2 * Copyright 2001-2006 Internet2
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
18 * VerifyingContext.cpp
\r
20 * SAML-specific signature verification
\r
23 #include "internal.h"
\r
24 #include "exceptions.h"
\r
25 #include "signature/SignatureProfileValidator.h"
\r
27 #include <xmltooling/signature/Signature.h>
\r
29 #include <xercesc/util/XMLUniDefs.hpp>
\r
30 #include <xsec/dsig/DSIGReference.hpp>
\r
31 #include <xsec/dsig/DSIGTransformC14n.hpp>
\r
32 #include <xsec/dsig/DSIGTransformList.hpp>
\r
34 using namespace opensaml;
\r
35 using namespace xmlsignature;
\r
36 using namespace xmltooling;
\r
37 using namespace std;
\r
39 void SignatureProfileValidator::validate(const XMLObject* xmlObject) const
\r
41 const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);
\r
43 throw ValidationException("Validator only applies to Signature objects.");
\r
44 DSIGSignature* sig=sigObj->getXMLSignature();
\r
46 throw ValidationException("Signature does not exist yet.");
\r
48 const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj->getParent());
\r
50 throw ValidationException("Signature is not a child of a signable SAML object.");
\r
53 DSIGReferenceList* refs=sig->getReferenceList();
\r
54 if (refs && refs->getSize()==1) {
\r
55 DSIGReference* ref=refs->item(0);
\r
57 const XMLCh* URI=ref->getURI();
\r
58 if (URI==NULL || *URI==0 || (*URI==chPound && !XMLString::compareString(URI+1,signableObj->getId()))) {
\r
59 DSIGTransformList* tlist=ref->getTransforms();
\r
60 for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
\r
61 if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
\r
63 else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
\r
64 tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
\r
74 throw ValidationException("Invalid signature profile for SAML object.");
\r