#include "internal.h"
#include "exceptions.h"
-#include "binding/XMLSigningRule.h"
+#include "binding/SecurityPolicyRule.h"
#include "saml2/core/Assertions.h"
#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/MetadataProvider.h"
using xmlsignature::SignatureException;
namespace opensaml {
+ class SAML_DLLLOCAL XMLSigningRule : public SecurityPolicyRule
+ {
+ public:
+ XMLSigningRule(const DOMElement* e);
+ virtual ~XMLSigningRule() {}
+
+ void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
+
+ private:
+ bool m_errorsFatal;
+ };
+
SecurityPolicyRule* SAML_DLLLOCAL XMLSigningRuleFactory(const DOMElement* const & e)
{
return new XMLSigningRule(e);
void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
{
Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.XMLSigning");
- log.debug("evaluating message signing policy");
if (!policy.getIssuerMetadata()) {
log.debug("ignoring message, no issuer metadata supplied");
}
const SignableObject* signable = dynamic_cast<const SignableObject*>(&message);
- if (!signable || !signable->getSignature()) {
- log.debug("ignoring unsigned or unrecognized message");
+ if (!signable || !signable->getSignature())
return;
- }
log.debug("validating signature profile");
try {
SignatureProfileValidator sigval;
- sigval.validate(signable->getSignature());
+ sigval.validateSignature(*(signable->getSignature()));
}
catch (ValidationException& ve) {
log.error("signature profile failed to validate: %s", ve.what());