PKIX TrustEngine.

[shibboleth/cpp-opensaml.git] / samltest / security / ExplicitKeyTrustEngineTest.h

diff --git a/samltest/security/ExplicitKeyTrustEngineTest.h b/samltest/security/ExplicitKeyTrustEngineTest.h
index 511de41..53416e9 100644 (file)
--- a/samltest/security/ExplicitKeyTrustEngineTest.h
+++ b/samltest/security/ExplicitKeyTrustEngineTest.h
@@ -72,12 +72,19 @@ public:
         const EntityDescriptor* descriptor = metadataProvider->getEntityDescriptor("https://idp.example.org");\r
         TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);\r
         \r
-        Signature* sig=assertion->getSignature();\r
-        TSM_ASSERT("Signature not present", sig!=NULL);\r
-\r
         RoleDescriptor* role=descriptor->getIDPSSODescriptors().front();\r
         TSM_ASSERT("Role not present", role!=NULL);\r
         \r
+        Signature* sig=assertion->getSignature();\r
+        TSM_ASSERT("Signature not present", sig!=NULL);\r
         TSM_ASSERT("Signature failed to validate.", trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));\r
+\r
+        descriptor = metadataProvider->getEntityDescriptor("https://idp2.example.org");\r
+        TSM_ASSERT("Retrieved entity descriptor was null", descriptor!=NULL);\r
+        \r
+        role=descriptor->getIDPSSODescriptors().front();\r
+        TSM_ASSERT("Role not present", role!=NULL);\r
+\r
+        TSM_ASSERT("Signature validated.", !trustEngine->validate(*sig, *role, metadataProvider->getKeyResolver()));\r
     }\r
 };\r