1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
From 0d34c97be1c761a9eb12692e4cc4eac58feb7d19 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 15 Jun 2021 14:45:14 +0200
Subject: [PATCH 4/7] Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with
lasso_get_default_signature_method() (#54037)
This should be backwards-compatible but at the same time use the
selected default instead of RSA-SHA1.
Related:
https://dev.entrouvert.org/issues/54037
---
lasso/id-ff/defederation.c | 2 +-
lasso/id-ff/logout.c | 6 +++---
lasso/id-ff/name_identifier_mapping.c | 4 ++--
lasso/id-ff/name_registration.c | 4 ++--
lasso/id-ff/provider.c | 2 +-
lasso/xml/tools.c | 2 +-
tests/basic_tests.c | 6 +++---
7 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c
index d711e4eed..d2382f4ae 100644
--- a/lasso/id-ff/defederation.c
+++ b/lasso/id-ff/defederation.c
@@ -251,7 +251,7 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem
nameIdentifier,
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1);
+ lasso_get_default_signature_method());
if (profile->msg_relayState) {
message(G_LOG_LEVEL_WARNING,
"RelayState was defined but can't be used "\
diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c
index 20d04ed82..d307db586 100644
--- a/lasso/id-ff/logout.c
+++ b/lasso/id-ff/logout.c
@@ -396,7 +396,7 @@ lasso_logout_build_response_msg(LassoLogout *logout)
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 :
LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1));
+ lasso_get_default_signature_method()));
} else if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
lasso_assign_new_gobject(profile->response,
lasso_lib_logout_response_new_full(
@@ -608,7 +608,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID,
nameIdentifier,
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1);
+ lasso_get_default_signature_method());
} else { /* http_method == LASSO_HTTP_METHOD_REDIRECT */
is_http_redirect_get_method = TRUE;
lib_logout_request = (LassoLibLogoutRequest*)lasso_lib_logout_request_new_full(
@@ -990,7 +990,7 @@ lasso_logout_validate_request(LassoLogout *logout)
logout_request,
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1));
+ lasso_get_default_signature_method()));
}
if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) {
lasso_assign_new_gobject(profile->response, lasso_lib_logout_response_new_full(
diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c
index 80af6fec4..f84020eb6 100644
--- a/lasso/id-ff/name_identifier_mapping.c
+++ b/lasso/id-ff/name_identifier_mapping.c
@@ -259,7 +259,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping,
targetNamespace,
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1);
+ lasso_get_default_signature_method());
if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
}
@@ -458,7 +458,7 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi
request,
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1);
+ lasso_get_default_signature_method());
if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response) == FALSE) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);
diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c
index 11dbf24fe..076cf9624 100644
--- a/lasso/id-ff/name_registration.c
+++ b/lasso/id-ff/name_registration.c
@@ -339,7 +339,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration,
idpNameIdentifier, spNameIdentifier, oldNameIdentifier,
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1);
+ lasso_get_default_signature_method());
if (profile->request == NULL) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED);
}
@@ -575,7 +575,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio
LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request),
profile->server->certificate ?
LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE,
- LASSO_SIGNATURE_METHOD_RSA_SHA1);
+ lasso_get_default_signature_method());
if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) {
return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED);
}
diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c
index 32a907d43..961c3669d 100644
--- a/lasso/id-ff/provider.c
+++ b/lasso/id-ff/provider.c
@@ -1274,7 +1274,7 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi
if (public_key != NULL) {
xmlSecKey *key = lasso_xmlsec_load_private_key(public_key, NULL,
- LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);
+ lasso_get_default_signature_method(), NULL);
if (key) {
lasso_list_add_new_sec_key(keys, key);
} else {
diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c
index ce322ee1f..cf6dade09 100644
--- a/lasso/xml/tools.c
+++ b/lasso/xml/tools.c
@@ -2746,7 +2746,7 @@ next:
content = xmlNodeGetContent(key_value);
if (content) {
result = lasso_xmlsec_load_private_key_from_buffer((char*)content,
- strlen((char*)content), NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL);
+ strlen((char*)content), NULL, lasso_get_default_signature_method(), NULL);
xmlFree(content);
}
}
diff --git a/tests/basic_tests.c b/tests/basic_tests.c
index f9cfef266..0652abc28 100644
--- a/tests/basic_tests.c
+++ b/tests/basic_tests.c
@@ -2008,16 +2008,16 @@ START_TEST(test14_lasso_key)
check_true(g_file_get_contents(TESTSDATADIR "sp1-la/private-key-raw.pem", &buffer, &length, NULL));
check_not_null(key = lasso_key_new_for_signature_from_memory(buffer,
- length, NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1,
+ length, NULL, lasso_get_default_signature_method(),
NULL));
lasso_release_gobject(key);
check_not_null(key = lasso_key_new_for_signature_from_file(TESTSDATADIR
- "sp1-la/private-key-raw.pem", NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1,
+ "sp1-la/private-key-raw.pem", NULL, lasso_get_default_signature_method(),
NULL));
lasso_release_gobject(key);
base64_encoded = g_base64_encode(BAD_CAST buffer, length);
check_not_null(key = lasso_key_new_for_signature_from_base64_string(base64_encoded, NULL,
- LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL));
+ lasso_get_default_signature_method(), NULL));
lasso_release_string(base64_encoded);
lasso_release_string(buffer);
lasso_release_gobject(key);
--
2.26.3
|
