+
+void SignatureMetadataFilter::verifySignature(Signature* sig, const XMLCh* peerName) const
+{
+ if (!sig)
+ return;
+
+ m_profileValidator.validate(sig);
+
+ // Set up criteria.
+ CredentialCriteria cc;
+ cc.setUsage(Credential::SIGNING_CREDENTIAL);
+ cc.setSignature(*sig, CredentialCriteria::KEYINFO_EXTRACTION_KEY);
+ if (peerName) {
+ auto_ptr_char pname(peerName);
+ cc.setPeerName(pname.get());
+ }
+
+ if (m_credResolver) {
+ Locker locker(m_credResolver);
+ vector<const Credential*> creds;
+ if (m_credResolver->resolve(creds,&cc)) {
+ SignatureValidator sigValidator;
+ for (vector<const Credential*>::const_iterator i = creds.begin(); i != creds.end(); ++i) {
+ try {
+ sigValidator.setCredential(*i);
+ sigValidator.validate(sig);
+ return; // success!
+ }
+ catch (exception&) {
+ }
+ }
+ throw MetadataFilterException("CredentialResolver did not supply a successful verification key.");
+ }
+ else {
+ throw MetadataFilterException("CredentialResolver did not supply a successful verification key.");
+ }
+ }
+ else if (m_trust) {
+ DummyCredentialResolver dummy;
+ if (m_trust->validate(*sig, dummy, &cc))
+ return;
+ throw MetadataFilterException("TrustEngine unable to verify signature.");
+ }
+
+ throw MetadataFilterException("Unable to verify signature.");
+}