Commit dae02078 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

Possibility to use a certificate instead of a public key (#879)

parent 2e3479bc
......@@ -146,6 +146,11 @@ qr/^(?:(?:\-+\s*BEGIN\s+RSA\s+PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,
'msgFail' => '__badPemEncoding__',
'test' =>
qr/^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$/s
},
'RSAPublicKeyOrCertificate' => {
'msgFail' => '__badPemEncoding__',
'test' =>
qr/^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$/s
},
'rule' => {
'test' => sub {
......@@ -181,7 +186,7 @@ qr/^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r
'test' => sub {
my $test =
grep( { $_ eq $_[0]; }
map( { $_->{'k'}; } @{ $_[2]{'select'}; } ) );
map( { $$_{'k'}; } @{ $_[2]{'select'}; } ) );
return $test
? 1
: ( 0, "Invalid value '$_[0]' for this select" );
......@@ -998,7 +1003,7 @@ qr/^(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][-a-zA-Z0-
'default' => 'ldap://localhost',
'test' => sub {
my $l = shift();
my @s = split( /[\s,]+/, $l, 0 );
my (@s) = split( /[\s,]+/, $l, 0 );
foreach my $s (@s) {
return 0, qq[Bad ldap uri "$s"]
unless $s =~
......@@ -2011,11 +2016,11 @@ qr/^(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.
},
'samlServicePublicKeyEnc' => {
'default' => '',
'type' => 'RSAPublicKey'
'type' => 'RSAPublicKeyOrCertificate'
},
'samlServicePublicKeySig' => {
'default' => '',
'type' => 'RSAPublicKey'
'type' => 'RSAPublicKeyOrCertificate'
},
'samlSPMetaDataExportedAttributes' => {
'default' => ';;;',
......
......@@ -104,6 +104,11 @@ sub types {
qr/^(?:(?:\-+\s*BEGIN\s+PUBLIC\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+PUBLIC\s+KEY\s*\-+)?[\r\n]*)?$/s,
msgFail => '__badPemEncoding__',
},
'RSAPublicKeyOrCertificate' => {
'test' =>
qr/^(?:(?:\-+\s*BEGIN\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+(?:PUBLIC\s+KEY|CERTIFICATE)\s*\-+)?[\r\n]*)?$/s,
'msgFail' => '__badPemEncoding__',
},
RSAPrivateKey => {
test =>
qr/^(?:(?:\-+\s*BEGIN\s+RSA\s+PRIVATE\s+KEY\s*\-+\r?\n)?[a-zA-Z0-9\/\+\r\n]+={0,2}(?:\r?\n\-+\s*END\s+RSA\s+PRIVATE\s+KEY\s*\-+)?[\r\n]*)?$/s,
......@@ -1088,7 +1093,7 @@ sub attributes {
documentation => 'SAML signature private key password',
},
samlServicePublicKeySig => {
type => 'RSAPublicKey',
type => 'RSAPublicKeyOrCertificate',
default => '',
documentation => 'SAML signature public key',
},
......@@ -1099,7 +1104,7 @@ sub attributes {
},
samlServicePrivateKeyEncPwd => { type => 'password', },
samlServicePublicKeyEnc => {
type => 'RSAPublicKey',
type => 'RSAPublicKeyOrCertificate',
default => '',
documentation => 'SAML encryption public key',
},
......
......@@ -40,7 +40,7 @@ foreach my $type ( keys %types ) {
delete $types{$type};
next
if ( $type =~
/^(?:authParamsText|url|PerlModule|hostname|pcre|lmAttrOrMacro|subContainer|RSAP(?:ublic|rivate)Key)$/
/^(?:authParamsText|url|PerlModule|hostname|pcre|lmAttrOrMacro|subContainer|RSAP(?:ublic|rivate)Key(?:OrCertificate)?)$/
);
ok( $forms{$type}, "Found $type" );
delete $forms{$type};
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment