From 0beb48ce00d0b6a3f177f7d9b48af1870ee92190 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Mon, 5 Mar 2007 05:27:15 +0000 Subject: [PATCH] Added marker interface for assertion types. --- saml/Assertion.h | 44 +++++++++++++++++++++++ saml/Makefile.am | 1 + saml/RootObject.h | 11 +----- saml/saml.vcproj | 4 +++ saml/saml1/core/Assertions.h | 7 ++-- saml/saml1/core/impl/AssertionsImpl.cpp | 1 - saml/saml1/core/impl/ProtocolsImpl.cpp | 9 +++-- saml/saml2/binding/impl/SAML2MessageRule.cpp | 2 +- saml/saml2/core/Assertions.h | 7 ++-- saml/saml2/core/impl/Assertions20Impl.cpp | 1 - saml/saml2/core/impl/Protocols20Impl.cpp | 3 +- samltest/binding.h | 1 + samltest/internal.h | 9 +++-- samltest/saml1/binding/SAML1ArtifactTest.h | 8 ++--- samltest/saml1/binding/SAML1POSTTest.h | 4 +-- samltest/saml2/binding/SAML2ArtifactTest.h | 2 +- samltest/saml2/binding/SAML2POSTTest.h | 8 ++--- samltest/saml2/binding/SAML2RedirectTest.h | 4 +-- samltest/saml2/metadata/XMLMetadataProviderTest.h | 1 + samltest/samltest.h | 2 ++ samltest/security/AbstractPKIXTrustEngineTest.h | 2 +- samltest/security/ExplicitKeyTrustEngineTest.h | 2 +- samltest/signature/SAML1AssertionTest.h | 2 +- samltest/signature/SAML1RequestTest.h | 2 +- samltest/signature/SAML1ResponseTest.h | 2 +- samltest/signature/SAML2AssertionTest.h | 2 +- 26 files changed, 87 insertions(+), 54 deletions(-) create mode 100644 saml/Assertion.h diff --git a/saml/Assertion.h b/saml/Assertion.h new file mode 100644 index 0000000..dd29488 --- /dev/null +++ b/saml/Assertion.h @@ -0,0 +1,44 @@ +/* + * Copyright 2001-2007 Internet2 + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file saml/Assertion.h + * + * Base class for SAML assertions. + */ + +#ifndef __saml_assertion_h__ +#define __saml_assertion_h__ + +#include + +namespace opensaml { + + /** + * Base class for SAML assertions. + * Currently just a marker interface. + */ + class SAML_API Assertion : public virtual RootObject + { + public: + virtual ~Assertion() {} + protected: + Assertion() {} + }; + +}; + +#endif /* __saml_assertion_h__ */ diff --git a/saml/Makefile.am b/saml/Makefile.am index e963873..ae428f9 100644 --- a/saml/Makefile.am +++ b/saml/Makefile.am @@ -25,6 +25,7 @@ saml2coreincludedir = $(includedir)/saml/saml2/core saml2mdincludedir = $(includedir)/saml/saml2/metadata libsamlinclude_HEADERS = \ + Assertion.h \ base.h \ exceptions.h \ version.h \ diff --git a/saml/RootObject.h b/saml/RootObject.h index bbdc215..1f143bd 100644 --- a/saml/RootObject.h +++ b/saml/RootObject.h @@ -32,21 +32,12 @@ namespace opensaml { * Base class for SAML objects at the root of core schemas. * Root objects are signable, and have message identifiers and timestamps. */ - class SAML_API RootObject : public virtual SignableObject + class SAML_API RootObject : public SignableObject { public: virtual ~RootObject() {} /** - * Indicates whether the object is an assertion. - * - * @return true iff the object is an assertion - */ - virtual bool isAssertion() const { - return false; - } - - /** * Returns the unique SAML ID of the object. * * @return the unique SAML ID diff --git a/saml/saml.vcproj b/saml/saml.vcproj index af783b3..6575f68 100644 --- a/saml/saml.vcproj +++ b/saml/saml.vcproj @@ -568,6 +568,10 @@ UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}" > + + diff --git a/saml/saml1/core/Assertions.h b/saml/saml1/core/Assertions.h index bd73fcb..bd0a770 100644 --- a/saml/saml1/core/Assertions.h +++ b/saml/saml1/core/Assertions.h @@ -23,7 +23,7 @@ #ifndef __saml1_assertions_h__ #define __saml1_assertions_h__ -#include +#include #include #include @@ -215,10 +215,7 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; - BEGIN_XMLOBJECT(SAML_API,Assertion,RootObject,SAML 1.x Assertion element); - bool isAssertion() const { - return true; - } + BEGIN_XMLOBJECT(SAML_API,Assertion,opensaml::Assertion,SAML 1.x Assertion element); DECL_INTEGER_ATTRIB(MinorVersion,MINORVERSION); DECL_STRING_ATTRIB(AssertionID,ASSERTIONID); DECL_STRING_ATTRIB(Issuer,ISSUER); diff --git a/saml/saml1/core/impl/AssertionsImpl.cpp b/saml/saml1/core/impl/AssertionsImpl.cpp index 25da195..602890b 100644 --- a/saml/saml1/core/impl/AssertionsImpl.cpp +++ b/saml/saml1/core/impl/AssertionsImpl.cpp @@ -36,7 +36,6 @@ #include using namespace opensaml::saml1; -using namespace opensaml; using namespace xmlsignature; using namespace xmltooling; using namespace std; diff --git a/saml/saml1/core/impl/ProtocolsImpl.cpp b/saml/saml1/core/impl/ProtocolsImpl.cpp index 88fe63c..e3becd6 100644 --- a/saml/saml1/core/impl/ProtocolsImpl.cpp +++ b/saml/saml1/core/impl/ProtocolsImpl.cpp @@ -37,7 +37,6 @@ using namespace opensaml::saml1p; using namespace opensaml::saml1; -using namespace opensaml; using namespace xmlsignature; using namespace xmltooling; using namespace std; @@ -744,8 +743,8 @@ namespace opensaml { init(); if (src.getStatus()) setStatus(src.getStatus()->cloneStatus()); - VectorOf(Assertion) v=getAssertions(); - for (vector::const_iterator i=src.m_Assertions.begin(); i!=src.m_Assertions.end(); i++) { + VectorOf(saml1::Assertion) v=getAssertions(); + for (vector::const_iterator i=src.m_Assertions.begin(); i!=src.m_Assertions.end(); i++) { if (*i) { v.push_back((*i)->cloneAssertion()); } @@ -757,12 +756,12 @@ namespace opensaml { return cloneResponse(); } IMPL_TYPED_CHILD(Status); - IMPL_TYPED_CHILDREN(Assertion, m_children.end()); + IMPL_TYPED_FOREIGN_CHILDREN(Assertion,saml1,m_children.end()); protected: void processChildElement(XMLObject* childXMLObject, const DOMElement* root) { PROC_TYPED_CHILD(Status,SAML1P_NS,false); - PROC_TYPED_CHILDREN(Assertion,SAML1_NS,true); + PROC_TYPED_FOREIGN_CHILDREN(Assertion,saml1,SAML1_NS,true); ResponseAbstractTypeImpl::processChildElement(childXMLObject,root); } }; diff --git a/saml/saml2/binding/impl/SAML2MessageRule.cpp b/saml/saml2/binding/impl/SAML2MessageRule.cpp index 43e68ed..f657b8c 100644 --- a/saml/saml2/binding/impl/SAML2MessageRule.cpp +++ b/saml/saml2/binding/impl/SAML2MessageRule.cpp @@ -71,7 +71,7 @@ void SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest* } else if (XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME)) { // No issuer in the message, so we have to try the Response approach. - const vector& assertions = dynamic_cast(samlRoot).getAssertions(); + const vector& assertions = dynamic_cast(samlRoot).getAssertions(); if (!assertions.empty()) { issuer = assertions.front()->getIssuer(); if (issuer && issuer->getName()) { diff --git a/saml/saml2/core/Assertions.h b/saml/saml2/core/Assertions.h index 6a5ed55..c6b0350 100644 --- a/saml/saml2/core/Assertions.h +++ b/saml/saml2/core/Assertions.h @@ -23,7 +23,7 @@ #ifndef __saml2_assertions_h__ #define __saml2_assertions_h__ -#include +#include #include #include @@ -320,10 +320,7 @@ namespace opensaml { virtual Issuer* getIssuer() const=0; }; - BEGIN_XMLOBJECT(SAML_API,Assertion,saml2::RootObject,SAML 2.0 Assertion element); - bool isAssertion() const { - return