[opensaml2] 07/10: CPPOST-99 Compare the hash of the entotyId when doing artefact lookup
Ferenc Wágner
wferi at moszumanska.debian.org
Wed Nov 15 22:59:20 UTC 2017
This is an automated email from the git hooks/post-receive script.
wferi pushed a commit to branch maint-2
in repository opensaml2.
commit c40f2f6ab9da3bcfa5dbb5cd4ce11d1218883db1
Author: Rod Widdowson <rdw at steadingsoftware.com>
Date: Mon Oct 23 15:16:21 2017 +0100
CPPOST-99 Compare the hash of the entotyId when doing artefact lookup
https://issues.shibboleth.net/jira/browse/CPPOST-99
---
saml/saml2/metadata/impl/DynamicMetadataProvider.cpp | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
index 05eb77f..ae09b26 100644
--- a/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/DynamicMetadataProvider.cpp
@@ -38,6 +38,8 @@
#include <xmltooling/util/Threads.h>
#include <xmltooling/util/XMLHelper.h>
#include <xmltooling/validation/ValidatorSuite.h>
+#include <xmltooling/security/SecurityHelper.h>
+
#if defined(XMLTOOLING_LOG4SHIB)
# include <log4shib/NDC.hh>
@@ -285,6 +287,14 @@ pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::get
log.error("metadata instance did not match expected entityID");
return entity;
}
+ else if (criteria.artifact) {
+ auto_ptr_char temp2(entity2->getEntityID());
+ const string hashed(SecurityHelper::doHash("SHA1", temp2.get(), strlen(temp2.get()), true));
+ if (hashed != name) {
+ log.error("metadata instance did not match expected entityID");
+ return entity;
+ }
+ }
else {
auto_ptr_XMLCh temp2(name.c_str());
if (!XMLString::equals(temp2.get(), entity2->getEntityID())) {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/opensaml2.git
More information about the Pkg-shibboleth-devel
mailing list