[server] in lasso_server_load_metadata do not duplicate checks already made by lasso_verify_signature
lasso_verify_signature already checks that reference is to the given signed node, be it referenced through an ID or through an empty reference.
This commit is contained in:
parent
6477d6043c
commit
31a623aeee
|
@ -799,14 +799,8 @@ lasso_server_load_metadata(LassoServer *server, LassoProviderRole role, const gc
|
|||
root = xmlDocGetRootElement(doc);
|
||||
if (trusted_roots) {
|
||||
/* check metadata file signature */
|
||||
lasso_check_good_rc(lasso_verify_signature(root, doc, NULL, keys_mngr, NULL,
|
||||
lasso_check_good_rc(lasso_verify_signature(root, doc, "ID", keys_mngr, NULL,
|
||||
EMPTY_URI, &uri_references));
|
||||
if (! uri_references || uri_references->next != NULL || !
|
||||
lasso_strisequal(uri_references->data, "")) {
|
||||
warning("lasso_server_load_federation: metadata signature check failed, it"
|
||||
" does not sign the complete file");
|
||||
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
|
||||
}
|
||||
}
|
||||
if (lasso_strisequal((char*)root->ns->href, LASSO_SAML2_METADATA_HREF)) {
|
||||
lasso_check_good_rc(lasso_saml20_server_load_federation(server, role, root, blacklisted_entity_ids, loaded_entity_ids));
|
||||
|
|
Loading…
Reference in New Issue