refactor: change XPath expression to exclude Signature inside Advice field

Author: giuseppe-gangemi

src/oneid/oneid-ecs-core/src/main/java/it/pagopa/oneid/service/config/SAMLNamespaceContext.java

@@ -12,9 +12,9 @@ public String getNamespaceURI(String prefix) {
       throw new NullPointerException("Null prefix is not allowed.");
     }
     switch (prefix) {
-      case "samlp":
+      case "saml2p":
         return "urn:oasis:names:tc:SAML:2.0:protocol";
-      case "saml":
+      case "saml2":
         return "urn:oasis:names:tc:SAML:2.0:assertion";
       case "ds":
         return "http://www.w3.org/2000/09/xmldsig#";

src/oneid/oneid-ecs-core/src/main/java/it/pagopa/oneid/service/utils/SAMLUtilsExtendedCore.java

@@ -220,10 +220,11 @@ private Response unmarshallResponse(byte[] decodedSamlResponse) throws OneIdenti
 
   private void checkNoMultipleSignatures(Document doc) throws XPathExpressionException {
     XPath xPath = XPathFactory.newInstance().newXPath();
-    // Set the namespace context to handle prefixes like 'samlp', 'saml', and 'ds'
+    // Set the namespace context to handle prefixes like 'saml2p', 'saml2', and 'ds'
     xPath.setNamespaceContext(new SAMLNamespaceContext());
 
-    String expression = "count(.//ds:Signature)";
+    //In case of "Advice" field inside the Response, we do not consider the signatures inside it
+    String expression = "count(.//ds:Signature[not(ancestor::saml2:Advice)])";
     Double responseSignatureCount = (Double) xPath.compile(expression)
         .evaluate(doc, XPathConstants.NUMBER);