From 31a623aeeeee3174590aa984903abf46644bcc79 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Sat, 2 Apr 2011 04:05:37 +0200
Subject: [server] in lasso_server_load_metadata do not duplicate checks
 already made by lasso_verify_signature

lasso_verify_signature already checks that reference is to the given
signed node, be it referenced through an ID or through an empty
reference.
---
 lasso/id-ff/server.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

(limited to 'lasso')

diff --git a/lasso/id-ff/server.c b/lasso/id-ff/server.c
index 98f1b88b..b3ced080 100644
--- a/lasso/id-ff/server.c
+++ b/lasso/id-ff/server.c
@@ -799,14 +799,8 @@ lasso_server_load_metadata(LassoServer *server, LassoProviderRole role, const gc
 	root = xmlDocGetRootElement(doc);
 	if (trusted_roots) {
 		/* check metadata file signature */
-		lasso_check_good_rc(lasso_verify_signature(root, doc, NULL, keys_mngr, NULL,
+		lasso_check_good_rc(lasso_verify_signature(root, doc, "ID", keys_mngr, NULL,
 					EMPTY_URI, &uri_references));
-		if (! uri_references || uri_references->next != NULL || !
-				lasso_strisequal(uri_references->data, "")) {
-			warning("lasso_server_load_federation: metadata signature check failed, it"
-					" does not sign the complete file");
-			goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
-		}
 	}
 	if (lasso_strisequal((char*)root->ns->href, LASSO_SAML2_METADATA_HREF)) {
 		lasso_check_good_rc(lasso_saml20_server_load_federation(server, role, root, blacklisted_entity_ids, loaded_entity_ids));
-- 
cgit