g_list_length(loaded_entity_ids), 283); + check_equals(g_hash_table_size(server->providers), 384); lasso_release_gobject(server); } @@ -2005,6 +2013,7 @@ basic_suite() tcase_add_test(tc_response_new_from_xmlNode, test11_get_default_name_id_format); tcase_add_test(tc_custom_namespace, test12_custom_namespace); tcase_add_test(tc_load_metadata, test13_test_lasso_server_load_metadata); + tcase_set_timeout(tc_load_metadata, 10); return s; } -- cgit