- for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
- if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
- valid=true;
- else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
- tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
- valid=false;
- break;
+ if (tlist->getSize() <= 2) {
+ for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
+ if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+ valid=true;
+ else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
+ tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
+ valid=false;
+ Category::getInstance(SAML_LOGCAT".SignatureProfileValidator").error("signature contained an invalid transform");
+ break;
+ }
+ }
+ }
+
+ if (valid && URI && *URI) {
+ valid = false;
+ if (sigObj.getDOM() && signableObj->getDOM()) {
+ DOMElement* signedNode = sigObj.getDOM()->getOwnerDocument()->getElementById(ID);
+ if (signedNode && signedNode->isSameNode(signableObj->getDOM())) {
+ valid = true;
+ }
+ else {
+ Category::getInstance(SAML_LOGCAT".SignatureProfileValidator").error("signature reference does not match parent object node");
+ }