/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
/**
* SignatureProfileValidator.cpp
*
- * SAML-specific signature verification
+ * SAML-specific signature verification.
*/
#include "internal.h"
#include "exceptions.h"
+#include "signature/SignableObject.h"
#include "signature/SignatureProfileValidator.h"
#include <xmltooling/signature/Signature.h>
#include <xercesc/util/XMLUniDefs.hpp>
#include <xsec/dsig/DSIGReference.hpp>
+#include <xsec/dsig/DSIGSignature.hpp>
#include <xsec/dsig/DSIGTransformC14n.hpp>
#include <xsec/dsig/DSIGTransformList.hpp>
using namespace xmltooling;
using namespace std;
+SignatureProfileValidator::SignatureProfileValidator()
+{
+}
+
+SignatureProfileValidator::~SignatureProfileValidator()
+{
+}
+
void SignatureProfileValidator::validate(const XMLObject* xmlObject) const
{
const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);
if (ref) {
const XMLCh* URI=ref->getURI();
const XMLCh* ID=signableObj->getXMLID();
- if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
+ if (URI==nullptr || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
DSIGTransformList* tlist=ref->getTransforms();
- for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
- if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
- valid=true;
- else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
- tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
- valid=false;
- break;
+ if (tlist->getSize() <= 2) {
+ for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
+ if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+ valid=true;
+ else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
+ tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
+ valid=false;
+ break;
+ }
}
}
}