1004-Check-if-the-signature-method-is-allowed-in-addition.patch
lasso/id-ff/server.c | ||
---|---|---|
909 | 909 |
private_context = &provider->private_data->signature_context; |
910 | 910 |
} |
911 | 911 | |
912 |
if (private_context && lasso_validate_signature_method(private_context->signature_method)) {
|
|
912 |
if (private_context && lasso_ok_signature_method(private_context->signature_method)) {
|
|
913 | 913 |
lasso_assign_signature_context(*signature_context, *private_context); |
914 | 914 |
} else { |
915 | 915 |
rc = lasso_server_get_signature_context(server, signature_context); |
... | ... | |
1014 | 1014 |
provider_id, &context)); |
1015 | 1015 |
query = lasso_node_build_query(node); |
1016 | 1016 |
goto_cleanup_if_fail_with_rc(query, LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED); |
1017 |
if (lasso_validate_signature_method(context.signature_method)) {
|
|
1017 |
if (lasso_ok_signature_method(context.signature_method)) {
|
|
1018 | 1018 |
lasso_assign_new_string(query, lasso_query_sign(query, context)); |
1019 | 1019 |
} |
1020 | 1020 |
goto_cleanup_if_fail_with_rc(query, |
lasso/saml-2.0/profile.c | ||
---|---|---|
1181 | 1181 |
"see #3.4.3 of saml-bindings-2.0-os"); |
1182 | 1182 |
} |
1183 | 1183 |
} |
1184 |
if (lasso_validate_signature_method(context.signature_method)) {
|
|
1184 |
if (lasso_ok_signature_method(context.signature_method)) {
|
|
1185 | 1185 |
result = lasso_query_sign(unsigned_query, context); |
1186 | 1186 |
goto_cleanup_if_fail_with_rc(result != NULL, |
1187 | 1187 |
LASSO_PROFILE_ERROR_BUILDING_QUERY_FAILED); |
... | ... | |
1219 | 1219 |
goto_cleanup_if_fail_with_rc (url != NULL, LASSO_PROFILE_ERROR_UNKNOWN_PROFILE_URL); |
1220 | 1220 |
/* if message is signed, remove XML signature, add query signature */ |
1221 | 1221 |
lasso_assign_signature_context(context, lasso_node_get_signature(msg)); |
1222 |
if (lasso_validate_signature_method(context.signature_method)) {
|
|
1222 |
if (lasso_ok_signature_method(context.signature_method)) {
|
|
1223 | 1223 |
lasso_node_remove_signature(msg); |
1224 | 1224 |
} |
1225 | 1225 |
lasso_check_good_rc(lasso_saml20_profile_export_to_query(profile, msg, &query, context)); |
lasso/xml/tools.c | ||
---|---|---|
499 | 499 |
lasso_error_t rc = 0; |
500 | 500 | |
501 | 501 |
g_return_val_if_fail(query != NULL, NULL); |
502 |
g_return_val_if_fail(lasso_validate_signature_method(context.signature_method), NULL);
|
|
502 |
g_return_val_if_fail(lasso_ok_signature_method(context.signature_method), NULL);
|
|
503 | 503 | |
504 | 504 |
key = context.signature_key; |
505 | 505 |
sign_method = context.signature_method; |
... | ... | |
804 | 804 |
} else { |
805 | 805 |
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGALG); |
806 | 806 |
} |
807 | ||
808 |
/* is the signature algo allowed */ |
|
809 |
goto_cleanup_if_fail_with_rc( |
|
810 |
lasso_allowed_signature_method(method), |
|
811 |
LASSO_DS_ERROR_INVALID_SIGALG); |
|
812 | ||
807 | 813 |
/* decode signature */ |
808 | 814 |
signature = g_malloc(key_size+1); |
809 | 815 |
goto_cleanup_if_fail_with_rc( |
... | ... | |
2434 | 2440 |
}; |
2435 | 2441 |
xmlSecKey *private_key = NULL; |
2436 | 2442 | |
2443 |
/* is the signature algo allowed */ |
|
2444 |
goto_cleanup_if_fail(lasso_allowed_signature_method(signature_method)); |
|
2445 | ||
2437 | 2446 |
xmlSecErrorsDefaultCallbackEnableOutput(FALSE); |
2438 | 2447 |
switch (signature_method) { |
2439 | 2448 |
case LASSO_SIGNATURE_METHOD_RSA_SHA1: |
lasso/xml/xml.c | ||
---|---|---|
824 | 824 |
node_data->sign_method_offset); |
825 | 825 |
private_key_file = G_STRUCT_MEMBER(char *, node, node_data->private_key_file_offset); |
826 | 826 |
certificate_file = G_STRUCT_MEMBER(char *, node, node_data->certificate_file_offset); |
827 |
if (! lasso_validate_signature_method(signature_method)) {
|
|
827 |
if (! lasso_ok_signature_method(signature_method)) {
|
|
828 | 828 |
return FALSE; |
829 | 829 |
} |
830 | 830 |
if (lasso_node_set_signature(node, |
... | ... | |
1873 | 1873 |
int what; |
1874 | 1874 |
if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE, |
1875 | 1875 |
BAD_CAST LASSO_LIB_HREF, &what, |
1876 |
LASSO_SIGNATURE_METHOD_RSA_SHA1,
|
|
1876 |
lasso_get_min_signature_method(),
|
|
1877 | 1877 |
LASSO_SIGNATURE_METHOD_LAST)) |
1878 | 1878 |
break; |
1879 | 1879 |
method = what; |
1880 | ||
1880 | 1881 |
if (! lasso_get_integer_attribute(xmlnode, LASSO_SIGNATURE_METHOD_ATTRIBUTE, |
1881 | 1882 |
BAD_CAST LASSO_LIB_HREF, &what, LASSO_SIGNATURE_TYPE_NONE+1, |
1882 | 1883 |
LASSO_SIGNATURE_TYPE_LAST)) |
lasso/xml/xml.h | ||
---|---|---|
132 | 132 |
&& signature_method < (LassoSignatureMethod)LASSO_SIGNATURE_METHOD_LAST; |
133 | 133 |
} |
134 | 134 | |
135 |
static inline gboolean |
|
136 |
lasso_allowed_signature_method(LassoSignatureMethod signature_method) |
|
137 |
{ |
|
138 |
return signature_method >= lasso_get_min_signature_method(); |
|
139 |
} |
|
140 | ||
141 |
static inline gboolean |
|
142 |
lasso_ok_signature_method(LassoSignatureMethod signature_method) |
|
143 |
{ |
|
144 |
return lasso_validate_signature_method(signature_method) \ |
|
145 |
&& lasso_allowed_signature_method(signature_method); |
|
146 |
} |
|
147 | ||
135 | 148 |
typedef struct _LassoNode LassoNode; |
136 | 149 |
typedef struct _LassoNodeClass LassoNodeClass; |
137 | 150 |
typedef struct _LassoNodeClassData LassoNodeClassData; |
138 |
- |