/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
const Signature* sigObj=dynamic_cast<const Signature*>(xmlObject);
if (!sigObj)
throw ValidationException("Validator only applies to Signature objects.");
- DSIGSignature* sig=sigObj->getXMLSignature();
+ validateSignature(*sigObj);
+}
+
+void SignatureProfileValidator::validateSignature(const Signature& sigObj) const
+{
+ DSIGSignature* sig=sigObj.getXMLSignature();
if (!sig)
throw ValidationException("Signature does not exist yet.");
- const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj->getParent());
+ const SignableObject* signableObj=dynamic_cast<const SignableObject*>(sigObj.getParent());
if (!signableObj)
throw ValidationException("Signature is not a child of a signable SAML object.");
const XMLCh* ID=signableObj->getXMLID();
if (URI==NULL || *URI==0 || (*URI==chPound && ID && !XMLString::compareString(URI+1,ID))) {
DSIGTransformList* tlist=ref->getTransforms();
- for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
- if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
- valid=true;
- else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
- tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
- valid=false;
- break;
+ if (tlist->getSize() <= 2) {
+ for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
+ if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+ valid=true;
+ else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
+ tlist->item(i)->getTransformType()!=TRANSFORM_C14N) {
+ valid=false;
+ break;
+ }
}
}
}