// Verify the signature coverage.
DSIGReferenceList* refs=sig->getReferenceList();
- if (sig->getSignatureMethod()==SIGNATURE_RSA && refs && refs->getSize()==1) {
+ if (refs && refs->getSize()==1) {
DSIGReference* ref=refs->item(0);
if (ref) {
const XMLCh* URI=ref->getURI();
sig->setSigningKey(x509->clonePublicKey());
}
else {
- log.warn("verifying with key inside signature, this is a sanity check but provides no security");
XSECKeyInfoResolverDefault resolver;
sig->setKeyInfoResolver(resolver.clone());
}
// Verify all signatures.
DOMNodeList* siglist=doc->getElementsByTagNameNS(saml::XML::XMLSIG_NS,L(Signature));
for (XMLSize_t i=0; siglist && i<siglist->getLength(); i++)
- verifySignature(doc,siglist->item(i),cert_param);
+ if (siglist->item(i) != rootSig)
+ verifySignature(doc,siglist->item(i),cert_param);
if (out_param) {
// Output the data to the specified file.