From 1b0000e0163edc9d831894bf4aac7503f0294062 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Fri, 18 Jun 2021 18:45:38 +0200

Subject: [PATCH 7/7] test13_test_lasso_server_load_metadata: Don't verify

 signature if lasso is not configured with sha-1 (#54037)

---

 tests/basic_tests.c | 10 +++++++++-

 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/tests/basic_tests.c b/tests/basic_tests.c

index 0652abc28..470d64fc6 100644

--- a/tests/basic_tests.c

+++ b/tests/basic_tests.c

@@ -1974,6 +1974,14 @@ START_TEST(test13_test_lasso_server_load_metadata)

 	LassoServer *server = NULL;

 	GList *loaded_entity_ids = NULL;

 	GList blacklisted_1 = { .data = "https://identities.univ-jfc.fr/idp/prod", .next = NULL };

+	const gchar *trusted_roots = TESTSDATADIR "/rootCA.crt";

+

+	/* The IDP metadata file is signed with rsa-sha1, so verifying it would

+	 * fail incase sha1 is not available

+	 */

+	if (lasso_get_default_signature_method() != LASSO_SIGNATURE_METHOD_RSA_SHA1) {

+		trusted_roots = NULL;

+	}

 	check_not_null(server = lasso_server_new(

 			TESTSDATADIR "/idp5-saml2/metadata.xml",

@@ -1983,7 +1991,7 @@ START_TEST(test13_test_lasso_server_load_metadata)

 	block_lasso_logs;

 	check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP,

 				TESTSDATADIR "/metadata/renater-metadata.xml",

-				TESTSDATADIR "/rootCA.crt",

+				trusted_roots,

 				&blacklisted_1, &loaded_entity_ids,

 				LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT));

 	unblock_lasso_logs;

-- 

2.26.3