Project

General

Profile

Bug #98

Support for encrypted private keys is incomplete

Added by Benjamin Dauvergne about 9 years ago. Updated about 9 years ago.

Status:
Fermé
Priority:
Immediat
Category:
SAMLv2
Target version:
Start date:
15 Jun 2010
Due date:
% Done:

100%

Estimated time:
15.00 h
Patch proposed:
No
Planning:
No

Description

For the moment we can load the definition of a private key and its password in a LassoServer object. All the plumbing which goes from the LassoServer object to signed LassoNode is missing for the password argument.

What's needed:
- a way to attach the password to signed node, without breaking ABI compatibility (so adding a public field is forbidden) ;
- to use this new parameter in calls to lasso_sign_node ;
- to serialize this new field with the old ones.

The objects to extend are LassoSamlp2StatusResponse, LassoSamlp2RequestAbstract and LassoSaml2Assertion.

ID-FFv1.2 is not a priority.

History

#1 Updated by Benjamin Dauvergne about 9 years ago

  • % Done changed from 0 to 50

#2 Updated by Clément Oudot about 9 years ago

I tested today, and I confirm this not working for now. Passwords are loaded, but we then have this kind of error:

Enter PEM pass phrase:
func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=243:obj=unknown:subj=PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed: 
func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed: 
Enter PEM pass phrase:
func=xmlSecOpenSSLAppKeyLoadBIO:file=app.c:line=243:obj=unknown:subj=PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY:error=4:crypto library function failed: 
func=xmlSecOpenSSLAppKeyLoadMemory:file=app.c:line=193:obj=unknown:subj=xmlSecOpenSSLAppKeyLoadBIO:error=1:xmlsec library function failed: 
Enter PEM pass phrase:

And:

[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-07-05 13:34:57 (tools.c/:985) Failed to load private key.
[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-07-05 13:34:57\tSigning of saml2:Assertion failed: Failed to load private key.
[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-07-05 13:34:57 (tools.c/:985) Failed to load private key.
[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-07-05 13:34:57\tSigning of samlp2:StatusResponse failed: Failed to load private key.
[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ debug ]: 2010-07-05 13:34:57 (tools.c/:985) Failed to load private key.
[Mon Jul 05 13:34:57 2010] [debug] CGI.pm(91): Lemonldap::NG::Portal::SharedConf: Lasso error [ warning ]: 2010-07-05 13:34:57\tSigning of samlp2:StatusResponse failed: Failed to load private key.

#3 Updated by Benjamin Dauvergne about 9 years ago

  • % Done changed from 50 to 100

#4 Updated by Benjamin Dauvergne about 9 years ago

  • Status changed from Nouveau to Fermé

Also available in: Atom PDF