X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fbinding%2Fimpl%2FXMLSigningRule.cpp;h=8675fc605b52656c4a6b6fbbaa4563b8d0e5a9bf;hp=029f14c681e3e4e01f6856623a9ce273fa6ece1c;hb=632fdee22ac4b756eaa3158217b9acd6c831e7be;hpb=3e40c0e62375c069e7860a87ca4f65fb2003f018 diff --git a/saml/binding/impl/XMLSigningRule.cpp b/saml/binding/impl/XMLSigningRule.cpp index 029f14c..8675fc6 100644 --- a/saml/binding/impl/XMLSigningRule.cpp +++ b/saml/binding/impl/XMLSigningRule.cpp @@ -43,24 +43,24 @@ namespace opensaml { } }; -void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const +bool XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const { Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.XMLSigning"); log.debug("evaluating message signing policy"); if (!policy.getIssuerMetadata()) { log.debug("ignoring message, no issuer metadata supplied"); - return; + return false; } else if (!policy.getTrustEngine()) { log.debug("ignoring message, no TrustEngine supplied"); - return; + return false; } const SignableObject* signable = dynamic_cast(&message); if (!signable || !signable->getSignature()) { log.debug("ignoring unsigned or unrecognized message"); - return; + return false; } log.debug("validating signature profile"); @@ -70,15 +70,16 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re } catch (ValidationException& ve) { log.error("signature profile failed to validate: %s", ve.what()); - return; + return false; } if (!policy.getTrustEngine()->validate( *(signable->getSignature()), *(policy.getIssuerMetadata()), policy.getMetadataProvider()->getKeyResolver() )) { log.error("unable to verify message signature with supplied trust engine"); - return; + return false; } log.debug("signature verified against message issuer"); + return true; }