projects
/
shibboleth
/
cpp-sp.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c54df95
)
Remove check for RSA algorithm, block duplicate check of root signature.
author
Scott Cantor
<cantor.2@osu.edu>
Sat, 3 Nov 2007 02:27:14 +0000
(
02:27
+0000)
committer
Scott Cantor
<cantor.2@osu.edu>
Sat, 3 Nov 2007 02:27:14 +0000
(
02:27
+0000)
siterefresh/siterefresh.cpp
patch
|
blob
|
history
diff --git
a/siterefresh/siterefresh.cpp
b/siterefresh/siterefresh.cpp
index
02fa356
..
5327626
100644
(file)
--- a/
siterefresh/siterefresh.cpp
+++ b/
siterefresh/siterefresh.cpp
@@
-98,7
+98,7
@@
void verifySignature(DOMDocument* doc, DOMNode* sigNode, const char* cert=NULL)
// Verify the signature coverage.
DSIGReferenceList* refs=sig->getReferenceList();
// Verify the signature coverage.
DSIGReferenceList* refs=sig->getReferenceList();
- if (
sig->getSignatureMethod()==SIGNATURE_RSA &&
refs && refs->getSize()==1) {
+ if (refs && refs->getSize()==1) {
DSIGReference* ref=refs->item(0);
if (ref) {
const XMLCh* URI=ref->getURI();
DSIGReference* ref=refs->item(0);
if (ref) {
const XMLCh* URI=ref->getURI();
@@
-141,7
+141,6
@@
void verifySignature(DOMDocument* doc, DOMNode* sigNode, const char* cert=NULL)
sig->setSigningKey(x509->clonePublicKey());
}
else {
sig->setSigningKey(x509->clonePublicKey());
}
else {
- log.warn("verifying with key inside signature, this is a sanity check but provides no security");
XSECKeyInfoResolverDefault resolver;
sig->setKeyInfoResolver(resolver.clone());
}
XSECKeyInfoResolverDefault resolver;
sig->setKeyInfoResolver(resolver.clone());
}
@@
-280,7
+279,8
@@
int main(int argc,char* argv[])
// Verify all signatures.
DOMNodeList* siglist=doc->getElementsByTagNameNS(saml::XML::XMLSIG_NS,L(Signature));
for (XMLSize_t i=0; siglist && i<siglist->getLength(); i++)
// Verify all signatures.
DOMNodeList* siglist=doc->getElementsByTagNameNS(saml::XML::XMLSIG_NS,L(Signature));
for (XMLSize_t i=0; siglist && i<siglist->getLength(); i++)
- verifySignature(doc,siglist->item(i),cert_param);
+ if (siglist->item(i) != rootSig)
+ verifySignature(doc,siglist->item(i),cert_param);
if (out_param) {
// Output the data to the specified file.
if (out_param) {
// Output the data to the specified file.