Extra validation for signature

oharsta · oharsta · commit 328e8081f3b2 · 2023-12-19T13:28:07.000+01:00
diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
 
     <groupId>org.openconext</groupId>
     <artifactId>saml-idp</artifactId>
-    <version>0.0.8-SNAPSHOT</version>
+    <version>1.0.0</version>
     <name>saml-idp</name>
 
     <properties>
diff --git a/src/main/java/saml/DefaultSAMLService.java b/src/main/java/saml/DefaultSAMLService.java
@@ -174,7 +174,10 @@ private void validateSignature(SignableSAMLObject target, Credential credential,
                 throw new SignatureException("Signature element not found.");
             }
         } else {
+            //The docs state that implementations of SignaturePrevalidator do NOT perform the actual cryptographic validation of the signature against key material.
             this.samlSignatureProfileValidator.validate(signature);
+            //For the actual cryptographic validation.
+            SignatureValidator.validate(signature, credential);
         }
     }
 

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,10 @@ private void validateSignature(SignableSAMLObject target, Credential credential,`
`174`	`174`	`throw new SignatureException("Signature element not found.");`
`175`	`175`	`}`
`176`	`176`	`} else {`
	`177`	`+ //The docs state that implementations of SignaturePrevalidator do NOT perform the actual cryptographic validation of the signature against key material.`
`177`	`178`	`this.samlSignatureProfileValidator.validate(signature);`
	`179`	`+ //For the actual cryptographic validation.`
	`180`	`+ SignatureValidator.validate(signature, credential);`
`178`	`181`	`}`
`179`	`182`	`}`
`180`	`183`