[hotfix] disable XML signature validation until crypto-lib issues res…

…olved
eXist-db · Jun 25, 2021 · 9c43d19 · 9c43d19
1 parent a250059
commit 9c43d19
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -5,10 +5,12 @@
 
 # Current Version
 
-Version 1.6.2 (Jun 25 2021)
+Version 1.6.3 (Jun 25 2021)
 
 ## New Features
 
 ## Fixes and Improvements
 
 * [bugfix] add missing doc to set password for user exsaml
+* [hotfix] disable XML signature validation until crypto-lib issues resolved
+  Code that references a currently undefined crypto-lib function commented out
diff --git a/VERSION.txt b/VERSION.txt
@@ -1 +1 @@
-1.6.2
+1.6.3
diff --git a/build.properties.xml b/build.properties.xml
@@ -3,7 +3,7 @@
   <app>
     <name>existdb-saml</name>
     <description>SAML implementation for existdb</description>
-    <version>1.6.2</version>
+    <version>1.6.3</version>
     <url>http://exist-db.org/xquery/exsaml</url>
     <status>beta</status>
     <permissions>rwxr-xr-x</permissions>

diff --git a/content/exsaml.xqm b/content/exsaml.xqm
@@ -270,8 +270,9 @@ declare %private function exsaml:validate-saml-response($resp as node()) {
         )
 
         (: verify response signature if present :)
-        else if (boolean($sig) and not(exsaml:verify-response-signature($sig))) then
-            <exsaml:funcret res="-4" msg="failed to verify response signature" />
+(: COMMENTED OUT until crypto-lib issues resolved :)
+(:        else if (boolean($sig) and not(exsaml:verify-response-signature($sig))) then :)
+(:            <exsaml:funcret res="-4" msg="failed to verify response signature" /> :)
 
         (: must contain at least one assertion :)
         else if (empty($as)) then (
@@ -313,8 +314,9 @@ declare %private function exsaml:validate-saml-assertion($assertion as item()) {
             )
 
             (: verify assertion signature if present :)
-            else if (boolean($sig) and not(exsaml:verify-assertion-signature($assertion))) then
-                <exsaml:funcret res="-10" msg="failed to verify assertion signature" />
+(: COMMENTED OUT until crypto-lib issues resolved :)
+(:            else if (boolean($sig) and not(exsaml:verify-assertion-signature($assertion))) then :)
+(:                <exsaml:funcret res="-10" msg="failed to verify assertion signature" /> :)
 
             (: maybe verify SubjectConfirmation/@Method :)