diff options
Diffstat (limited to 'lasso/saml-2.0/profile.c')
-rw-r--r-- | lasso/saml-2.0/profile.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c index 18f7d64c..40f6fe89 100644 --- a/lasso/saml-2.0/profile.c +++ b/lasso/saml-2.0/profile.c @@ -345,6 +345,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char { LassoProvider *remote_provider; int rc = 0; + LassoProfileSignatureVerifyHint sig_verify_hint; /* FIXME: parse only one time the message, reuse the parsed document for signature * validation */ @@ -355,13 +356,21 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char if (! LASSO_IS_SAMLP2_ARTIFACT_RESOLVE(profile->request)) { return critical_error(LASSO_PROFILE_ERROR_INVALID_MSG); } + lasso_assign_string(profile->private_data->artifact, + LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact); + + sig_verify_hint = lasso_profile_get_signature_verify_hint(profile); lasso_assign_string(profile->remote_providerID, LASSO_SAMLP2_REQUEST_ABSTRACT( profile->request)->Issuer->content); remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID); - profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID", - LASSO_MESSAGE_FORMAT_SOAP); + goto_cleanup_if_fail_with_rc(remote_provider, LASSO_PROFILE_ERROR_UNKNOWN_PROVIDER); + + if (sig_verify_hint != LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE) { + profile->signature_status = lasso_provider_verify_signature(remote_provider, msg, "ID", + LASSO_MESSAGE_FORMAT_SOAP); + } switch (lasso_profile_get_signature_verify_hint(profile)) { case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE: @@ -374,9 +383,7 @@ lasso_saml20_profile_process_artifact_resolve(LassoProfile *profile, const char break; } - lasso_assign_string(profile->private_data->artifact, - LASSO_SAMLP2_ARTIFACT_RESOLVE(profile->request)->Artifact); - +cleanup: return rc; } |