From 328e8081f3b2cdbbef6a40648d840f8c2678edd0 Mon Sep 17 00:00:00 2001
From: Okke Harsta <oharsta@zilverline.com>
Date: Tue, 19 Dec 2023 13:28:07 +0100
Subject: [PATCH] Extra validation for signature

---
 pom.xml                                    | 2 +-
 src/main/java/saml/DefaultSAMLService.java | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 4b19322..4bd5014 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 
     <groupId>org.openconext</groupId>
     <artifactId>saml-idp</artifactId>
-    <version>0.0.8-SNAPSHOT</version>
+    <version>1.0.0</version>
     <name>saml-idp</name>
 
     <properties>
diff --git a/src/main/java/saml/DefaultSAMLService.java b/src/main/java/saml/DefaultSAMLService.java
index a93a84b..7263ee0 100644
--- a/src/main/java/saml/DefaultSAMLService.java
+++ b/src/main/java/saml/DefaultSAMLService.java
@@ -174,7 +174,10 @@ private void validateSignature(SignableSAMLObject target, Credential credential,
                 throw new SignatureException("Signature element not found.");
             }
         } else {
+            //The docs state that implementations of SignaturePrevalidator do NOT perform the actual cryptographic validation of the signature against key material.
             this.samlSignatureProfileValidator.validate(signature);
+            //For the actual cryptographic validation.
+            SignatureValidator.validate(signature, credential);
         }
     }