From cc7aae18f1e4cde3d7585fbe1afe0d6c551de959 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 29 Oct 2009 07:06:17 +0000
Subject: [PATCH] SimpleSAML_Metadata_SAMLParser: Fix bug in signature
 validation.

The signature validation removes the signature element from the DOM
tree, which causes the metadata parsing to skip the DOM node following
the signature element. Normally this element would be a text node, but
it could also be a SSODescriptor-element.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1931 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Metadata/SAMLParser.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 73510ae24..49a41e974 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -1406,6 +1406,14 @@ class SimpleSAML_Metadata_SAMLParser {
 		$entityDescriptor = $element->parentNode;
 		assert('$entityDescriptor instanceof DOMElement');
 
+		/*
+		 * Make a copy of the entity descriptor, so that the validator can
+		 * change the DOM tree in any way it wants.
+		 */
+		$doc = new DOMDocument();
+		$entityDescriptor = $doc->importNode($entityDescriptor, TRUE);
+		$doc->appendChild($entityDescriptor);
+
 		/* Attempt to check the signature. */
 		try {
 			$validator = new SimpleSAML_XML_Validator($entityDescriptor, 'ID');
-- 
GitLab