Projet

Général

Profil

0004-Mass-replace-LASSO_SIGNATURE_METHOD_RSA_SHA1-with-la.patch

Jakub Hrozek, 16 juin 2021 14:19

Télécharger (7,15 ko)

Voir les différences: 

Subject: [PATCH 4/6] Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with
 lasso_get_default_signature_method()

This should be backwards-compatible but at the same time use the
selected default instead of RSA-SHA1.

Related:
https://dev.entrouvert.org/issues/54037

 lasso/id-ff/defederation.c            | 2 +-
 lasso/id-ff/logout.c                  | 6 +++---
 lasso/id-ff/name_identifier_mapping.c | 4 ++--
 lasso/id-ff/name_registration.c       | 4 ++--
 lasso/id-ff/provider.c                | 2 +-
 lasso/xml/tools.c                     | 2 +-
 tests/basic_tests.c                   | 6 +++---
 7 files changed, 13 insertions(+), 13 deletions(-)
lasso/id-ff/defederation.c
251 251 
				nameIdentifier,
252 252 
				profile->server->certificate ?
253 253 
					LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
254 
				LASSO_SIGNATURE_METHOD_RSA_SHA1);
254 
				lasso_get_default_signature_method());
255 255 
		if (profile->msg_relayState) {
256 256 
			message(G_LOG_LEVEL_WARNING,
257 257 
					"RelayState was defined but can't be used "\
lasso/id-ff/logout.c
396 396 
						profile->server->certificate ?
397 397 
						LASSO_SIGNATURE_TYPE_WITHX509 :
398 398 
						LASSO_SIGNATURE_TYPE_SIMPLE,
399 
						LASSO_SIGNATURE_METHOD_RSA_SHA1));
399 
						lasso_get_default_signature_method()));
400 400 
		} else if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
401 401 
			lasso_assign_new_gobject(profile->response,
402 402 
					lasso_lib_logout_response_new_full(
......
608 608 
				nameIdentifier,
609 609 
				profile->server->certificate ?
610 610 
				LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
611 
				LASSO_SIGNATURE_METHOD_RSA_SHA1);
611 
				lasso_get_default_signature_method());
612 612 
	} else { /* http_method == LASSO_HTTP_METHOD_REDIRECT */
613 613 
		is_http_redirect_get_method = TRUE;
614 614 
		lib_logout_request = (LassoLibLogoutRequest*)lasso_lib_logout_request_new_full(
......
990 990 
				logout_request,
991 991 
				profile->server->certificate ?
992 992 
					LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
993 
				LASSO_SIGNATURE_METHOD_RSA_SHA1));
993 
				lasso_get_default_signature_method()));
994 994 
	}
995 995 
	if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
996 996 
		lasso_assign_new_gobject(profile->response, lasso_lib_logout_response_new_full(
lasso/id-ff/name_identifier_mapping.c
259 259 
			targetNamespace,
260 260 
			profile->server->certificate ?
261 261 
				LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
262 
			LASSO_SIGNATURE_METHOD_RSA_SHA1);
262 
			lasso_get_default_signature_method());
263 263 
	if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) {
264 264 
		return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
265 265 
	}
......
458 458 
			request,
459 459 
			profile->server->certificate ?
460 460 
				LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
461 
			LASSO_SIGNATURE_METHOD_RSA_SHA1);
461 
			lasso_get_default_signature_method());
462 462 

  		




  463
  463
  
    
	if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response) == FALSE) {

  		




  464
  464
  
    
		return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);

  		












  

    
      lasso/id-ff/name_registration.c
    
  





  339
  339
  
    
			idpNameIdentifier, spNameIdentifier, oldNameIdentifier,

  		




  340
  340
  
    
			profile->server->certificate ?

  		




  341
  341
  
    
				LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,

  		




  342
  
  
    
			LASSO_SIGNATURE_METHOD_RSA_SHA1);

  		




  
  342
  
    
			lasso_get_default_signature_method());

  		




  343
  343
  
    
	if (profile->request == NULL) {

  		




  344
  344
  
    
		return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);

  		




  345
  345
  
    
	}

  		




  ......




  575
  575
  
    
			LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request),

  		




  576
  576
  
    
			profile->server->certificate ?

  		




  577
  577
  
    
				LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,

  		




  578
  
  
    
			LASSO_SIGNATURE_METHOD_RSA_SHA1);

  		




  
  578
  
    
			lasso_get_default_signature_method());

  		




  579
  579
  
    
	if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) {

  		




  580
  580
  
    
		return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);

  		




  581
  581
  
    
	}

  		












  

    
      lasso/id-ff/provider.c
    
  





  1274
  1274
  
    

  		




  1275
  1275
  
    
	if (public_key != NULL) {

  		




  1276
  1276
  
    
		xmlSecKey *key = lasso_xmlsec_load_private_key(public_key, NULL,

  		




  1277
  
  
    
				LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);

  		




  
  1277
  
    
				lasso_get_default_signature_method(), NULL);

  		




  1278
  1278
  
    
		if (key) {

  		




  1279
  1279
  
    
			lasso_list_add_new_sec_key(keys, key);

  		




  1280
  1280
  
    
		} else {

  		












  

    
      lasso/xml/tools.c
    
  





  2709
  2709
  
    
		content = xmlNodeGetContent(key_value);

  		




  2710
  2710
  
    
		if (content) {

  		




  2711
  2711
  
    
			result = lasso_xmlsec_load_private_key_from_buffer((char*)content,

  		




  2712
  
  
    
					strlen((char*)content), NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);

  		




  
  2712
  
    
					strlen((char*)content), NULL, lasso_get_default_signature_method(), NULL);

  		




  2713
  2713
  
    
			xmlFree(content);

  		




  2714
  2714
  
    
		}

  		




  2715
  2715
  
    
	}

  		












  

    
      tests/basic_tests.c
    
  





  2008
  2008
  
    

  		




  2009
  2009
  
    
	check_true(g_file_get_contents(TESTSDATADIR "sp1-la/private-key-raw.pem", &buffer, &length, NULL));

  		




  2010
  2010
  
    
	check_not_null(key = lasso_key_new_for_signature_from_memory(buffer,

  		




  2011
  
  
    
				length, NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1,

  		




  
  2011
  
    
				length, NULL, lasso_get_default_signature_method(),

  		




  2012
  2012
  
    
				NULL));

  		




  2013
  2013
  
    
	lasso_release_gobject(key);

  		




  2014
  2014
  
    
	check_not_null(key = lasso_key_new_for_signature_from_file(TESTSDATADIR

  		




  2015
  
  
    
				"sp1-la/private-key-raw.pem", NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1,

  		




  
  2015
  
    
				"sp1-la/private-key-raw.pem", NULL, lasso_get_default_signature_method(),

  		




  2016
  2016
  
    
				NULL));

  		




  2017
  2017
  
    
	lasso_release_gobject(key);

  		




  2018
  2018
  
    
	base64_encoded = g_base64_encode(BAD_CAST buffer, length);

  		




  2019
  2019
  
    
	check_not_null(key = lasso_key_new_for_signature_from_base64_string(base64_encoded, NULL,

  		




  2020
  
  
    
				LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL));

  		




  
  2020
  
    
				lasso_get_default_signature_method(), NULL));

  		




  2021
  2021
  
    
	lasso_release_string(base64_encoded);

  		




  2022
  2022
  
    
	lasso_release_string(buffer);

  		




  2023
  2023
  
    
	lasso_release_gobject(key);

  		




  2024
  
  
    
-