/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* SignatureProfileValidator.cpp
*
- * SAML-specific signature verification
+ * SAML-specific signature verification.
*/
#include "internal.h"
#include "exceptions.h"
+#include "signature/SignableObject.h"
#include "signature/SignatureProfileValidator.h"
#include <xmltooling/signature/Signature.h>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xsec/dsig/DSIGReference.hpp>
-#include <xsec/dsig/DSIGTransformC14n.hpp>
+#include <xsec/dsig/DSIGSignature.hpp>
#include <xsec/dsig/DSIGTransformList.hpp>
using namespace opensaml;
using namespace xmltooling;
using namespace std;
+SignatureProfileValidator::SignatureProfileValidator()
+{
+}
+
+SignatureProfileValidator::~SignatureProfileValidator()
+{
+}
+
void SignatureProfileValidator::validate(const XMLObject* xmlObject) const
{
const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);
if (!sigObj)
throw ValidationException("Validator only applies to Signature objects.");
- DSIGSignature* sig=sigObj->getXMLSignature();
+ validateSignature(*sigObj);
+}
+
+void SignatureProfileValidator::validateSignature(const Signature& sigObj) const
+{
+ DSIGSignature* sig=sigObj.getXMLSignature();
if (!sig)
throw ValidationException("Signature does not exist yet.");
- const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj->getParent());
+ const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj.getParent());
if (!signableObj)
throw ValidationException("Signature is not a child of a signable SAML object.");
if (ref) {
const XMLCh* URI=ref->getURI();
const XMLCh* ID=signableObj->getXMLID();
- if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
+ if (URI==nullptr || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
DSIGTransformList* tlist=ref->getTransforms();
- for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
- if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
- valid=true;
- else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
- tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
- valid=false;
- break;
+ if (tlist->getSize() <= 2) {
+ for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
+ if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+ valid=true;
+ else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
+ tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
+ valid=false;
+ break;
+ }
}
}
}