1 files changed, 26 insertions, 4 deletions

diff --git a/lasso/saml-2.0/profile.c b/lasso/saml-2.0/profile.c
index 083d05ac..1140e63c 100644
--- a/lasso/saml-2.0/profile.c
+++ b/lasso/saml-2.0/profile.c
@@ -605,8 +605,9 @@ cleanup:
  * validation fails no error code will be returned, you must explicitely verify the
  * profile->signature_status code.
  *
- * Return value: 0 if parsing is successful (even if signature validation fails), and error code
- * otherwise.
+ * Return value: 0 if parsing is successful (even if signature validation fails), and otherwise,
+ * LASSO_PROFILE_ERROR_INVALID_MSG, LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE, *
+ * LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND.
  */
 int
 lasso_saml20_profile_process_any_request(LassoProfile *profile,
@@ -704,13 +705,12 @@ lasso_saml20_profile_process_soap_request(LassoProfile *profile,
 			remote_provider, request_msg, "ID", LASSO_MESSAGE_FORMAT_SOAP);
 
 	switch (lasso_profile_get_signature_verify_hint(profile)) {
+		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
 		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
 			rc = profile->signature_status;
 			break;
 		case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
 			break;
-		default:
-			g_assert(0);
 	}
 
 cleanup:
@@ -1604,3 +1604,25 @@ lasso_saml20_profile_setup_encrypted_node(LassoProvider *provider,
 	lasso_release_gobject(*node_to_encrypt);
 	return 0;
 }
+
+/**
+ * Check the profile->signature_status flag, if signature validation is activated, report it as an
+ * error, if not not return 0.
+ */
+int
+lasso_saml20_profile_check_signature_status(LassoProfile *profile) {
+	int rc = 0;
+
+	if (profile->signature_status) {
+		switch (lasso_profile_get_signature_verify_hint(profile)) {
+			case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_MAYBE:
+			case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_FORCE:
+				rc = profile->signature_status;
+				break;
+			case LASSO_PROFILE_SIGNATURE_VERIFY_HINT_IGNORE:
+				break;
+		}
+	}
+
+	return rc;
+}