true; - } + BEGIN_XMLOBJECT2(SAML_API,Assertion,saml2::RootObject,opensaml::Assertion,SAML 2.0 Assertion element); DECL_INHERITED_STRING_ATTRIB(Version,VER); DECL_INHERITED_STRING_ATTRIB(ID,ID); DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); diff --git a/saml/saml2/core/impl/Assertions20Impl.cpp b/saml/saml2/core/impl/Assertions20Impl.cpp index 78ccc0c..513bab6 100644 --- a/saml/saml2/core/impl/Assertions20Impl.cpp +++ b/saml/saml2/core/impl/Assertions20Impl.cpp @@ -37,7 +37,6 @@ #include using namespace opensaml::saml2; -using namespace opensaml; using namespace xmlencryption; using namespace xmlsignature; using namespace xmltooling; diff --git a/saml/saml2/core/impl/Protocols20Impl.cpp b/saml/saml2/core/impl/Protocols20Impl.cpp index 29c8252..1084ca5 100644 --- a/saml/saml2/core/impl/Protocols20Impl.cpp +++ b/saml/saml2/core/impl/Protocols20Impl.cpp @@ -38,7 +38,6 @@ using namespace opensaml::saml2p; using namespace opensaml::saml2; -using namespace opensaml; using namespace xmlsignature; using namespace xmlencryption; using namespace xmltooling; @@ -1131,7 +1130,7 @@ namespace opensaml { ResponseImpl(const ResponseImpl& src) : AbstractXMLObject(src), StatusResponseTypeImpl(src) { for (list::const_iterator i=src.m_children.begin(); i!=src.m_children.end(); i++) { if (*i) { - Assertion* assertion=dynamic_cast(*i); + saml2::Assertion* assertion=dynamic_cast(*i); if (assertion) { getAssertions().push_back(assertion->cloneAssertion()); continue; diff --git a/samltest/binding.h b/samltest/binding.h index 4d4cc16..f50ad41 100644 --- a/samltest/binding.h +++ b/samltest/binding.h @@ -28,6 +28,7 @@ #include using namespace opensaml::saml2md; +using namespace opensaml; using namespace xmlsignature; class SAMLBindingBaseTestCase : public HTTPRequest, public HTTPResponse diff --git a/samltest/internal.h b/samltest/internal.h index 52b89d9..370dc4a 100644 --- a/samltest/internal.h +++ b/samltest/internal.h @@ -14,10 +14,10 @@ * limitations under the License. */ -#ifdef WIN32 -# define _CRT_SECURE_NO_DEPRECATE 1 -# define _CRT_NONSTDC_NO_DEPRECATE 1 -#endif +#ifdef WIN32 +# define _CRT_SECURE_NO_DEPRECATE 1 +# define _CRT_NONSTDC_NO_DEPRECATE 1 +#endif #include @@ -29,7 +29,6 @@ #include #include -using namespace opensaml; using namespace xmltooling; using namespace std; diff --git a/samltest/saml1/binding/SAML1ArtifactTest.h b/samltest/saml1/binding/SAML1ArtifactTest.h index 245f0e0..9c39c47 100644 --- a/samltest/saml1/binding/SAML1ArtifactTest.h +++ b/samltest/saml1/binding/SAML1ArtifactTest.h @@ -51,15 +51,15 @@ public: void testSAML1Artifact() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml1/binding/SAML1Assertion.xml"; ifstream in(path.c_str()); DOMDocument* doc=XMLToolingConfig::getConfig().getParser().parse(in); XercesJanitor janitor(doc); - auto_ptr toSend( - dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) + auto_ptr toSend( + dynamic_cast(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(),true)) ); janitor.release(); @@ -133,7 +133,7 @@ public: TSM_ASSERT_EQUALS("Too many artifacts.", artifacts.size(), 1); XMLObject* xmlObject = SAMLConfig::getConfig().getArtifactMap()->retrieveContent(artifacts.front(), "https://sp.example.org/"); - Assertion* assertion = dynamic_cast(xmlObject); + saml1::Assertion* assertion = dynamic_cast(xmlObject); TSM_ASSERT("Not an assertion.", assertion!