[xmltooling] 14/24: Convert signature transform checks into dymamic casts.

Etienne Dysli Metref edm-guest at moszumanska.debian.org
Fri Jan 12 15:53:57 UTC 2018 

This is an automated email from the git hooks/post-receive script.

edm-guest pushed a commit to branch master
in repository xmltooling.

commit 17b2c6db9d442ddf9391737c0c81bb8f3f663765
Author: Scott Cantor <cantor.2 at osu.edu>
Date:   Tue Dec 12 22:33:02 2017 -0500

    Convert signature transform checks into dymamic casts.
---
 xmltooling/util/ReloadableXMLFile.cpp | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/xmltooling/util/ReloadableXMLFile.cpp b/xmltooling/util/ReloadableXMLFile.cpp
index 1d9146e..3e0ae89 100644
--- a/xmltooling/util/ReloadableXMLFile.cpp
+++ b/xmltooling/util/ReloadableXMLFile.cpp
@@ -59,6 +59,8 @@
 #ifndef XMLTOOLING_LITE
 # include <xsec/dsig/DSIGReference.hpp>
 # include <xsec/dsig/DSIGTransformList.hpp>
+# include <xsec/dsig/DSIGTransformEnvelope.hpp>
+# include <xsec/dsig/DSIGTransformC14n.hpp>
 using namespace xmlsignature;
 #endif
 
@@ -560,29 +562,31 @@ void ReloadableXMLFile::preserveCacheTag()
 
 void ReloadableXMLFile::validateSignature(Signature& sigObj) const
 {
-    DSIGSignature* sig=sigObj.getXMLSignature();
+    const DSIGSignature* sig=sigObj.getXMLSignature();
     if (!sig)
         throw XMLSecurityException("Signature does not exist yet.");
 
     // Make sure the whole document was signed.
     bool valid=false;
-    DSIGReferenceList* refs=sig->getReferenceList();
+    const DSIGReferenceList* refs=sig->getReferenceList();
     if (refs && refs->getSize()==1) {
-        DSIGReference* ref=refs->item(0);
+        const DSIGReference* ref=refs->item(0);
         if (ref) {
             const XMLCh* URI=ref->getURI();
             if (URI==nullptr || *URI==0) {
-                DSIGTransformList* tlist=ref->getTransforms();
+                const DSIGTransformList* tlist=ref->getTransforms();
                 if (tlist->getSize() <= 2) { 
                     for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
-                        if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
+                        const DSIGTransform* t = tlist->item(i);
+                        if (dynamic_cast<const DSIGTransformEnvelope*>(t)) {
                             valid=true;
-                        else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
-                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N &&
-                                 tlist->item(i)->getTransformType()!=TRANSFORM_C14N11
-                                 ) {
-                            valid=false;
-                            break;
+                        }
+                        else {
+                            const DSIGTransformC14n* ct = dynamic_cast<const DSIGTransformC14n*>(t);
+                            if (!ct || ct->getCanonicalizationMethod() == CANON_NONE) {
+                                valid = false;
+                                break;
+                            }
                         }
                     }
                 }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/xmltooling.git

More information about the Pkg-shibboleth-devel mailing list