From 0d34c97be1c761a9eb12692e4cc4eac58feb7d19 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Tue, 15 Jun 2021 14:45:14 +0200 Subject: [PATCH 4/7] Mass-replace LASSO_SIGNATURE_METHOD_RSA_SHA1 with lasso_get_default_signature_method() (#54037) This should be backwards-compatible but at the same time use the selected default instead of RSA-SHA1. Related: https://dev.entrouvert.org/issues/54037 --- lasso/id-ff/defederation.c | 2 +- lasso/id-ff/logout.c | 6 +++--- lasso/id-ff/name_identifier_mapping.c | 4 ++-- lasso/id-ff/name_registration.c | 4 ++-- lasso/id-ff/provider.c | 2 +- lasso/xml/tools.c | 2 +- tests/basic_tests.c | 6 +++--- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lasso/id-ff/defederation.c b/lasso/id-ff/defederation.c index d711e4eed..d2382f4ae 100644 --- a/lasso/id-ff/defederation.c +++ b/lasso/id-ff/defederation.c @@ -251,7 +251,7 @@ lasso_defederation_init_notification(LassoDefederation *defederation, gchar *rem nameIdentifier, profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1); + lasso_get_default_signature_method()); if (profile->msg_relayState) { message(G_LOG_LEVEL_WARNING, "RelayState was defined but can't be used "\ diff --git a/lasso/id-ff/logout.c b/lasso/id-ff/logout.c index 20d04ed82..d307db586 100644 --- a/lasso/id-ff/logout.c +++ b/lasso/id-ff/logout.c @@ -396,7 +396,7 @@ lasso_logout_build_response_msg(LassoLogout *logout) profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1)); + lasso_get_default_signature_method())); } else if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) { lasso_assign_new_gobject(profile->response, lasso_lib_logout_response_new_full( @@ -608,7 +608,7 @@ lasso_logout_init_request(LassoLogout *logout, char *remote_providerID, nameIdentifier, profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1); + lasso_get_default_signature_method()); } else { /* http_method == LASSO_HTTP_METHOD_REDIRECT */ is_http_redirect_get_method = TRUE; lib_logout_request = (LassoLibLogoutRequest*)lasso_lib_logout_request_new_full( @@ -990,7 +990,7 @@ lasso_logout_validate_request(LassoLogout *logout) logout_request, profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1)); + lasso_get_default_signature_method())); } if (profile->http_request_method == LASSO_HTTP_METHOD_REDIRECT) { lasso_assign_new_gobject(profile->response, lasso_lib_logout_response_new_full( diff --git a/lasso/id-ff/name_identifier_mapping.c b/lasso/id-ff/name_identifier_mapping.c index 80af6fec4..f84020eb6 100644 --- a/lasso/id-ff/name_identifier_mapping.c +++ b/lasso/id-ff/name_identifier_mapping.c @@ -259,7 +259,7 @@ lasso_name_identifier_mapping_init_request(LassoNameIdentifierMapping *mapping, targetNamespace, profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1); + lasso_get_default_signature_method()); if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_REQUEST(profile->request) == FALSE) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } @@ -458,7 +458,7 @@ lasso_name_identifier_mapping_validate_request(LassoNameIdentifierMapping *mappi request, profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1); + lasso_get_default_signature_method()); if (LASSO_IS_LIB_NAME_IDENTIFIER_MAPPING_RESPONSE(profile->response) == FALSE) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED); diff --git a/lasso/id-ff/name_registration.c b/lasso/id-ff/name_registration.c index 11dbf24fe..076cf9624 100644 --- a/lasso/id-ff/name_registration.c +++ b/lasso/id-ff/name_registration.c @@ -339,7 +339,7 @@ lasso_name_registration_init_request(LassoNameRegistration *name_registration, idpNameIdentifier, spNameIdentifier, oldNameIdentifier, profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1); + lasso_get_default_signature_method()); if (profile->request == NULL) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_REQUEST_FAILED); } @@ -575,7 +575,7 @@ lasso_name_registration_validate_request(LassoNameRegistration *name_registratio LASSO_LIB_REGISTER_NAME_IDENTIFIER_REQUEST(profile->request), profile->server->certificate ? LASSO_SIGNATURE_TYPE_WITHX509 : LASSO_SIGNATURE_TYPE_SIMPLE, - LASSO_SIGNATURE_METHOD_RSA_SHA1); + lasso_get_default_signature_method()); if (LASSO_IS_LIB_REGISTER_NAME_IDENTIFIER_RESPONSE(profile->response) == FALSE) { return critical_error(LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED); } diff --git a/lasso/id-ff/provider.c b/lasso/id-ff/provider.c index 32a907d43..961c3669d 100644 --- a/lasso/id-ff/provider.c +++ b/lasso/id-ff/provider.c @@ -1274,7 +1274,7 @@ lasso_provider_load_public_key(LassoProvider *provider, LassoPublicKeyType publi if (public_key != NULL) { xmlSecKey *key = lasso_xmlsec_load_private_key(public_key, NULL, - LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL); + lasso_get_default_signature_method(), NULL); if (key) { lasso_list_add_new_sec_key(keys, key); } else { diff --git a/lasso/xml/tools.c b/lasso/xml/tools.c index ce322ee1f..cf6dade09 100644 --- a/lasso/xml/tools.c +++ b/lasso/xml/tools.c @@ -2746,7 +2746,7 @@ next: content = xmlNodeGetContent(key_value); if (content) { result = lasso_xmlsec_load_private_key_from_buffer((char*)content, - strlen((char*)content), NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL); + strlen((char*)content), NULL, lasso_get_default_signature_method(), NULL); xmlFree(content); } } diff --git a/tests/basic_tests.c b/tests/basic_tests.c index f9cfef266..0652abc28 100644 --- a/tests/basic_tests.c +++ b/tests/basic_tests.c @@ -2008,16 +2008,16 @@ START_TEST(test14_lasso_key) check_true(g_file_get_contents(TESTSDATADIR "sp1-la/private-key-raw.pem", &buffer, &length, NULL)); check_not_null(key = lasso_key_new_for_signature_from_memory(buffer, - length, NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1, + length, NULL, lasso_get_default_signature_method(), NULL)); lasso_release_gobject(key); check_not_null(key = lasso_key_new_for_signature_from_file(TESTSDATADIR - "sp1-la/private-key-raw.pem", NULL, LASSO_SIGNATURE_METHOD_RSA_SHA1, + "sp1-la/private-key-raw.pem", NULL, lasso_get_default_signature_method(), NULL)); lasso_release_gobject(key); base64_encoded = g_base64_encode(BAD_CAST buffer, length); check_not_null(key = lasso_key_new_for_signature_from_base64_string(base64_encoded, NULL, - LASSO_SIGNATURE_METHOD_RSA_SHA1, NULL)); + lasso_get_default_signature_method(), NULL)); lasso_release_string(base64_encoded); lasso_release_string(buffer); lasso_release_gobject(key); -- 2.26.3