diff --git a/.gitignore b/.gitignore index 87674f9..5e69122 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ /lasso-2.5.0.tar.gz /lasso-2.5.1.tar.gz /lasso-2.6.0.tar.gz +/lasso-2.6.1.tar.gz diff --git a/0005-tests-use-self-generated-certificate-to-sign-federat.patch b/0005-tests-use-self-generated-certificate-to-sign-federat.patch deleted file mode 100644 index e53d685..0000000 --- a/0005-tests-use-self-generated-certificate-to-sign-federat.patch +++ /dev/null @@ -1,382 +0,0 @@ -From 12a3f6c10ee3d5f321a751cf6c4cb7f63313582e Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Thu, 13 Jun 2019 13:03:04 +0200 -Subject: [PATCH] tests: use self-generated certificate to sign federation - metadata file (#33823) - ---- - tests/basic_tests.c | 13 +--- - tests/data/lasso.crt | 23 +++++++ - tests/data/lasso.csr | 15 ++++ - tests/data/lasso.key | 27 ++++++++ - .../metadata/metadata-federation-renater.crt | 15 ---- - tests/data/metadata/renater-metadata.xml | 69 +++++++++++-------- - tests/data/rootCA.crt | 32 +++++++++ - tests/data/rootCA.key | 51 ++++++++++++++ - tests/data/rootCA.srl | 1 + - 9 files changed, 192 insertions(+), 54 deletions(-) - create mode 100644 tests/data/lasso.crt - create mode 100644 tests/data/lasso.csr - create mode 100644 tests/data/lasso.key - delete mode 100644 tests/data/metadata/metadata-federation-renater.crt - create mode 100644 tests/data/rootCA.crt - create mode 100644 tests/data/rootCA.key - create mode 100644 tests/data/rootCA.srl - -diff --git a/tests/basic_tests.c b/tests/basic_tests.c -index c08cab69..84999a17 100644 ---- a/tests/basic_tests.c -+++ b/tests/basic_tests.c -@@ -1983,24 +1983,13 @@ START_TEST(test13_test_lasso_server_load_metadata) - block_lasso_logs; - check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP, - TESTSDATADIR "/metadata/renater-metadata.xml", -- TESTSDATADIR "/metadata/metadata-federation-renater.crt", -+ TESTSDATADIR "/rootCA.crt", - &blacklisted_1, &loaded_entity_ids, - LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT)); - unblock_lasso_logs; - check_equals(g_hash_table_size(server->providers), 110); - check_equals(g_list_length(loaded_entity_ids), 110); - --#if 0 -- /* UK federation file are too big to distribute (and I don't even known if it's right to do -- * it, disable this test for now ) */ -- check_good_rc(lasso_server_load_metadata(server, LASSO_PROVIDER_ROLE_IDP, -- TESTSDATADIR "/ukfederation-metadata.xml", -- TESTSDATADIR "/ukfederation.pem", -- &blacklisted_1, &loaded_entity_ids, -- LASSO_SERVER_LOAD_METADATA_FLAG_DEFAULT)); -- check_equals(g_list_length(loaded_entity_ids), 283); -- check_equals(g_hash_table_size(server->providers), 393); --#endif - lasso_release_list_of_strings(loaded_entity_ids); - - lasso_release_gobject(server); -diff --git a/tests/data/lasso.crt b/tests/data/lasso.crt -new file mode 100644 -index 00000000..568a0b9c ---- /dev/null -+++ b/tests/data/lasso.crt -@@ -0,0 +1,23 @@ -+-----BEGIN CERTIFICATE----- -+MIID6zCCAdMCFALT+lN2uLJWF7p2xOo65/5KwxixMA0GCSqGSIb3DQEBCwUAMEUx -+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl -+cm5ldCBXaWRnaXRzIFB0eSBMdGQwIBcNMTkwNjExMDc0NTU2WhgPMjI5MzAzMjUw -+NzQ1NTZaMB0xCzAJBgNVBAYTAkZSMQ4wDAYDVQQDDAVMYXNzbzCCASIwDQYJKoZI -+hvcNAQEBBQADggEPADCCAQoCggEBAOIS/WATGMJsv7OvgrjpYmAW3RmojVp4cHi0 -+17HelWVZ5adX3zSljecmpb1UQcBNzEDb15tOnNO708O94fFLWiWRfjYWa1QYOLkZ -+6kHAR2yJTkhBNQl326K6BnJkWoCsErkXa1608+6+rXR+9KchB/lLSY3Dqh8L6N7s -+qE+xyD1Z8HM3mHs9CM4crIpCPaZ80/yNfBPqPA2Zv4uIBrwSF32rPnh1ciJuIKQg -+jnCQOaKC2j+VsytgthriI0PVRzC7WPAJReQa65N/i721jG6rPecwVcCS9G6cmG+s -+pq6GERUe7nFVdNZ5sRzNsGuDpEdmeCS1pCPtW2hufm8vqvtw9ZkCAwEAATANBgkq -+hkiG9w0BAQsFAAOCAgEAfbHk+QNvLYDNlqwwlu5+88/3CcEx+s1voXOBTxgyIAR2 -+NVKkO7dAW5me51jPPZhy+xC4i+AAeLW5JGwirM5LDgU+9P02JBsZ4OoZI3pBAZ5m -+GrmxrMm6q+9mJ+6bMHolfBNN6hoaWeJiknvc1Id7o0Dh4PbdV7r6ISuXisDb/1je -+tmzxoFuXhmDwwHMTG7eUORVFEgS8V5NNKMv16BeWNDohJVP6icxwoi5JswUl+vfO -+rvIwx2GAJ2EQAbSZv5ADFQ4/vxeopULgLnblc3BwVG4RTT7plNgT2iXP8YwmEGKb -+JDHRVFUo1tX6EKkBUI9AgETrdUnLq6XxP11JmrqNL9oOHw+hGb5vT1wyn6FFxZo2 -+BVgfqdiGbjcs1bTKeQAZKuhaW90oV6+yYD6WtWn/LfHnftAJivALkmUk+XaSqqbO -+FxuyRsz9C/yq0azr6IkCWhGwBYoLvf2CrvovSYpPXefeQ+1yXNDW7bvfAQfOO9xk -+SqQi4cYJw9hNqTk2f61x6UX/o8wKVhXEHyaCr9lVLNpCK0Uy07f3zkubx1mW5PST -+ITSnD8sPD7iMyGOJa5tQJ8W5u2NJT6qo52Jubgc8PapkOoYyEhUaTQEb8RN6D3oD -+xc8cCKn4HUtpkJKgxYhQDtsomJp2RK7lzjVPXAlFUmld88WgqdJwp9GSvMEktA0= -+-----END CERTIFICATE----- -diff --git a/tests/data/lasso.csr b/tests/data/lasso.csr -new file mode 100644 -index 00000000..c450e1b4 ---- /dev/null -+++ b/tests/data/lasso.csr -@@ -0,0 +1,15 @@ -+-----BEGIN CERTIFICATE REQUEST----- -+MIICYjCCAUoCAQAwHTELMAkGA1UEBhMCRlIxDjAMBgNVBAMMBUxhc3NvMIIBIjAN -+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hL9YBMYwmy/s6+CuOliYBbdGaiN -+WnhweLTXsd6VZVnlp1ffNKWN5yalvVRBwE3MQNvXm06c07vTw73h8UtaJZF+NhZr -+VBg4uRnqQcBHbIlOSEE1CXfboroGcmRagKwSuRdrXrTz7r6tdH70pyEH+UtJjcOq -+Hwvo3uyoT7HIPVnwczeYez0IzhysikI9pnzT/I18E+o8DZm/i4gGvBIXfas+eHVy -+Im4gpCCOcJA5ooLaP5WzK2C2GuIjQ9VHMLtY8AlF5Brrk3+LvbWMbqs95zBVwJL0 -+bpyYb6ymroYRFR7ucVV01nmxHM2wa4OkR2Z4JLWkI+1baG5+by+q+3D1mQIDAQAB -+oAAwDQYJKoZIhvcNAQELBQADggEBAJcoM7bn2yEElJjpX8mYuawWwlNdLOCyIPCc -+tr6b61CmVDVntWw61fExrg+n1b5uOVuUAEaYNutw6nypzrfvr4wjGKxbl/jTSJCM -+WHLl0/+IGQgr41SbRaySA1Y1hdJEd1ummH07sd7FfQNN/T/zLGaM0CI2/yj89VRk -+BJwiSwbFp1zqntoITQPjo/vpWAqahqNpSKR+C5l1f870wVI2wPg89McRw35EACdx -+Pys8g15+3eKBRTD24eOSWDAL4iDz1jh8ejwtuPjZCQRgg7pkV7uK9Qq4XbStW8AR -+JftZ9BBmUOkpdTY0ml6uNojI5u3J/A8KL0UHeiOGLzEy6l64qjE= -+-----END CERTIFICATE REQUEST----- -diff --git a/tests/data/lasso.key b/tests/data/lasso.key -new file mode 100644 -index 00000000..d6ee4142 ---- /dev/null -+++ b/tests/data/lasso.key -@@ -0,0 +1,27 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIEpAIBAAKCAQEA4hL9YBMYwmy/s6+CuOliYBbdGaiNWnhweLTXsd6VZVnlp1ff -+NKWN5yalvVRBwE3MQNvXm06c07vTw73h8UtaJZF+NhZrVBg4uRnqQcBHbIlOSEE1 -+CXfboroGcmRagKwSuRdrXrTz7r6tdH70pyEH+UtJjcOqHwvo3uyoT7HIPVnwczeY -+ez0IzhysikI9pnzT/I18E+o8DZm/i4gGvBIXfas+eHVyIm4gpCCOcJA5ooLaP5Wz -+K2C2GuIjQ9VHMLtY8AlF5Brrk3+LvbWMbqs95zBVwJL0bpyYb6ymroYRFR7ucVV0 -+1nmxHM2wa4OkR2Z4JLWkI+1baG5+by+q+3D1mQIDAQABAoIBAClNONcFhh93CKrG -+JMatdJiDdM9MOM7PdBTJTSKkvHxwqQEij5epqzwQlnT5YK3GSMuMnl40RXh1NyHq -+nc2ca5KzevBctiz949cFQgPTIflVOGUA7LSXHhwjiiv544LgbOc9vRLnUi1Kzpua -+2g1yfmdv9rcciQb1AQ1BBRrSKvfyD410KojJXwunYx32hrHdnhPwC3xyg6BEMpq9 -+PtcnTvFY/iDeyzYLwAwJb2xdTCpg7okd1KthtohS740Y0uS+UVaEDK7xOIj+CNIq -+ii+j0fv5N5fjke8TdUszLWkDYQQ9BTJWFOjJ72FZs9J8pk7RlNhnt6tEoZ6866+w -+nprmJwUCgYEA9VWT0FswnSnm+lkRP7vc/SJYTg6zD2BrGOKEo58L8TObb242G+Fs -+JteMvdVm14GublmqXZv6Md5x5iVh3kRlu+8dbM5WnBNpwt6mGZPK7if5K/X1qiJg -+BeroAX/KuVjSHBYVDFfHqPQg146RFcj/q7aCsqc+aMwgdUZ8OlBjRf8CgYEA6+cP -+GG9VOlXWZ2RzSBoKrvxJgSQRpgVXeJAr1BWZ+pJVGIft3zSbeJ30nsUuob61UDVH -+g6HzjOUQWHyK4wq2gyK3kOw/Aii6z4REXDVMVq3OgqaE4Fw+MH31ci8JILU415ZY -+DQGo++E87tbSgp32gqou7Aj7Y4Sfvx+V/da4NGcCgYAv+tGSsRLb2cMLePnPnh0F -+AH+GnIdWXYP0dPB903ARdwdSDprUbwyouAUVZzPat8j2WeDgt82BjUB3Qx5Vysie -+rY/ypJP5qC5J5yNS4z2PwA+SEmM+J8Thw2QmTujFwOIujf8Fz/EDUONPZNlpCks+ -+OM5sxBqHgkxiwysueGRB3wKBgQCWwXDaMrwKrbR5Gq65kzrknQH0b7J/oMZHnAsG -+XE+s3DtZk/SmQh5hNMCRfn3Qi+mfOo1bR/I3RmPtyJmRgtUkdNlO2kth+9l2qJZv -+PvhsJGLnB7e/EfQEVVq3/+sbZfTPgZr/pOHzJfwkvlCFfKF+23dlDFBrRuQ35d2a -+/M93XQKBgQCmAatw/7+z/CS6HinOW7W4k77eQ4wHb8XwzTl8T/5mf6KzejDUuEpZ -+hi4ZMAZqNywiJo7UOu6APVzRU7qF6Dbg4eIZWtIocMhp19kUArAPz7NcrghXsTIZ -+UdBWeG3kgUa5Q6d/D2OpWHK9S8LRdUL4/H0WZoqDOoDpJwKpljevyg== -+-----END RSA PRIVATE KEY----- -diff --git a/tests/data/metadata/metadata-federation-renater.crt b/tests/data/metadata/metadata-federation-renater.crt -deleted file mode 100644 -index b6117441..00000000 ---- a/tests/data/metadata/metadata-federation-renater.crt -+++ /dev/null -@@ -1,15 +0,0 @@ -------BEGIN CERTIFICATE----- --MIICZTCCAc6gAwIBAgIEScn+qTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJG --UjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNhdCBkZSBzaWdu --YXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0aW9uIEVkdWNhdGlv --bi1SZWNoZXJjaGUwHhcNMDkwMzI1MDk1MTM3WhcNMTkwMzIzMDk1MTM3WjB3MQsw --CQYDVQQGEwJGUjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNh --dCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0aW9u --IEVkdWNhdGlvbi1SZWNoZXJjaGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB --AJBXcLIguokGiytYSOrgmU6fN+1DXK4eaquvFGMaswuhcRPD4tXtSs8CGxPP8/VF --Mpcry04lfPA3mpwDis47hsvmLqGJVmfSuvkDsPx+I325h4WqGzEV8kfttkJSi8D0 --QLKk9wseA+BHzoBpU6e5uWmGqfWJgbZlcUuYKCIE2nL/AgMBAAEwDQYJKoZIhvcN --AQEFBQADgYEAT0rUS5GTtqW9a0pAv0PjieSS6bW3KG3Mtn0jC1dmav6X9fbhhmFL --1XSC9WnCU2UD3986EWWYKhN2INHghHE/fQGveVwdcVSSt601OpAsUF18tx0vHqkf --Shcj7mteq59Gv4hOE8U1Urd/pSRaIO3G42X6/L/AlXeDkicfGZHhq7Q= -------END CERTIFICATE----- -diff --git a/tests/data/metadata/renater-metadata.xml b/tests/data/metadata/renater-metadata.xml -index 868f9259..70517100 100644 ---- a/tests/data/metadata/renater-metadata.xml -+++ b/tests/data/metadata/renater-metadata.xml -@@ -1,4 +1,5 @@ -- -+ -+ - - - -@@ -11,36 +12,50 @@ - AIDrFyG3G6IpXdapls2LeP2Awt8= - - -- --Mb7C8CsvA6UNnLN+LHCoOG7+c1CYQtUMm+o3p31niDfRcDcCDtuZ521FGM6p6ki6fS8HlncK0Q+h --7rpXNeD2dY12FU94vI5wfF6m89pRs6QYE4O13HPDDZvhRZY+BX4+fqg6tsRz8NRaFS/xvxSzzPzO --dsOrE6R2/QhrcaF1PnA= -- -+a47ZynaE+fXQFr2QkjjNsPoWhG0Lbed36MZ2/1jNygD2Ck3zYNSBxFTNI0bhZSi+ -+sYefYhnYDqpz785/90Ym3hVL+olMZ8z7NLlkeDKCScNCi1436j/W4voR0jez3BkA -+IrMW2p4eUtSwfTHRazMtRacQrwTk3JAbShXuWU7fVnRI4t8oa8t43rf2hz+rRG8F -+SizMOyyHMak13jaVCmX5qoaO4OWmqs2GhXsx8hRfzJ8o6w417InTLWcuIRNw1/zm -+6O6H1as6nmKv34SppCiwdGrTpT6i3/zB3j9Hw7iyuvTF5bbaF+7MMsW/pjw5VOF8 -+lmNqhsCFdu+JsaTFBIB2Fg== - - - - --kFdwsiC6iQaLK1hI6uCZTp837UNcrh5qq68UYxqzC6FxE8Pi1e1KzwIbE8/z9UUylyvLTiV88Dea --nAOKzjuGy+YuoYlWZ9K6+QOw/H4jfbmHhaobMRXyR+22QlKLwPRAsqT3Cx4D4EfOgGlTp7m5aYap --9YmBtmVxS5goIgTacv8= -+4hL9YBMYwmy/s6+CuOliYBbdGaiNWnhweLTXsd6VZVnlp1ffNKWN5yalvVRBwE3M -+QNvXm06c07vTw73h8UtaJZF+NhZrVBg4uRnqQcBHbIlOSEE1CXfboroGcmRagKwS -+uRdrXrTz7r6tdH70pyEH+UtJjcOqHwvo3uyoT7HIPVnwczeYez0IzhysikI9pnzT -+/I18E+o8DZm/i4gGvBIXfas+eHVyIm4gpCCOcJA5ooLaP5WzK2C2GuIjQ9VHMLtY -+8AlF5Brrk3+LvbWMbqs95zBVwJL0bpyYb6ymroYRFR7ucVV01nmxHM2wa4OkR2Z4 -+JLWkI+1baG5+by+q+3D1mQ== - --AQAB -+ -+AQAB -+ - - - -- --MIICZTCCAc6gAwIBAgIEScn+qTANBgkqhkiG9w0BAQUFADB3MQswCQYDVQQGEwJGUjEQMA4GA1UE --ChMHUkVOQVRFUjFWMFQGA1UEAxNNQ2VydGlmaWNhdCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9u --bmVlcyBkZSBsYSBmZWRlcmF0aW9uIEVkdWNhdGlvbi1SZWNoZXJjaGUwHhcNMDkwMzI1MDk1MTM3 --WhcNMTkwMzIzMDk1MTM3WjB3MQswCQYDVQQGEwJGUjEQMA4GA1UEChMHUkVOQVRFUjFWMFQGA1UE --AxNNQ2VydGlmaWNhdCBkZSBzaWduYXR1cmUgZGVzIG1ldGEgZG9ubmVlcyBkZSBsYSBmZWRlcmF0 --aW9uIEVkdWNhdGlvbi1SZWNoZXJjaGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJBXcLIg --uokGiytYSOrgmU6fN+1DXK4eaquvFGMaswuhcRPD4tXtSs8CGxPP8/VFMpcry04lfPA3mpwDis47 --hsvmLqGJVmfSuvkDsPx+I325h4WqGzEV8kfttkJSi8D0QLKk9wseA+BHzoBpU6e5uWmGqfWJgbZl --cUuYKCIE2nL/AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAT0rUS5GTtqW9a0pAv0PjieSS6bW3KG3M --tn0jC1dmav6X9fbhhmFL1XSC9WnCU2UD3986EWWYKhN2INHghHE/fQGveVwdcVSSt601OpAsUF18 --tx0vHqkfShcj7mteq59Gv4hOE8U1Urd/pSRaIO3G42X6/L/AlXeDkicfGZHhq7Q= -- -+MIID6zCCAdMCFALT+lN2uLJWF7p2xOo65/5KwxixMA0GCSqGSIb3DQEBCwUAMEUx -+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl -+cm5ldCBXaWRnaXRzIFB0eSBMdGQwIBcNMTkwNjExMDc0NTU2WhgPMjI5MzAzMjUw -+NzQ1NTZaMB0xCzAJBgNVBAYTAkZSMQ4wDAYDVQQDDAVMYXNzbzCCASIwDQYJKoZI -+hvcNAQEBBQADggEPADCCAQoCggEBAOIS/WATGMJsv7OvgrjpYmAW3RmojVp4cHi0 -+17HelWVZ5adX3zSljecmpb1UQcBNzEDb15tOnNO708O94fFLWiWRfjYWa1QYOLkZ -+6kHAR2yJTkhBNQl326K6BnJkWoCsErkXa1608+6+rXR+9KchB/lLSY3Dqh8L6N7s -+qE+xyD1Z8HM3mHs9CM4crIpCPaZ80/yNfBPqPA2Zv4uIBrwSF32rPnh1ciJuIKQg -+jnCQOaKC2j+VsytgthriI0PVRzC7WPAJReQa65N/i721jG6rPecwVcCS9G6cmG+s -+pq6GERUe7nFVdNZ5sRzNsGuDpEdmeCS1pCPtW2hufm8vqvtw9ZkCAwEAATANBgkq -+hkiG9w0BAQsFAAOCAgEAfbHk+QNvLYDNlqwwlu5+88/3CcEx+s1voXOBTxgyIAR2 -+NVKkO7dAW5me51jPPZhy+xC4i+AAeLW5JGwirM5LDgU+9P02JBsZ4OoZI3pBAZ5m -+GrmxrMm6q+9mJ+6bMHolfBNN6hoaWeJiknvc1Id7o0Dh4PbdV7r6ISuXisDb/1je -+tmzxoFuXhmDwwHMTG7eUORVFEgS8V5NNKMv16BeWNDohJVP6icxwoi5JswUl+vfO -+rvIwx2GAJ2EQAbSZv5ADFQ4/vxeopULgLnblc3BwVG4RTT7plNgT2iXP8YwmEGKb -+JDHRVFUo1tX6EKkBUI9AgETrdUnLq6XxP11JmrqNL9oOHw+hGb5vT1wyn6FFxZo2 -+BVgfqdiGbjcs1bTKeQAZKuhaW90oV6+yYD6WtWn/LfHnftAJivALkmUk+XaSqqbO -+FxuyRsz9C/yq0azr6IkCWhGwBYoLvf2CrvovSYpPXefeQ+1yXNDW7bvfAQfOO9xk -+SqQi4cYJw9hNqTk2f61x6UX/o8wKVhXEHyaCr9lVLNpCK0Uy07f3zkubx1mW5PST -+ITSnD8sPD7iMyGOJa5tQJ8W5u2NJT6qo52Jubgc8PapkOoYyEhUaTQEb8RN6D3oD -+xc8cCKn4HUtpkJKgxYhQDtsomJp2RK7lzjVPXAlFUmld88WgqdJwp9GSvMEktA0= - - - -@@ -1277,7 +1292,7 @@ Ugr24VE4pUTqq2xGSOazVN0EKSqULXvM9ZHupGDCJmRH4P3H/X4w8Cq5Y6c0pDtJ - - - -- -+ - - - -@@ -8584,7 +8599,7 @@ f6ou5oRTltOZOUJfXI1XMhAUNnU7zQvrFeoGrRzGv3zq8AieXbRyWhXY1Eo1mPpS - $Id: renater.xml,v 1.4 2011/03/30 13:23:00 rdc Exp $ - generated at Wed Mar 30 14:18:20 2011 - by %Id: shib-config,v 1.6 2010/09/10 15:10:15 pmh Exp % -- --> -+ --> - - - -@@ -15545,7 +15560,7 @@ oZQx - - - -- -+ - - - -@@ -30065,4 +30080,4 @@ ihb/MX5UR6g83EMmqZsFt57ANEORMNQywxFa4Q== - - - -- -\ No newline at end of file -+ -diff --git a/tests/data/rootCA.crt b/tests/data/rootCA.crt -new file mode 100644 -index 00000000..a31c99a2 ---- /dev/null -+++ b/tests/data/rootCA.crt -@@ -0,0 +1,32 @@ -+-----BEGIN CERTIFICATE----- -+MIIFbTCCA1WgAwIBAgIUJD9pAmQfrAv6NLPnweO4XUdIbzkwDQYJKoZIhvcNAQEL -+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM -+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0xOTA2MTEwNzQzNTVaGA8yMjkz -+MDMyNTA3NDM1NVowRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx -+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCAiIwDQYJKoZIhvcN -+AQEBBQADggIPADCCAgoCggIBAJuPnHwxmpRquFkFok4VkO39j5NT2a8+Wfp8zYnh -+qLt3CG3oDyFftWyF97NJYoxDPbio2fVYJiBKutDOMYPsJfrd4SoqcDOGOAdfkNl9 -+SEhCnzrzlOj6ZcDoNTG0IvKh+NzLgfpU1wggyLW2ZXwvwf8hNGW9YR1i8XY5TSmt -+0z9Dawsg2QAyYjoemUeDOVWEFWISmXySC2osXGANcOaaFMEv1Ryj5HWHzcCVZZ0g -+UBG9iDZqewDvPg+SRvC2k16coeRjsSstHzVqBxOWpp5Oium39K8jXV6jG+JkFn49 -+C2RBldpajbPhvHKOdtJeID20njgmfCRZB/KfQGPPf8xXk4wBTxPU9L8wKy370unZ -+P4WD1vq35KfPsiUdlavzqYkOkI20iWIZO6853oSPlJ4zmBVNXP8VhQm0h2VovNH+ -+Zde4vaPtQXPwwNbCvBItu5m1uaigPgRycBJV8M0gdliAICfCMeSwQDrhkX6ck17n -+uBpxBTCn9GEFN/+7miNH/roH03NHU3vciqTAi1MrDA3jfOZkYBC/Cd5AmsMc6NTO -+Xc57mFwuZ+BmQI6w1ddL5e+5Y/DA57VexfTdG+/TpS+D9oBJUmaczkAG+27YKs8f -+mJKoTSPULjXK8pwwcBMk8HuS5bt6fBBmqbJb8bwXceEHCBg7WCYNmXy5lXwUUwAh -+NDwDAgMBAAGjUzBRMB0GA1UdDgQWBBRWppx3mP/hCh9ZLKZfwGBeg1wiPjAfBgNV -+HSMEGDAWgBRWppx3mP/hCh9ZLKZfwGBeg1wiPjAPBgNVHRMBAf8EBTADAQH/MA0G -+CSqGSIb3DQEBCwUAA4ICAQAWfNrX65UUI55f0A8svSIUVy8c7YjX8P70xMWq7Cpe -+tRPo8C98JCr8MtUaAx6VFx4sjHyCPmEIIf+u7aDxRhrxpqAQAQl5me8OxqwmOxKu -+I7WeRrjAvOux52xfjqtm36fx9SUDu94ox5LdG+NNtG29AbLZeAs4pe4qVqH1GQb9 -+fw3lvxwKV+AovpVZ7eXyscfSvKWi4rgzVJl27me/rgLZsVYJ2gAjTI77vGN1G0ro -+q2iaTvEALHlzhKepVg1IAJAGJLSZegcK3zwWOqZzkL77De6Z3+zbxwNopcy/CGEs -+9v9gDyL1LeAJ3o/dehvPiqMWogTVO6X77sNIiiu41sdaWSTiFllmyO+hQqS69R68 -+NOe+uAP1+taLhD16kp7XHS0MIXEPaQbEgrXtqb163oMJSAaok3xXNyRJ7ZNMS4CT -+0QJE15PpnbRYoQOf4QrrsDmpl2ybU7MR9uOj64qVSvUtBcq1w7ljPStbkN7F7OOU -+pepVvNaWe820kgQ/l9tu1WY9D7PFGP6iWY4AwdxcpWwlJnIr104X3PQ0Y5/msYVs -+zEnqaNiEOnbmTZUvn5jJOwh8DWUo+LffRQx/PoZlhZ/L/L3RtpGUV2E+E5Gzqs7W -+gey9iG11CVcvK/wdCj0zhW/XpesQuwinIMawGS6G92igHo+AFjJoGaGiw3jYdep8 -+CA== -+-----END CERTIFICATE----- -diff --git a/tests/data/rootCA.key b/tests/data/rootCA.key -new file mode 100644 -index 00000000..6b39fb45 ---- /dev/null -+++ b/tests/data/rootCA.key -@@ -0,0 +1,51 @@ -+-----BEGIN RSA PRIVATE KEY----- -+MIIJJwIBAAKCAgEAm4+cfDGalGq4WQWiThWQ7f2Pk1PZrz5Z+nzNieGou3cIbegP -+IV+1bIX3s0lijEM9uKjZ9VgmIEq60M4xg+wl+t3hKipwM4Y4B1+Q2X1ISEKfOvOU -+6PplwOg1MbQi8qH43MuB+lTXCCDItbZlfC/B/yE0Zb1hHWLxdjlNKa3TP0NrCyDZ -+ADJiOh6ZR4M5VYQVYhKZfJILaixcYA1w5poUwS/VHKPkdYfNwJVlnSBQEb2INmp7 -+AO8+D5JG8LaTXpyh5GOxKy0fNWoHE5amnk6K6bf0ryNdXqMb4mQWfj0LZEGV2lqN -+s+G8co520l4gPbSeOCZ8JFkH8p9AY89/zFeTjAFPE9T0vzArLfvS6dk/hYPW+rfk -+p8+yJR2Vq/OpiQ6QjbSJYhk7rznehI+UnjOYFU1c/xWFCbSHZWi80f5l17i9o+1B -+c/DA1sK8Ei27mbW5qKA+BHJwElXwzSB2WIAgJ8Ix5LBAOuGRfpyTXue4GnEFMKf0 -+YQU3/7uaI0f+ugfTc0dTe9yKpMCLUysMDeN85mRgEL8J3kCawxzo1M5dznuYXC5n -+4GZAjrDV10vl77lj8MDntV7F9N0b79OlL4P2gElSZpzOQAb7btgqzx+YkqhNI9Qu -+NcrynDBwEyTwe5Llu3p8EGapslvxvBdx4QcIGDtYJg2ZfLmVfBRTACE0PAMCAwEA -+AQKCAgBPPweu1O40cXFcGFyofqAIPUWo/exFM/ROgMmMViLI7UikBLXAgKtBj7Wx -+5c6IObD1oz71l2REyw0EViYvWFu4wtNz0Y67EML2Lp7xzLrH5PiM5Y2UagrwDNsc -+aPHsvMq0YA/k4NdyUpEs0LA+ZW3kdJvmwGT6vW7YlTRT6TNWZRfg4WjqisAzb2cS -+YS0R/WmPPn5mUVfzTIn6fJ5pO1EbYSylnHBD11zfoLvVIaLohq8fWXsz7Kym7hOp -+iLjmV9C5MngM0L23Tj4womxa9RQbIBVMKy3jiiAoYmh7AsoM1sRqKftKCdMgYKbz -+X/P4u0xmumQ/eANue+YncoteI7cLrjps1RUeodmRgxLt0KHbTW4X35Fd6yI+Nxts -+13aA6J/WusELQYigBXG3cHOfxfOMkqjdVozReF+QzsAJFXQwV4lQhsdlkVjnMWB9 -+iotUVj9X8SWHktBnCHmuyuQoyJIxwM6cBLv1bJCpdiGcJJrtPgTwI3ybjVDlsVpE -+A2EaWiH2UDnzmI2OXy2BaOmLoYzV3kYLhd1zG2q2rLDd70kzOHJJmTOp8xFzZVOA -+74IbdWb6J3C6o7F8IFK+1strw6ADDINEyg+zoIbNUGVyvGI90Xak+7k8KgGWSplw -+318k0xyh6hu9HU/wWHE2WObjIWKnzDHnt917dJkyMazyC2x3wQKCAQEAy4gAWJNM -+/mVa4sr2NLUNPQpVfxhSF/jhxdD3b5Z5A/PD+spUcF1WZSpBj8BmNOWilJ2pBMkv -+Yp7o2s4MbLIFx1HMgVI/cTo1/kk8hvCBdX9n1Dum3dRNTaxBUaZNDdBZ61b4an/V -+lrK20Tx3RY23qInoOUsBFENF+UJUAkujXH3tBv5d//yfX9z75sesQl/HKVr1UAI6 -+I7a76sO+0bCnDAxooIQH0sLzmWa9JliiFd8gWeY7Yd+/jCw4toptkgtXUUm1dFLL -+8s7Eah+P0ORZ17+eBWub/4gOzbgfOh4EKNU/lLI9r2L6RH0F9C3Symm6mu7EBpEC -+SzDyHnYqzpAh8wKCAQEAw6nSmp+HBz7AhW+tEiXt1KjvCRgslVMGQ/UTFbU8TqLd -+rECn5wKO45EHV4at6jazJUhwIBVty39duiOmmEWOtpCxX3OgdM11s8/LACXv4/B4 -+pWHqzhJgrwISOLLoxEoM+A3odXoEw95phOy7seBkVxJ6Idq3obpZli0ilDHfFT2R -+B+kANrCI5D9d43XdoEBaS6EWvd0TrIbkrfwWrQtbmGuXsmj/ZpOntPixUaZO+go1 -+P0eDrUZlRcfVWBGNRiEHiGr0InOWrK93OtjoGB3SjtnQkRP5JJSN/2QOCw7LvmZj -+GA/KdQxef0Rh5cKLd3LBzwTzGwl+4MMME+WL0M3xsQKCAQAg8bKco7sismUzsIaJ -+oYSzDKkqGVWwa6ifzGNAvKp56UsfnQBt7628UkqqagohJcpbI+nnzGjPHcmzIQcB -+0Q7+ZE8l35pFSZbTwib58JQD4Mt9nuozndmlaOxpuvFd+wuS/FDZbDe2XNcapx7n -+Mzk3HptoKqvSC9GXtxTCClw27GshZqrwdIOXkL11bXyEgdxK5V4vxSyD+2APb//D -+EUT4vklxMe3SP5wOiIK1YkNaJvOlmY6jGQR4O/AyG9YAfbV0gunMGlrIwo8oXlN5 -+DH0+XtXFKtXlVrCOu+7SCWnC8kGIYBF8AhlgXJxKGeC0wshhq6QvK+mjIhkOtTHY -+nZvhAoIBAHbQBKcIAAKSRG3CpqHCjmz4OE6Zc1kplUBm7TPdXcWSeHFEwbAxiXr+ -+cirgCXOTy6z0E8InwQg1S0DgrSUB9+s8abjAicrjiHmr0GVCpC0RtPEYSHDiD/u1 -+kkMDwPyQytdF+sZ7VbFquUCSUFdvHv8QpUExgxieBBCBT+IVdpV7UTowboTHJhkT -+sXuR8waAjVQneZvJR00YjHxp+4sQvooLq44W3B/5wXjPGz2tc3+5+yN11au+d3is -+JAzae6L+I4jfCWhyMCikVA5T8HvUgCtmcJPoQP3Jh4BxzWVBks8HdV0DGbmBzVAS -+wi+2tuHNuYpwQv9EANuTFR5v4TrmE8ECggEAMXp5rfHt2hKLtkIwqYE7C8IVGQ9q -+BcjKAJSuDYkyBpfSp9uxkiyvnND5tEj0uOcMCVZlntSIxWx+HXFu5rL0Ax5ZmSal -+uoWpwDXbKYgHF9zlGXqYulsODqZC0cjJpUogXFC0B4pRDUVzuZXO9ACuS5azXYqh -+G6Rw0O6rDTHVgkmazJtxreO8v4NpfIbBbFfQgU5xeHdS6ky9LqG+yUKJ5FWkGWcU -+SqpZX3yxXM4q/cA1KBN31K3V2xvjVPcEwzkZDGDbLg33DASVF7RV/WYymhDuxE+w -+vHDz9Q7dk4pTzCdNiQgomBSjOkLDKWuOvaInQwYWJgavpPGWr31hDyi5Kw== -+-----END RSA PRIVATE KEY----- -diff --git a/tests/data/rootCA.srl b/tests/data/rootCA.srl -new file mode 100644 -index 00000000..8c619f27 ---- /dev/null -+++ b/tests/data/rootCA.srl -@@ -0,0 +1 @@ -+02D3FA5376B8B25617BA76C4EA3AE7FE4AC318B1 --- -2.20.1 - diff --git a/0006-Fix-ECP-signature-not-found-error-when-only-assertio.patch b/0006-Fix-ECP-signature-not-found-error-when-only-assertio.patch deleted file mode 100644 index 0a3c750..0000000 --- a/0006-Fix-ECP-signature-not-found-error-when-only-assertio.patch +++ /dev/null @@ -1,329 +0,0 @@ -From 642182bdf49c9c93a86b093ad7335c8a7a5ae8cc Mon Sep 17 00:00:00 2001 -From: John Dennis -Date: Wed, 9 Jan 2019 17:23:09 -0500 -Subject: [PATCH] Fix ECP signature not found error when only assertion is - signed (#26828) - -With a SAML Authn Response either the message or the assertion -contained in the response message or both can be signed. Most IdP's -sign the message. This fixes a bug when processing an ECP authn -response when only the assertion is signed. - -lasso_saml20_profile_process_soap_response_with_headers() performs a -signature check on the SAML message. A signature can also appear on -the assertion which is checked by -lasso_saml20_login_process_response_status_and_assertion() The problem -occurred when the message was not signed and -lasso_saml20_profile_process_soap_response_with_headers() returned -LASSO_DS_ERROR_SIGNATURE_NOT_FOUND as an error code which is not -actually an error because we haven't checked the signature on the -assertion yet. We were returning the first -LASSO_DS_ERROR_SIGNATURE_NOT_FOUND error when in fact the subsequent -signature check in -lasso_saml20_login_process_response_status_and_assertion() succeeded. - -The ECP unit tests were enhanced to cover these cases. - -The enhanced unit test revealed a problem in two switch statements -operating on the return value of -lasso_profile_get_signature_verify_hint() which were missing a case -statement for LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE which caused -an abort due to an unknown enumeration value. - -Fixes Bug: 26828 -License: MIT -Signed-off-by: John Dennis ---- - lasso/saml-2.0/login.c | 29 ++++++++---- - lasso/saml-2.0/profile.c | 2 + - tests/login_tests_saml2.c | 97 +++++++++++++++++++++++++++++---------- - 3 files changed, 95 insertions(+), 33 deletions(-) - -diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c -index 028ffb31..91ff302d 100644 ---- a/lasso/saml-2.0/login.c -+++ b/lasso/saml-2.0/login.c -@@ -1107,18 +1107,31 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg) - { - LassoSoapHeader *header = NULL; - LassoProfile *profile; -- int rc1, rc2; -+ int rc; - - lasso_null_param(msg); - - profile = LASSO_PROFILE(login); - -- rc1 = lasso_saml20_profile_process_soap_response_with_headers(profile, msg, &header); -+ /* -+ * lasso_saml20_profile_process_soap_response_with_headers() -+ * performs a signature check on the SAML message. A signature -+ * can also appear on the assertion which is checked by -+ * lasso_saml20_login_process_response_status_and_assertion() -+ * (below). Therefore if the error is SIGNATURE_NOT_FOUND we -+ * proceed