=NULL); auto_ptr response(ResponseBuilder::buildResponse()); response->getAssertions().push_back(assertion); diff --git a/samltest/saml1/binding/SAML1POSTTest.h b/samltest/saml1/binding/SAML1POSTTest.h index bbc9dbd..aa5cecc 100644 --- a/samltest/saml1/binding/SAML1POSTTest.h +++ b/samltest/saml1/binding/SAML1POSTTest.h @@ -34,7 +34,7 @@ public: void testSAML1POST() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules1, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml1/binding/SAML1Response.xml"; @@ -78,7 +78,7 @@ public: // Test the results. TSM_ASSERT_EQUALS("TARGET was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.isSecure()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); diff --git a/samltest/saml2/binding/SAML2ArtifactTest.h b/samltest/saml2/binding/SAML2ArtifactTest.h index e128c74..e763ff3 100644 --- a/samltest/saml2/binding/SAML2ArtifactTest.h +++ b/samltest/saml2/binding/SAML2ArtifactTest.h @@ -38,7 +38,7 @@ public: void testSAML2Artifact() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; diff --git a/samltest/saml2/binding/SAML2POSTTest.h b/samltest/saml2/binding/SAML2POSTTest.h index 062a376..9315044 100644 --- a/samltest/saml2/binding/SAML2POSTTest.h +++ b/samltest/saml2/binding/SAML2POSTTest.h @@ -34,7 +34,7 @@ public: void testSAML2POST() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; @@ -78,7 +78,7 @@ public: // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.isSecure()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); @@ -96,7 +96,7 @@ public: void testSAML2POSTSimpleSign() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; @@ -140,7 +140,7 @@ public: // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.isSecure()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); diff --git a/samltest/saml2/binding/SAML2RedirectTest.h b/samltest/saml2/binding/SAML2RedirectTest.h index f7024c0..5f6707e 100644 --- a/samltest/saml2/binding/SAML2RedirectTest.h +++ b/samltest/saml2/binding/SAML2RedirectTest.h @@ -34,7 +34,7 @@ public: void testSAML2Redirect() { try { QName idprole(samlconstants::SAML20MD_NS, IDPSSODescriptor::LOCAL_NAME); - SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust); + SecurityPolicy policy(m_rules2, m_metadata, &idprole, m_trust, false); // Read message to use from file. string path = data_path + "saml2/binding/SAML2Response.xml"; @@ -68,7 +68,7 @@ public: // Test the results. TSM_ASSERT_EQUALS("RelayState was not the expected result.", relayState, "state"); TSM_ASSERT("SAML Response not decoded successfully.", response.get()); - TSM_ASSERT("Message was not verified.", policy.isSecure()); + TSM_ASSERT("Message was not verified.", policy.isSecure()); auto_ptr_char entityID(policy.getIssuer()->getName()); TSM_ASSERT("Issuer was not expected.", !strcmp(entityID.get(),"https://idp.example.org/")); TSM_ASSERT_EQUALS("Assertion count was not correct.", response->getAssertions().size(), 1); diff --git a/samltest/saml2/metadata/XMLMetadataProviderTest.h b/samltest/saml2/metadata/XMLMetadataProviderTest.h index 724cdf0..747d89e 100644 --- a/samltest/saml2/metadata/XMLMetadataProviderTest.h +++ b/samltest/saml2/metadata/XMLMetadataProviderTest.h @@ -22,6 +22,7 @@ using namespace opensaml::saml2md; using namespace opensaml::saml2p; +using namespace opensaml; class XMLMetadataProviderTest : public CxxTest::TestSuite, public SAMLObjectBaseTestCase { XMLCh* entityID; diff --git a/samltest/samltest.h b/samltest/samltest.h index 5bb6f38..e817f72 100644 --- a/samltest/samltest.h +++ b/samltest/samltest.h @@ -22,6 +22,8 @@ #include #include +using namespace opensaml; + //#define SAML_LEAKCHECK std::string