X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsignature%2FSignatureProfileValidator.cpp;h=0786bdb8e9bc4184e46269a5cfa53f6fe8da1f2a;hb=fe3e8f0a2b64bea2d12f7df00c6003fae29e3257;hp=a00e9663d3516ad994407320af27f5ebc3cdbe74;hpb=1ffcb743f90aeb3da11054316f3d005ff7edbf7b;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/signature/SignatureProfileValidator.cpp b/saml/signature/SignatureProfileValidator.cpp
index a00e966..0786bdb 100644
--- a/saml/signature/SignatureProfileValidator.cpp
+++ b/saml/signature/SignatureProfileValidator.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2010 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -17,18 +17,19 @@
 /**
  * SignatureProfileValidator.cpp
  * 
- * SAML-specific signature verification 
+ * SAML-specific signature verification.
  */
  
 #include "internal.h"
 #include "exceptions.h"
+#include "signature/SignableObject.h"
 #include "signature/SignatureProfileValidator.h"
 
 #include <xmltooling/signature/Signature.h>
 
 #include <xercesc/util/XMLUniDefs.hpp>
 #include <xsec/dsig/DSIGReference.hpp>
-#include <xsec/dsig/DSIGTransformC14n.hpp>
+#include <xsec/dsig/DSIGSignature.hpp>
 #include <xsec/dsig/DSIGTransformList.hpp>
 
 using namespace opensaml;
@@ -36,16 +37,29 @@ using namespace xmlsignature;
 using namespace xmltooling;
 using namespace std;
 
+SignatureProfileValidator::SignatureProfileValidator()
+{
+}
+
+SignatureProfileValidator::~SignatureProfileValidator()
+{
+}
+
 void SignatureProfileValidator::validate(const XMLObject* xmlObject) const
 {
     const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);
     if (!sigObj)
         throw ValidationException("Validator only applies to Signature objects.");
-    DSIGSignature* sig=sigObj->getXMLSignature();
+    validateSignature(*sigObj);
+}
+
+void SignatureProfileValidator::validateSignature(const Signature& sigObj) const
+{
+    DSIGSignature* sig=sigObj.getXMLSignature();
     if (!sig)
         throw ValidationException("Signature does not exist yet.");
 
-    const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj->getParent());
+    const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj.getParent());
     if (!signableObj)
         throw ValidationException("Signature is not a child of a signable SAML object.");
     
@@ -56,15 +70,17 @@ void SignatureProfileValidator::validate(const XMLObject* xmlObject) const
         if (ref) {
             const XMLCh* URI=ref->getURI();
             const XMLCh* ID=signableObj->getXMLID();
-            if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
+            if (URI==nullptr || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
                 DSIGTransformList* tlist=ref->getTransforms();
-                for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
-                    if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
-                        valid=true;
-                    else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
-                             tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
-                        valid=false;
-                        break;
+                if (tlist->getSize() <= 2) { 
+                    for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
+                        if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+                            valid=true;
+                        else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
+                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
+                            valid=false;
+                            break;
+                        }
                     }
                 }
             }