X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fbinding%2Fimpl%2FXMLSigningRule.cpp;h=989cb052750a5e9c6608e8194ca38085bc656df3;hb=f3a43f14f9dd53428f9e879bb489d6a4cf2674a8;hp=fab79bcd825c804e70eb9868ea4e09f8a5da4b95;hpb=daf3f79d9624614fb13ca7f618c9fe5742392a3e;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/binding/impl/XMLSigningRule.cpp b/saml/binding/impl/XMLSigningRule.cpp
index fab79bc..989cb05 100644
--- a/saml/binding/impl/XMLSigningRule.cpp
+++ b/saml/binding/impl/XMLSigningRule.cpp
@@ -25,6 +25,7 @@
 #include "binding/SecurityPolicyRule.h"
 #include "saml2/core/Assertions.h"
 #include "saml2/metadata/Metadata.h"
+#include "saml2/metadata/MetadataCredentialCriteria.h"
 #include "saml2/metadata/MetadataProvider.h"
 #include "signature/SignatureProfileValidator.h"
 
@@ -70,7 +71,6 @@ XMLSigningRule::XMLSigningRule(const DOMElement* e) : m_errorsFatal(false)
 void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
 {
     Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.XMLSigning");
-    log.debug("evaluating message signing policy");
     
     if (!policy.getIssuerMetadata()) {
         log.debug("ignoring message, no issuer metadata supplied");
@@ -82,10 +82,8 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re
     }
     
     const SignableObject* signable = dynamic_cast<const SignableObject*>(&message);
-    if (!signable || !signable->getSignature()) {
-        log.debug("ignoring unsigned or unrecognized message");
+    if (!signable || !signable->getSignature())
         return;
-    }
     
     log.debug("validating signature profile");
     try {
@@ -99,9 +97,10 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re
         return;
     }
     
-    if (!policy.getTrustEngine()->validate(
-            *(signable->getSignature()), *(policy.getIssuerMetadata()), policy.getMetadataProvider()->getKeyResolver()
-            )) {
+    // Set up criteria object.
+    MetadataCredentialCriteria cc(*(policy.getIssuerMetadata()));
+
+    if (!policy.getTrustEngine()->validate(*(signable->getSignature()), *(policy.getMetadataProvider()), &cc)) {
         log.error("unable to verify message signature with supplied trust engine");
         if (m_errorsFatal)
             throw SignatureException("Message was signed, but signature could not be verified.");