data_path = "../samltest/data/"; diff --git a/samltest/security/AbstractPKIXTrustEngineTest.h b/samltest/security/AbstractPKIXTrustEngineTest.h index 5e7b0c6..745a97d 100644 --- a/samltest/security/AbstractPKIXTrustEngineTest.h +++ b/samltest/security/AbstractPKIXTrustEngineTest.h @@ -105,7 +105,7 @@ public: // Build metadata provider. auto_ptr metadataProvider( - SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement()) + opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement()) ); try { metadataProvider->init(); diff --git a/samltest/security/ExplicitKeyTrustEngineTest.h b/samltest/security/ExplicitKeyTrustEngineTest.h index 7c627ad..a172a49 100644 --- a/samltest/security/ExplicitKeyTrustEngineTest.h +++ b/samltest/security/ExplicitKeyTrustEngineTest.h @@ -48,7 +48,7 @@ public: // Build metadata provider. auto_ptr metadataProvider( - SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement()) + opensaml::SAMLConfig::getConfig().MetadataProviderManager.newPlugin(XML_METADATA_PROVIDER,doc->getDocumentElement()) ); try { metadataProvider->init(); diff --git a/samltest/signature/SAML1AssertionTest.h b/samltest/signature/SAML1AssertionTest.h index 36a3648..274cec3 100644 --- a/samltest/signature/SAML1AssertionTest.h +++ b/samltest/signature/SAML1AssertionTest.h @@ -89,7 +89,7 @@ public: assertEquals("Unmarshalled assertion does not match", expectedChildElementsDOM, assertion2.get(), false); try { - SignatureProfileValidator spv; + opensaml::SignatureProfileValidator spv; SignatureValidator sv(new KeyResolver(m_resolver->getKey())); spv.validate(dynamic_cast(assertion2.get())->getSignature()); sv.validate(dynamic_cast(assertion2.get())->getSignature()); diff --git a/samltest/signature/SAML1RequestTest.h b/samltest/signature/SAML1RequestTest.h index 10e8264..2909ad8 100644 --- a/samltest/signature/SAML1RequestTest.h +++ b/samltest/signature/SAML1RequestTest.h @@ -89,7 +89,7 @@ public: assertEquals("Unmarshalled request does not match", expectedChildElementsDOM, request2.get(), false); try { - SignatureProfileValidator spv; + opensaml::SignatureProfileValidator spv; SignatureValidator sv(new KeyResolver(m_resolver->getKey())); spv.validate(dynamic_cast(request2.get())->getSignature()); sv.validate(dynamic_cast(request2.get())->getSignature()); diff --git a/samltest/signature/SAML1ResponseTest.h b/samltest/signature/SAML1ResponseTest.h index 2eac008..5f07967 100644 --- a/samltest/signature/SAML1ResponseTest.h +++ b/samltest/signature/SAML1ResponseTest.h @@ -119,7 +119,7 @@ public: assertEquals("Unmarshalled response does not match", expectedChildElementsDOM, response2.get(), false); try { - SignatureProfileValidator spv; + opensaml::SignatureProfileValidator spv; spv.validate(dynamic_cast(response2.get())->getAssertions().front()->getSignature()); spv.validate(dynamic_cast(response2.get())->getSignature()); diff --git a/samltest/signature/SAML2AssertionTest.h b/samltest/signature/SAML2AssertionTest.h index ea1aed0..14fa1a9 100644 --- a/samltest/signature/SAML2AssertionTest.h +++ b/samltest/signature/SAML2AssertionTest.h @@ -97,7 +97,7 @@ public: assertEquals("Unmarshalled assertion does not match", expectedChildElementsDOM, assertion2.get(), false); try { - SignatureProfileValidator spv; + opensaml::SignatureProfileValidator spv; SignatureValidator sv(new KeyResolver(m_resolver->getKey())); spv.validate(dynamic_cast(assertion2.get())->getSignature()); sv.validate(dynamic_cast(assertion2.get())->getSignature()); -- 2.1.4