+void SignatureMetadataFilter::doFilter(EntityDescriptor& entity, bool rootObject) const
+{
+ Signature* sig = entity.getSignature();
+ if (!sig && rootObject)
+ throw MetadataFilterException("Root metadata element was unsigned.");
+ verifySignature(sig, entity.getEntityID());
+
+ VectorOf(RoleDescriptor) v=entity.getRoleDescriptors();
+ for (VectorOf(RoleDescriptor)::size_type i=0; i<v.size(); ) {
+ try {
+ verifySignature(v[i]->getSignature(), entity.getEntityID());
+ i++;
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn(
+ "filtering out role (%s) for entity (%s) after failed signature check: %s",
+ v[i]->getElementQName().toString().c_str(), id.get(), e.what()
+ );
+ v.erase(v.begin() + i);
+ }
+ }
+
+ if (entity.getAffiliationDescriptor()) {
+ try {
+ verifySignature(entity.getAffiliationDescriptor()->getSignature(), entity.getEntityID());
+ }
+ catch (exception& e) {
+ auto_ptr_char id(entity.getEntityID());
+ m_log.warn("filtering out affiliation from entity (%s) after failed signature check: %s", id.get(), e.what());
+ entity.setAffiliationDescriptor(NULL);
+ }
+ }
+}
+