File: tests-test-that-inserted-comment-do-not-change-node-.patch

package info (click to toggle)
lasso 2.8.1-1%2Bdeb12u1
  • links: PTS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 21,184 kB
  • sloc: ansic: 38,284; xml: 23,941; python: 5,148; sh: 4,726; makefile: 1,002; php: 495; perl: 117
file content (75 lines) | stat: -rw-r--r-- 3,350 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
 
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Thu, 15 May 2025 15:39:42 +0200
Subject: tests: test that inserted comment do not change node value and still
 validate signature (#105693)
Origin: https://git.entrouvert.org/lasso.git/commit/?id=b140660709c341bb44f9b7ebbd8253cde9169e8b

---
 bindings/python/tests/profiles_tests.py | 23 +++++++++++++++++++++++
 lasso/xml/xml.c                         |  2 +-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/bindings/python/tests/profiles_tests.py b/bindings/python/tests/profiles_tests.py
index 8679d6633a22..9f6949077167 100755
--- a/bindings/python/tests/profiles_tests.py
+++ b/bindings/python/tests/profiles_tests.py
@@ -24,6 +24,7 @@
 # along with this program; if not, see <http://www.gnu.org/licenses/>.
 
 
+import base64
 import os
 import unittest
 import sys
@@ -362,6 +363,28 @@ class LoginTestCase(unittest.TestCase):
         assert 'xmlenc#rsa-1_5' not in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_OAEP)
         assert 'xmlenc#rsa-oaep-mgf1p' in run(key_encryption_method=lasso.KEY_ENCRYPTION_METHOD_OAEP)
 
+    def test_09(self):
+        '''Login test between SP and IdP with encrypted private keys'''
+        sp_server = server('sp7-saml2', lasso.PROVIDER_ROLE_IDP, 'idp7-saml2')
+        idp_server = server('idp7-saml2', lasso.PROVIDER_ROLE_SP, 'sp7-saml2')
+
+        sp_login = lasso.Login(sp_server)
+        sp_login.initAuthnRequest()
+        sp_login.request.protocolBinding = lasso.SAML2_METADATA_BINDING_POST
+        sp_login.buildAuthnRequestMsg()
+        idp_login = lasso.Login(idp_server)
+        idp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
+        idp_login.processAuthnRequestMsg(sp_login.msgUrl.split('?')[1])
+        idp_login.validateRequestMsg(True, True)
+        idp_login.buildAssertion("None", "None", "None", "None", "None")
+        idp_login.buildAuthnResponseMsg()
+        sp_login.setSignatureVerifyHint(lasso.PROFILE_SIGNATURE_VERIFY_HINT_FORCE)
+        # insert comment inside NameID
+        msg = base64.b64encode(base64.b64decode(idp_login.msgBody).decode().replace(idp_login.assertion.subject.nameId.content, idp_login.assertion.subject.nameId.content[:10] + '<!-- coin -->' + idp_login.assertion.subject.nameId.content[10:]).encode())
+        sp_login.processAuthnResponseMsg(msg.decode())
+        sp_login.acceptSso()
+        assert sp_login.assertion.subject.nameId.content == idp_login.assertion.subject.nameId.content
+
 
 class LogoutTestCase(unittest.TestCase):
     def test01(self):
diff --git a/lasso/xml/xml.c b/lasso/xml/xml.c
index adf0ba99dd45..b713b523fe23 100644
--- a/lasso/xml/xml.c
+++ b/lasso/xml/xml.c
@@ -1710,7 +1710,6 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
 				ERROR;
 			}
 #undef ADVANCE
-#undef ERROR
 
 			if (matched_snippet->offset || (matched_snippet->type & SNIPPET_PRIVATE)) {
 				switch (matched_snippet->type & 0xff) {
@@ -1772,6 +1771,7 @@ lasso_node_impl_init_from_xml(LassoNode *node, xmlNode *xmlnode)
 			g_assert_not_reached();
 		}
 	}
+#undef ERROR
 	if (t) { /* t is an ELEMENT that dont match any snippet, when taken in order */
 		if (snippet_any && is_snippet_type(snippet_any, SNIPPET_LIST_XMLNODES)) {
 			value = SNIPPET_STRUCT_MEMBER_P(node, g_type_any, snippet_any);
-- 
2.51.0