From: Scott Cantor Date: Tue, 7 Nov 2006 19:56:03 +0000 (+0000) Subject: Support for KeyInfo. X-Git-Tag: 2.0-alpha1~155 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=42c774ed39a783c3ba6b90c36ba87ce1bd874c09 Support for KeyInfo. --- diff --git a/saml/binding/impl/SimpleSigningRule.cpp b/saml/binding/impl/SimpleSigningRule.cpp index 9641ab5..3e7952d 100644 --- a/saml/binding/impl/SimpleSigningRule.cpp +++ b/saml/binding/impl/SimpleSigningRule.cpp @@ -43,6 +43,8 @@ using namespace xmltooling; using namespace log4cpp; using namespace std; +using xmlsignature::KeyInfo; + namespace opensaml { SecurityPolicyRule* SAML_DLLLOCAL SimpleSigningRuleFactory(const DOMElement* const & e) { @@ -135,8 +137,28 @@ pair SimpleSigningRule::evaluate( appendParameter(input, raw, "RelayState="); appendParameter(input, raw, "SigAlg="); + // Check for KeyInfo, but defensively (we might be able to run without it). + KeyInfo* keyInfo=NULL; + const char* k = request.getParameter("KeyInfo"); + if (k) { + try { + istringstream kstrm(k); + DOMDocument* doc = XMLToolingConfig::getConfig().getParser().parse(kstrm); + XercesJanitor janitor(doc); + XMLObject* kxml = XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true); + janitor.release(); + if (!(keyInfo=dynamic_cast(kxml))) + delete kxml; + } + catch (XMLToolingException& ex) { + log.warn("Failed to load KeyInfo from message: %s", ex.what()); + } + } + + auto_ptr kjanitor(keyInfo); auto_ptr_XMLCh alg(sigAlgorithm); - if (!trustEngine->validate(alg.get(), signature, NULL, input.c_str(), input.length(), *roledesc, metadataProvider->getKeyResolver())) { + + if (!trustEngine->validate(alg.get(), signature, keyInfo, input.c_str(), input.length(), *roledesc, metadataProvider->getKeyResolver())) { log.error("unable to verify signature on message with supplied trust engine"); return ret; }