+
+ if (!m_verifyRoles)
+ return;
+
+ VectorOf(IDPSSODescriptor) idp = entity.getIDPSSODescriptors();
+ for (VectorOf(IDPSSODescriptor)::size_type i = 0; i < idp.size(); ) {
+ try {
+ verifySignature(idp[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out IDPSSODescriptor for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ idp.erase(idp.begin() + i);
+ }
+ }
+
+ VectorOf(SPSSODescriptor) sp = entity.getSPSSODescriptors();
+ for (VectorOf(SPSSODescriptor)::size_type i = 0; i < sp.size(); ) {
+ try {
+ verifySignature(sp[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out SPSSODescriptor for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ sp.erase(sp.begin() + i);
+ }
+ }
+
+ VectorOf(AuthnAuthorityDescriptor) authn = entity.getAuthnAuthorityDescriptors();
+ for (VectorOf(AuthnAuthorityDescriptor)::size_type i = 0; i < authn.size(); ) {
+ try {
+ verifySignature(authn[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out AuthnAuthorityDescriptor for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ authn.erase(authn.begin() + i);
+ }
+ }
+
+ VectorOf(AttributeAuthorityDescriptor) aa = entity.getAttributeAuthorityDescriptors();
+ for (VectorOf(AttributeAuthorityDescriptor)::size_type i = 0; i < aa.size(); ) {
+ try {
+ verifySignature(aa[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out AttributeAuthorityDescriptor for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ aa.erase(aa.begin() + i);
+ }
+ }
+
+ VectorOf(PDPDescriptor) pdp = entity.getPDPDescriptors();
+ for (VectorOf(AuthnAuthorityDescriptor)::size_type i = 0; i < pdp.size(); ) {
+ try {
+ verifySignature(pdp[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out PDPDescriptor for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ pdp.erase(pdp.begin() + i);
+ }
+ }
+
+ VectorOf(AuthnQueryDescriptorType) authnq = entity.getAuthnQueryDescriptorTypes();
+ for (VectorOf(AuthnQueryDescriptorType)::size_type i = 0; i < authnq.size(); ) {
+ try {
+ verifySignature(authnq[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out AuthnQueryDescriptorType for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ authnq.erase(authnq.begin() + i);
+ }
+ }
+
+ VectorOf(AttributeQueryDescriptorType) attrq = entity.getAttributeQueryDescriptorTypes();
+ for (VectorOf(AttributeQueryDescriptorType)::size_type i = 0; i < attrq.size(); ) {
+ try {
+ verifySignature(attrq[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out AttributeQueryDescriptorType for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ attrq.erase(attrq.begin() + i);
+ }
+ }
+
+ VectorOf(AuthzDecisionQueryDescriptorType) authzq = entity.getAuthzDecisionQueryDescriptorTypes();
+ for (VectorOf(AuthzDecisionQueryDescriptorType)::size_type i = 0; i < authzq.size(); ) {
+ try {
+ verifySignature(authzq[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out AuthzDecisionQueryDescriptorType for entity (%s) after failed signature check: %s", id.get(), e.what()
+ );
+ authzq.erase(authzq.begin() + i);
+ }
+ }
+
+ VectorOf(RoleDescriptor) v = entity.getRoleDescriptors();
+ for (VectorOf(RoleDescriptor)::size_type i = 0; i < v.size(); ) {