because -+ * lasso_saml20_login_process_response_status_and_assertion() -+ * will test the signature on the assertion. -+ */ -+ rc = lasso_saml20_profile_process_soap_response_with_headers(profile, msg, &header); -+ if (rc != 0 && rc != LASSO_DS_ERROR_SIGNATURE_NOT_FOUND) { -+ return rc; -+ } - - /* - * If the SOAP message contained a header check for the optional -- * paos:Response and ecp:RelayState elements, if they exist extract their -- * values into the profile. -+ * paos:Response and ecp:RelayState elements, if they exist extract their -+ * values into the profile. - */ - if (header) { - GList *i = NULL; -@@ -1142,12 +1155,8 @@ lasso_saml20_login_process_paos_response_msg(LassoLogin *login, gchar *msg) - lasso_release_gobject(header); - } - -- rc2 = lasso_saml20_login_process_response_status_and_assertion(login); -- if (rc1) { -- return rc1; -- } -- return rc2; -- -+ rc = lasso_saml20_login_process_response_status_and_assertion(login); -+ return rc; - } - - /** -diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c -index 8171e79e..22a4e08c 100644 ---- a/lasso/saml-2.0/profile.c -+++ b/lasso/saml-2.0/profile.c -@@ -398,6 +398,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char - - switch (lasso_profile_get_signature_verify_hint(profile)) { - case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE: -+ case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE: - rc = profile->signature_status; - break; - case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE: -@@ -1559,6 +1560,7 @@ lasso_saml20_profile_process_soap_response_with_headers(LassoProfile *profile, - remote_provider, response_msg, "ID", LASSO_MESSAGE_FORMAT_SOAP); - switch (lasso_profile_get_signature_verify_hint(profile)) { - case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE: -+ case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE: - rc = profile->signature_status; - break; - case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE: -diff --git a/tests/login_tests_saml2.c b/tests/login_tests_saml2.c -index 54c7fb63..e331c07a 100644 ---- a/tests/login_tests_saml2.c -+++ b/tests/login_tests_saml2.c -@@ -1090,42 +1090,42 @@ START_TEST(test08_test_authnrequest_flags) - make_context(sp_context, "sp5-saml2", "", LASSO_PROVIDER_ROLE_IDP, "idp5-saml2", "") - - block_lasso_logs; -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .use_assertion_consumer_service_idx = 1, - .assertion_consumer_service_idx = 0, - .stop_after_build_assertion = 1, - }); -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .assertion_consumer_service_url = "http://sp5/singleSignOnPost", - .stop_after_build_assertion = 1, - }); -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .protocol_binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT, - .stop_after_build_assertion = 1, - }); -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .assertion_consumer_service_url = "http://sp5/singleSignOnPost", - .protocol_binding = LASSO_SAML2_METADATA_BINDING_POST, - .stop_after_build_assertion = 1, - }); -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .assertion_consumer_service_url = "http://sp5/singleSignOnArtifact", - .protocol_binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT, - .stop_after_build_assertion = 1, - }); -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .assertion_consumer_service_url = "http://sp5/singleSignOnPostAndArtifact", - .protocol_binding = LASSO_SAML2_METADATA_BINDING_ARTIFACT, - .stop_after_build_assertion = 1, - }); -- sso_initiated_by_sp2(idp_context, sp_context, -- (SsoSettings) { -+ sso_initiated_by_sp2(idp_context, sp_context, -+ (SsoSettings) { - .assertion_consumer_service_url = "http://sp5/singleSignOnPostAndArtifact", - .protocol_binding = LASSO_SAML2_METADATA_BINDING_POST, - .stop_after_build_assertion = 1, -@@ -1278,7 +1278,9 @@ static void validate_idp_list(LassoEcp *ecp, EcpIdpListVariant ecpIDPListVariant - check_str_equals((char*)g_list_nth(ecp->known_idp_entity_ids_supporting_ecp, 0)->data, "http://idp5/metadata"); - } - --void test_ecp(EcpIdpListVariant ecpIDPListVariant) -+void test_ecp(EcpIdpListVariant ecpIDPListVariant, -+ LassoProfileSignatureHint signature_hint, -+ LassoProfileSignatureVerifyHint signature_verify_hint) - { - char *serviceProviderContextDump = NULL, *identityProviderContextDump = NULL; - LassoServer *spContext = NULL, *ecpContext=NULL, *idpContext = NULL; -@@ -1286,7 +1288,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - LassoEcp *ecp = NULL; - LassoSamlp2AuthnRequest *request = NULL; - gboolean is_passive = FALSE; -- char *provider_name = NULL; -+ char *provider_name = NULL; - char *relayState = NULL; - char *messageID = NULL; - char *extracted_messageID = NULL; -@@ -1296,7 +1298,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - char *ecpPaosResponseMsg = NULL; - char *spLoginDump = NULL; - LassoSaml2Assertion *assertion; -- LassoSamlp2IDPList *idp_list = NULL; -+ LassoSamlp2IDPList *idp_list = NULL; - - /* - * SAML2 Profile for ECP (Section 4.2) defines these steps for an ECP -@@ -1322,6 +1324,8 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - spContext = lasso_server_new_from_dump(serviceProviderContextDump); - spLoginContext = lasso_login_new(spContext); - check_not_null(spLoginContext); -+ lasso_profile_set_signature_hint(LASSO_PROFILE(spLoginContext), signature_hint); -+ lasso_profile_set_signature_verify_hint(LASSO_PROFILE(spLoginContext), signature_verify_hint); - - check_good_rc(lasso_login_init_authn_request(spLoginContext, "http://idp5/metadata", - LASSO_HTTP_METHOD_PAOS)); -@@ -1419,6 +1423,8 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - idpContext = lasso_server_new_from_dump(identityProviderContextDump); - idpLoginContext = lasso_login_new(idpContext); - check_not_null(idpLoginContext); -+ lasso_profile_set_signature_hint(LASSO_PROFILE(idpLoginContext), signature_hint); -+ lasso_profile_set_signature_verify_hint(LASSO_PROFILE(idpLoginContext), signature_verify_hint); - - /* Parse the ecpSoapRequestMsg */ - check_good_rc(lasso_login_process_authn_request_msg(idpLoginContext, ecpSoapRequestMsg)); -@@ -1465,7 +1471,7 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - check_str_equals(ecp->relaystate, relayState); - check_str_equals(ecp->issuer->content, "http://sp5/metadata"); - check_str_equals(ecp->provider_name, provider_name); -- check_equals(ecp->is_passive, is_passive); -+ check_equals(ecp->is_passive, is_passive); - - /* Validate ECP IdP list info */ - validate_idp_list(ecp, ecpIDPListVariant, idp_list); -@@ -1480,6 +1486,8 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - spContext = lasso_server_new_from_dump(serviceProviderContextDump); - spLoginContext = lasso_login_new(spContext); - check_not_null(spLoginContext); -+ lasso_profile_set_signature_hint(LASSO_PROFILE(spLoginContext), signature_hint); -+ lasso_profile_set_signature_verify_hint(LASSO_PROFILE(spLoginContext), signature_verify_hint); - - /* Parse the ecpPaosResponseMsg */ - check_good_rc(lasso_login_process_paos_response_msg(spLoginContext, ecpPaosResponseMsg)); -@@ -1515,19 +1523,61 @@ void test_ecp(EcpIdpListVariant ecpIDPListVariant) - - START_TEST(test09_ecp) - { -- test_ecp(ECP_IDP_LIST_NONE); -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_MAYBE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE); - } - END_TEST - - START_TEST(test10_ecp) - { -- test_ecp(ECP_IDP_LIST_ECP); -+ test_ecp(ECP_IDP_LIST_ECP, -+ LASSO_PROFILE_SIGNATURE_HINT_MAYBE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE); - } - END_TEST - - START_TEST(test11_ecp) - { -- test_ecp(ECP_IDP_LIST_BOGUS); -+ test_ecp(ECP_IDP_LIST_BOGUS, -+ LASSO_PROFILE_SIGNATURE_HINT_MAYBE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE); -+} -+END_TEST -+ -+START_TEST(test12_ecp) -+{ -+ /* Maybe Sign */ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_MAYBE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE); -+ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_MAYBE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE); -+ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_MAYBE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE); -+ -+ /* Force Sign */ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_FORCE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE); -+ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_FORCE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE); -+ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_FORCE, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE); -+ -+ /* Forbid Sign */ -+ test_ecp(ECP_IDP_LIST_NONE, -+ LASSO_PROFILE_SIGNATURE_HINT_FORBID, -+ LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE); -+ - } - END_TEST - -@@ -1538,7 +1588,7 @@ void check_digest_method(G_GNUC_UNUSED LassoLogin *idp_login_context, LassoLogin - lasso_release_string(dump) - } - --START_TEST(test12_sso_sp_with_rsa_sha256_signatures) -+START_TEST(test13_sso_sp_with_rsa_sha256_signatures) - { - LassoServer *idp_context = NULL; - LassoServer *sp_context = NULL; -@@ -1595,7 +1645,8 @@ login_saml2_suite() - tcase_add_test(tc_ecp, test09_ecp); - tcase_add_test(tc_ecp, test10_ecp); - tcase_add_test(tc_ecp, test11_ecp); -- tcase_add_test(tc_spLogin, test12_sso_sp_with_rsa_sha256_signatures); -+ tcase_add_test(tc_ecp, test12_ecp); -+ tcase_add_test(tc_spLogin, test13_sso_sp_with_rsa_sha256_signatures); - return s; - } - --- -2.20.1 - diff --git a/0007-PAOS-Do-not-populate-Destination-attribute.patch b/0007-PAOS-Do-not-populate-Destination-attribute.patch deleted file mode 100644 index b9ceaec..0000000 --- a/0007-PAOS-Do-not-populate-Destination-attribute.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 1e85f1b2bd30c0d93b4a2ef37b35abeae3d15b56 Mon Sep 17 00:00:00 2001 -From: Dmitrii Shcherbakov -Date: Fri, 28 Jun 2019 02:36:19 +0300 -Subject: [PATCH] PAOS: Do not populate "Destination" attribute - -When ECP profile (saml-ecp-v2.0-cs01) is used with PAOS binding Lasso -populates an AuthnRequest with the "Destination" attribute set to -AssertionConsumerURL of an SP - this leads to IdP-side errors because -the destination attribute in the request does not match the IdP URL. - -The "Destination" attribute is mandatory only for HTTP Redirect and HTTP -Post bindings when AuthRequests are signed per saml-bindings-2.0-os -(sections 3.4.5.2 and 3.5.5.2). Specifically for PAOS it makes sense to -avoid setting that optional attribute because an ECP decides which IdP -to use, not the SP. - -Fixes Bug: 34409 -License: MIT -Signed-off-by: Dmitrii Shcherbakov ---- - lasso/saml-2.0/login.c | 18 +++++++++--------- - lasso/saml-2.0/profile.c | 10 +++++++++- - 2 files changed, 18 insertions(+), 10 deletions(-) - -diff --git a/lasso/saml-2.0/login.c b/lasso/saml-2.0/login.c -index 6e8f7553..0d4bb1da 100644 ---- a/lasso/saml-2.0/login.c -+++ b/lasso/saml-2.0/login.c -@@ -222,7 +222,7 @@ _lasso_login_must_verify_signature(LassoProfile *profile) { - gint - lasso_saml20_login_build_authn_request_msg(LassoLogin *login) - { -- char *url = NULL; -+ char *assertionConsumerServiceURL = NULL; - gboolean must_sign = TRUE; - LassoProfile *profile; - LassoSamlp2AuthnRequest *authn_request; -@@ -247,29 +247,29 @@ lasso_saml20_login_build_authn_request_msg(LassoLogin *login) - } - - if (login->http_method == LASSO_HTTP_METHOD_PAOS) { -- - /* - * PAOS is special, the url passed to build_request is the - * AssertionConsumerServiceURL of this SP, not the -- * destination. -+ * destination IdP URL. This is done to fill paos:responseConsumerURL -+ * appropriately down the line in build_request_msg. -+ * See https://dev.entrouvert.org/issues/34409 for more information. - */ - if (authn_request->AssertionConsumerServiceURL) { -- url = authn_request->AssertionConsumerServiceURL; -+ assertionConsumerServiceURL = authn_request->AssertionConsumerServiceURL; - if (!lasso_saml20_provider_check_assertion_consumer_service_url( -- LASSO_PROVIDER(profile->server), url, LASSO_SAML2_METADATA_BINDING_PAOS)) { -+ LASSO_PROVIDER(profile->server), assertionConsumerServiceURL, LASSO_SAML2_METADATA_BINDING_PAOS)) { - rc = LASSO_PROFILE_ERROR_INVALID_REQUEST; - goto cleanup; - } - } else { -- url = lasso_saml20_provider_get_assertion_consumer_service_url_by_binding( -+ assertionConsumerServiceURL = lasso_saml20_provider_get_assertion_consumer_service_url_by_binding( - LASSO_PROVIDER(profile->server), LASSO_SAML2_METADATA_BINDING_PAOS); -- lasso_assign_new_string(authn_request->AssertionConsumerServiceURL, url); -+ lasso_assign_new_string(authn_request->AssertionConsumerServiceURL, assertionConsumerServiceURL); - } - } - -- - lasso_check_good_rc(lasso_saml20_profile_build_request_msg(profile, "SingleSignOnService", -- login->http_method, url)); -+ login->http_method, assertionConsumerServiceURL)); - - cleanup: - return rc; -diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c -index 22a4e08c..85f535ae 100644 ---- a/lasso/saml-2.0/profile.c -+++ b/lasso/saml-2.0/profile.c -@@ -968,7 +968,15 @@ lasso_saml20_profile_build_request_msg(LassoProfile *profile, const char *servic - made_url = url = get_url(provider, service, http_method_to_binding(method)); - } - -- if (url) { -+ -+ // Usage of the Destination attribute on a request is mandated only -+ // in "3.4.5.2" and "3.5.5.2" in saml-bindings-2.0-os for signed requests -+ // and is marked as optional in the XSD schema otherwise. -+ // PAOS is a special case because an SP does not select an IdP - ECP does -+ // it instead. Therefore, this attribute needs to be left unpopulated. -+ if (method == LASSO_HTTP_METHOD_PAOS) { -+ lasso_release_string(((LassoSamlp2RequestAbstract*)profile->request)->Destination); -+ } else if (url) { - lasso_assign_string(((LassoSamlp2RequestAbstract*)profile->request)->Destination, - url); - } else { --- -2.21.0 - diff --git a/0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch b/0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch deleted file mode 100644 index cba66c8..0000000 --- a/0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch +++ /dev/null @@ -1,63 +0,0 @@ -From e09284a6b1c34178d0e6817f3ffeae9342f13786 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Fri, 17 Jan 2020 15:35:27 +0100 -Subject: [PATCH] Explicitly define tests cases and add them to tests - ---- - tests/non_regression_tests.c | 35 +++++++++++++++++------------------ - 1 file changed, 17 insertions(+), 18 deletions(-) - -diff --git a/tests/non_regression_tests.c b/tests/non_regression_tests.c -index d2993ecd..a03b458f 100644 ---- a/tests/non_regression_tests.c -+++ b/tests/non_regression_tests.c -@@ -233,29 +233,28 @@ START_TEST(malformed_logout_request) - } - END_TEST - --struct { -- char *name; -- void *function; --} tests[] = { -- { "Googleapps error from coudot@ on 27-09-2010", test01_googleapps_27092010}, -- { "Wrong assertionConsumer ordering on 08-10-2010", indexed_endpoints_20101008}, -- { "Warning when parsing AttributeValue node containing unknown namespace nodes", remove_warning_when_parssing_unknown_SNIPPET_LIST_NODES_20111007 }, -- { "Wrong endpoint index in artifacts", wrong_endpoint_index_in_artifacts }, -- { "Malformed logout request", malformed_logout_request }, --}; -- - Suite* - non_regression_suite() - { - Suite *s = suite_create("Non regression tests"); -- unsigned int i = 0; - -- for (i = 0 ; i < G_N_ELEMENTS(tests); i++) { -- TCase *c = tcase_create(tests[i].name); -- void *f = tests[i].function; -- tcase_add_test(c, f); -- suite_add_tcase(s, c); -- } -+ TCase *tc_googleapps_27092010 = tcase_create("Create server from empty string"); -+ TCase *tc_indexed_endpoints_20101008 = tcase_create("Wrong assertionConsumer ordering on 08-10-2010"); -+ TCase *tc_remove_warning_when_parssing_unknown_SNIPPET_LIST_NODES_20111007 = tcase_create("Warning when parsing AttributeValue node containing unknown namespace nodes"); -+ TCase *tc_wrong_endpoint_index_in_artifacts = tcase_create("Wrong endpoint index in artifacts"); -+ TCase *tc_malformed_logout_request = tcase_create("Malformed logout request"); -+ -+ tcase_add_test(tc_googleapps_27092010, test01_googleapps_27092010); -+ tcase_add_test(tc_googleapps_27092010, indexed_endpoints_20101008); -+ tcase_add_test(tc_googleapps_27092010, remove_warning_when_parssing_unknown_SNIPPET_LIST_NODES_20111007); -+ tcase_add_test(tc_googleapps_27092010, wrong_endpoint_index_in_artifacts); -+ tcase_add_test(tc_googleapps_27092010, malformed_logout_request); -+ -+ suite_add_tcase(s, tc_googleapps_27092010); -+ suite_add_tcase(s, tc_indexed_endpoints_20101008); -+ suite_add_tcase(s, tc_remove_warning_when_parssing_unknown_SNIPPET_LIST_NODES_20111007); -+ suite_add_tcase(s, tc_wrong_endpoint_index_in_artifacts); -+ suite_add_tcase(s, tc_malformed_logout_request); - - return s; - } --- -2.21.0 - diff --git a/build-scripts-py3-compatible.patch b/build-scripts-py3-compatible.patch deleted file mode 100644 index 563ce43..0000000 --- a/build-scripts-py3-compatible.patch +++ /dev/null @@ -1,255 +0,0 @@ -commit d526669810e0dc0a454260d5081fc96e16fc9e13 -Author: John Dennis -Date: Mon Jun 25 16:26:24 2018 -0400 - - Make Python scripts compatible with both Py2 and Py3 - - During the build if the Python3 interpreter is used a number of - scripts will fail because they were never ported from Py2 to Py3. In - general we want Python code to be compatible with both Py2 and - Py3. This patch brings the scripts up to date with Py3 but retains - backwards compatibility with Py2 (specifically Py 2.7, the last Py2 - release). - - Examples of the required changes are: - - * Replace use of the built-in function file() with open(). file() - does not exist in Py3, open works in both Py2 and Py3. The code was - also modified to use a file context manager (e.g. with open(xxx) as - f:). This assures open files are properly closed when the code block - using the file goes out of scope. This is a standard modern Python - idiom. - - * Replace all use of the print keyword with the six.print_() - function, which itself is an emulation of Py3's print function. Py3 - no longer has a print keyword, only a print() function. - - * The dict methods .keys(), .values(), .items() no longer return a - list in Py3, instead they return a "view" object which is an - iterator whose result is an unordered set. The most notable - consequence is you cannot index the result of these functions like - your could in Py2 (e.g. dict.keys()[0] will raise a run time - exception). - - * Replace use of StringIO.StringIO and cStringIO with - six.StringIO. Py3 no longer has cStringIO and the six variant - handles the correct import. - - * Py3 no longer allows the "except xxx, variable" syntax, where - variable appering after the comma is assigned the exception object, - you must use the "as" keyword to perform the variable assignment - (e.g. execpt xxx as variable) - - Note: the modifications in this patch are the minimum necessary to get - the build to run with the Py3 interpreter. There are numerous other - Python scripts in the repo which need Py3 porting as well but because - they are not invoked during a build they will be updated in a - subsequent patch. - - License: MIT - Signed-off-by: John Dennis - -diff --git a/bindings/python/examples/get_attributes_from_assertion.py b/bindings/python/examples/get_attributes_from_assertion.py -index 44ceb9e5..8f37a337 100644 ---- a/bindings/python/examples/get_attributes_from_assertion.py -+++ b/bindings/python/examples/get_attributes_from_assertion.py -@@ -1,8 +1,10 @@ - # Example SP Python code to get attributes from an assertion - -+from six import print_ -+ - for attribute in assertion.attributeStatement[0].attribute: - if attribute.name == lasso.SAML2_ATTRIBUTE_NAME_EPR: - continue -- print 'attribute : ' + attribute.name -+ print_('attribute : ' + attribute.name) - for value in attribute.attributeValue: -- print ' value : ' + value.any[0].content -+ print_(' value : ' + value.any[0].content) -diff --git a/bindings/python/tests/binding_tests.py b/bindings/python/tests/binding_tests.py -index 6d8e0dfa..54c3635f 100755 ---- a/bindings/python/tests/binding_tests.py -+++ b/bindings/python/tests/binding_tests.py -@@ -311,8 +311,8 @@ class BindingTestCase(unittest.TestCase): - ''' - node = lasso.Node.newFromXmlNode(content) - assert 'next_url' in node.any[1] -- assert 'huhu' in node.attributes.keys()[0] -- assert node.attributes.values()[0] == 'xxx' -+ assert '{https://www.entrouvert.com/}huhu' in node.attributes.keys() -+ assert 'xxx' in node.attributes.values() - node.any = ('coin',) - node.attributes = {'michou': 'zozo'} - assert 'coin' in node.dump() -diff --git a/bindings/python/tests/idwsf2_tests.py b/bindings/python/tests/idwsf2_tests.py -index 6f80c53d..4e47a4a1 100755 ---- a/bindings/python/tests/idwsf2_tests.py -+++ b/bindings/python/tests/idwsf2_tests.py -@@ -27,7 +27,7 @@ - import os - import unittest - import sys --from StringIO import StringIO -+from six import StringIO - import logging - - logging.basicConfig() -@@ -310,11 +310,11 @@ class MetadataTestCase(IdWsf2TestCase): - self.failUnless(idp_disco.request.svcMD[0].svcMDID is None) - try: - idp_disco.checkSecurityMechanism() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - try: - idp_disco.validateRequest() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - self.failUnless(idp_disco.response is not None) - self.failUnlessEqual(len(idp_disco.metadatas), 1) -@@ -391,16 +391,16 @@ class MetadataTestCase(IdWsf2TestCase): - self.failUnless(idp_disco is not None) - try: - idp_disco.processRequestMsg(wsp_disco.msgBody) -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - self.failUnless(idp_disco.request is not None) - try: - idp_disco.checkSecurityMechanism() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - try: - idp_disco.failRequest(lasso.IDWSF2_DISCOVERY_STATUS_CODE_FAILED, lasso.IDWSF2_DISCOVERY_STATUS_CODE_FORBIDDEN) -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - self.failUnless(idp_disco.response is not None) - self.failUnless(idp_disco.response.status is not None) -@@ -415,7 +415,7 @@ class MetadataTestCase(IdWsf2TestCase): - wsp_disco.processResponseMsg(idp_disco.msgBody) - except lasso.Idwsf2DiscoveryForbiddenError: - pass -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - - def test03(self): -@@ -475,7 +475,7 @@ class MetadataTestCase(IdWsf2TestCase): - self.failUnless(soap_envelope.getMessageId() is not None) - try: - idp_disco.checkSecurityMechanism() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - # redirect - interactionUrl = spInteractionUrl -@@ -488,7 +488,7 @@ class MetadataTestCase(IdWsf2TestCase): - self.failUnless(response.detail.any[0].redirectURL.startswith(interactionUrl + '?transactionID=')) - try: - idp_disco.buildResponseMsg() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - self.failUnless(idp_disco.msgBody is not None) - -@@ -500,7 +500,7 @@ class MetadataTestCase(IdWsf2TestCase): - wsp_disco.processResponseMsg(idp_disco.msgBody) - except lasso.WsfprofileRedirectRequestError: - pass -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - response_envelope = wsp_disco.getSoapEnvelopeResponse() - self.failUnless(response_envelope.sb2GetRedirectRequestUrl().startswith(interactionUrl + '?transactionID=')) -@@ -527,11 +527,11 @@ class MetadataTestCase(IdWsf2TestCase): - self.failUnless(idp_disco.request.svcMD[0].svcMDID is None) - try: - idp_disco.checkSecurityMechanism() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - try: - idp_disco.validateRequest() -- except lasso.Error, e: -+ except lasso.Error as e: - self.fail(e) - self.failUnless(idp_disco.response is not None) - self.failUnlessEqual(len(idp_disco.metadatas), 1) -diff --git a/lasso/build_strerror.py b/lasso/build_strerror.py -index fca59628..908638d5 100644 ---- a/lasso/build_strerror.py -+++ b/lasso/build_strerror.py -@@ -1,42 +1,42 @@ - #! /usr/bin/env python - --from cStringIO import StringIO - import glob - import re - import sys - import os -+from six import print_, StringIO - - srcdir = sys.argv[1] - --hlines = file('%s/errors.h' % srcdir,'r').readlines() - messages = dict() - description = '' - --for line in hlines: -- m = re.match(r'^ \* LASSO.*ERROR', line) -- if m: -- description = '' -- continue -- m = re.match(r'^ \* (.*[^:])$', line) -- if m: -- description += m.group(1) -- m = re.match(r'#define (LASSO_\w*ERROR\w+)', line) -- if m and description: -- description = re.sub(r'[ \n]+', ' ', description).strip() -- messages[m.group(1)] = description -- description = '' -- else: -- m = re.match(r'#define (LASSO_\w*ERROR\w+)',line) -+with open('%s/errors.h' % srcdir,'r') as f: -+ for line in f: -+ m = re.match(r'^ \* LASSO.*ERROR', line) - if m: -- messages[m.group(1)] = m.group(1) -+ description = '' -+ continue -+ m = re.match(r'^ \* (.*[^:])$', line) -+ if m: -+ description += m.group(1) -+ m = re.match(r'#define (LASSO_\w*ERROR\w+)', line) -+ if m and description: -+ description = re.sub(r'[ \n]+', ' ', description).strip() -+ messages[m.group(1)] = description -+ description = '' -+ else: -+ m = re.match(r'#define (LASSO_\w*ERROR\w+)',line) -+ if m: -+ messages[m.group(1)] = m.group(1) - --clines = file('%s/errors.c.in' % srcdir,'r').readlines() --for line in clines: -- if '@ERROR_CASES@' in line: -- keys = messages.keys() -- keys.sort() -- for k in keys: -- print """ case %s: -- return "%s";""" % (k,messages[k].rstrip('\n')) -- else: -- print line, -+with open('%s/errors.c.in' % srcdir,'r') as f: -+ for line in f: -+ if '@ERROR_CASES@' in line: -+ keys = sorted(messages.keys()) -+ for k in keys: -+ print_(' case %s:\n' -+ ' return "%s";' % -+ (k,messages[k].rstrip('\n'))) -+ else: -+ print_(line, end="") diff --git a/duplicate-python-LogoutTestCase.patch b/duplicate-python-LogoutTestCase.patch deleted file mode 100644 index 2adea00..0000000 --- a/duplicate-python-LogoutTestCase.patch +++ /dev/null @@ -1,83 +0,0 @@ -commit 623d785f957acc9eccb47a9a3f88e5e167a370b6 -Author: John Dennis -Date: Mon Jun 25 17:37:45 2018 -0400 - - fix duplicate definition of LogoutTestCase and logoutSuite - - Commit 6f617027e added a duplicate definition of the LogoutTestCase - class containing only 1 test which shaddowed the original - LogoutTestCase containing 4 tests. The logoutSuite variable was also - shadowed and the allTests variable contained a duplicate of - logoutSuite causing the 2nd definition of LogoutTestCase to be run - twice. - - Not only were the original 4 tests not being run but the entire unit - test in profiles_tests.py was failing under Python3. This is because - the unittest code in Py3 deletes a test from it's list of tests to run - once it's been run. The second time the logoutSuite was invoked it no - longer contained any tests which caused an exception to be raised - because there were no tests to be run. - - License: MIT - Signed-off-by: John Dennis - -diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py -index 547c9e24..0ba1e56e 100755 ---- a/bindings/python/tests/profiles_tests.py -+++ b/bindings/python/tests/profiles_tests.py -@@ -386,6 +386,21 @@ class LogoutTestCase(unittest.TestCase): - else: - self.fail('Logout processResponseMsg should have failed.') - -+ def test05(self): -+ '''Test parsing of a logout request with more than one session index''' -+ content = ''' -+ me -+ coin -+ id1 -+ id2 -+ id3 -+ ''' -+ -+ node = lasso.Samlp2LogoutRequest.newFromXmlNode(content) -+ assert isinstance(node, lasso.Samlp2LogoutRequest) -+ assert node.sessionIndex == 'id1' -+ assert node.sessionIndexes == ('id1', 'id2', 'id3') -+ - class DefederationTestCase(unittest.TestCase): - def test01(self): - """IDP initiated defederation; testing processNotificationMsg with non Liberty query.""" -@@ -478,32 +493,15 @@ class AttributeAuthorityTestCase(unittest.TestCase): - assert aq.response.assertion[0].attributeStatement[0].attribute[0] - assert aq.response.assertion[0].attributeStatement[0].attribute[0].attributeValue[0] - --class LogoutTestCase(unittest.TestCase): -- def test01(self): -- '''Test parsing of a logout request with more than one session index''' -- content = ''' -- me -- coin -- id1 -- id2 -- id3 -- ''' -- -- node = lasso.Samlp2LogoutRequest.newFromXmlNode(content) -- assert isinstance(node, lasso.Samlp2LogoutRequest) -- assert node.sessionIndex == 'id1' -- assert node.sessionIndexes == ('id1', 'id2', 'id3') -- - serverSuite = unittest.makeSuite(ServerTestCase, 'test') - loginSuite = unittest.makeSuite(LoginTestCase, 'test') - logoutSuite = unittest.makeSuite(LogoutTestCase, 'test') - defederationSuite = unittest.makeSuite(DefederationTestCase, 'test') - identitySuite = unittest.makeSuite(IdentityTestCase, 'test') - attributeSuite = unittest.makeSuite(AttributeAuthorityTestCase, 'test') --logoutSuite = unittest.makeSuite(LogoutTestCase, 'test') - - allTests = unittest.TestSuite((serverSuite, loginSuite, logoutSuite, defederationSuite, -- identitySuite, attributeSuite, logoutSuite)) -+ identitySuite, attributeSuite)) - - if __name__ == '__main__': - sys.exit(not unittest.TextTestRunner(verbosity = 2).run(allTests).wasSuccessful()) diff --git a/lasso.spec b/lasso.spec index 23cee25..178ed93 100644 --- a/lasso.spec +++ b/lasso.spec @@ -58,21 +58,12 @@ Summary: Liberty Alliance Single Sign On Name: lasso -Version: 2.6.0 -Release: 23%{?dist} +Version: 2.6.1 +Release: 1%{?dist} License: GPLv2+ URL: http://lasso.entrouvert.org/ Source: http://dev.entrouvert.org/lasso/lasso-%{version}.tar.gz -Patch1: use-specified-python-interpreter.patch -Patch2: build-scripts-py3-compatible.patch -Patch3: duplicate-python-LogoutTestCase.patch -Patch4: versioned-python-configure.patch -Patch5: 0005-tests-use-self-generated-certificate-to-sign-federat.patch -Patch6: 0006-Fix-ECP-signature-not-found-error-when-only-assertio.patch -Patch7: 0007-PAOS-Do-not-populate-Destination-attribute.patch -Patch8: 0008-Explicitly-define-tests-cases-and-add-them-to-tests.patch - BuildRequires: autoconf BuildRequires: automake BuildRequires: check-devel @@ -315,6 +306,9 @@ rm -fr %{buildroot}%{_defaultdocdir}/%{name} %endif %changelog +* Fri Jun 03 2020 Xavier Bachelot - 2.6.1-1 +- Update to 2.6.1 + * Tue Jun 23 2020 Jitka Plesnikova - 2.6.0-23 - Perl 5.32 rebuild diff --git a/sources b/sources index 4124d23..af20a32 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (lasso-2.6.0.tar.gz) = bec7ab09f73db01b0a88cd1a7c9e9c8bb6af2e0aeb5e9ece2aa0f2f46e22b6a412990c29971a765a830f0bedf174b7c9d866cae599b81d047d381cf59d844506 +SHA512 (lasso-2.6.1.tar.gz) = 768e577ccf650d61305cbb2d8be0d3e13a5c8b6b05f6b0a8419fcd23030eb7530740e8ca785f0279331d7e31743b2e0ab234de50eb87d41cfda5d692a1583d4b diff --git a/use-specified-python-interpreter.patch b/use-specified-python-interpreter.patch deleted file mode 100644 index fcdc360..0000000 --- a/use-specified-python-interpreter.patch +++ /dev/null @@ -1,80 +0,0 @@ -commit e3e904af7dd308fe7530773bd9ea136afc90049b -Author: John Dennis -Date: Thu Jun 21 10:49:30 2018 -0400 - - Use python interpreter specified configure script - - The configure script allows you to specify the python interpreter to - use via the --with-python option. There were several places where the - python interpreter was implicity invoked without using the specified - version. This can create a number of problems in an environment with - multiple python versions as is the case during the transition from - Python 2 to Python 3. Python 2 is not compatible with Python - 3. Lasso's Python code is supposed to be compatible with both - versions. But during the build and when running the unit tests it is - essential the same interpreter be used consistently otherwise you can - have problems. - - This patch assures whenever python is invoked it does so via the - $(PYTHON) configuration variable. - - What about shebang lines (e.g #/usr/bin/python) at the top of scripts? - Python PEP 394 (https://www.python.org/dev/peps/pep-0394/) covers - this. Basically it says if a script is compatible only with Py2 the - shebang should be #/usr/bin/python2, if only compatible with Py3 the - shebang should be #/usr/bin/python3. However, if the script is - compatible with both versions it can continue to use the - compatible with both Py2 and Py3. - - License: MIT - Signed-off-by: John Dennis - -diff --git a/bindings/java/Makefile.am b/bindings/java/Makefile.am -index 05e5f9ee..8de0178d 100644 ---- a/bindings/java/Makefile.am -+++ b/bindings/java/Makefile.am -@@ -26,7 +26,7 @@ if WSF_ENABLED - EXTRA_ARGS = --enable-id-wsf - endif - --java_lasso_source_files := $(shell python $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) ) -+java_lasso_source_files := $(shell $(PYTHON) $(top_srcdir)/bindings/bindings.py -l java-list --src-dir=$(top_srcdir)/lasso/ $(EXTRA_ARGS) ) - - lasso_jardir=$(prefix)/share/java - lasso_jar_DATA=lasso.jar -diff --git a/bindings/python/tests/Makefile.am b/bindings/python/tests/Makefile.am -index 205e7613..1305f26f 100644 ---- a/bindings/python/tests/Makefile.am -+++ b/bindings/python/tests/Makefile.am -@@ -11,5 +11,8 @@ if WSF_ENABLED - TESTS += idwsf1_tests.py idwsf2_tests.py - endif - -+TEST_EXTENSIONS = .py -+PY_LOG_COMPILER = $(PYTHON) -+ - EXTRA_DIST = profiles_tests.py binding_tests.py idwsf1_tests.py idwsf2_tests.py \ - tests.py XmlTestRunner.py -diff --git a/lasso/Makefile.am b/lasso/Makefile.am -index 751f9419..49ae88a7 100644 ---- a/lasso/Makefile.am -+++ b/lasso/Makefile.am -@@ -91,7 +91,7 @@ liblasso_la_LDFLAGS = -no-undefined -version-info @LASSO_VERSION_INFO@ \ - endif - - $(srcdir)/errors.c: $(srcdir)/errors.h $(srcdir)/build_strerror.py -- python $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new -+ $(PYTHON) $(srcdir)/build_strerror.py $(srcdir) >.errors.c.new - if ! cmp -s $(srcdir)/errors.c .errors.c.new; then \ - mv -f .errors.c.new $@; else \ - rm .errors.c.new; fi -diff --git a/tools/check-lasso-sections.py b/tools/check-lasso-sections.py -index cb4c39c4..3a6c9880 100755 ---- a/tools/check-lasso-sections.py -+++ b/tools/check-lasso-sections.py -@@ -1,4 +1,4 @@ --#!/usr/bin/python -+#!/usr/bin/env python - - import sys - import os.path diff --git a/versioned-python-configure.patch b/versioned-python-configure.patch deleted file mode 100644 index 9fe3d57..0000000 --- a/versioned-python-configure.patch +++ /dev/null @@ -1,48 +0,0 @@ -commit af29047480cacafaed697cb2a1fb24c5143078a8 -Author: John Dennis -Date: Sat Jul 7 10:59:32 2018 -0400 - - Configure should search for versioned Python interpreter. - - Following the guidelines in Python PEP 394 with regards to the python - command on UNIX like systems preference should be given to explicitly - versioned command interpreter as opposed to unversioned and that an - unversioned python command should (but might not) refer to - Python2. Also in some environments unversioned Python interpreters - (e.g. /usr/bin/python) do not even exist, onlyh their explicitly - versioned variants are (e.g. /usr/bin/python2 and /usr/bin/python3). - - Therefore the AC_CHECK_PROGS directive in configure.ac should not rely - exclusively on an unversioned Python interpreter as it does not, - rather it should search in priority order. First for python3, then for - an unversionsed python because some distributions have already moved - the default unversioned python to python3, and then finally search for - python2. In the scenario where unversioned python is still pointing to - python2 it's equivalent to selecting the last prority option of - python2, but if unversioned python is pointing to python3 you get - instead. The net result is always preferring python3 but gracefully - falling back to python2 not matter how the environment exports it's - Python. - - If AC_CHECK_PROGS for python does not check for the versioned variants - the build fails in environments that only have versioned variants with - this error: - - configure: error: Python must be installed to compile lasso - - License: MIT - Signed-off-by: John Dennis - -diff --git a/configure.ac b/configure.ac -index 898468e6..74766972 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -131,7 +131,7 @@ dnl AC_CHECK_PROGS(JAR, fastjar jar) - AC_CHECK_PROGS(PERL, perl) - AC_CHECK_PROGS(PHP5, php5 php) - AC_CHECK_PROGS(PHP5_CONFIG, php-config5 php-config) --AC_CHECK_PROGS(PYTHON, python) -+AC_CHECK_PROGS(PYTHON, python3 python python2) - AC_CHECK_PROGS(SWIG, swig) - - dnl Make sure we have an ANSI compiler