Imported Upstream version 2.3+dfsg

[shibboleth/sp.git] / shibsp / binding / impl / SOAPClient.cpp

diff --git a/shibsp/binding/impl/SOAPClient.cpp b/shibsp/binding/impl/SOAPClient.cpp
index 656a2c8..e12f4f0 100644 (file)
--- a/shibsp/binding/impl/SOAPClient.cpp
+++ b/shibsp/binding/impl/SOAPClient.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,11 +22,16 @@
 
 #include "internal.h"
 #include "Application.h"
-#include "exceptions.h"
 #include "ServiceProvider.h"
 #include "binding/SOAPClient.h"
+#include "security/SecurityPolicy.h"
 
+#include <saml/exceptions.h>
 #include <saml/saml2/metadata/Metadata.h>
+#include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <saml/signature/ContentReference.h>
+#include <xmltooling/security/Credential.h>
+#include <xmltooling/signature/Signature.h>
 #include <xmltooling/soap/SOAP.h>
 #include <xmltooling/soap/HTTPSOAPTransport.h>
 #include <xmltooling/util/NDC.h>
@@ -38,12 +43,14 @@ using namespace xmltooling;
 using namespace std;
 
 SOAPClient::SOAPClient(SecurityPolicy& policy)
-    : opensaml::SOAPClient(policy), m_app(policy.getApplication()), m_settings(NULL), m_relyingParty(NULL), m_credResolver(NULL)
+    : opensaml::SOAPClient(policy), m_app(policy.getApplication()), m_relyingParty(NULL), m_credResolver(NULL)
 {
-    m_settings = m_app.getServiceProvider().getPolicySettings(m_app.getString("policyId").second);
-    pair<bool,bool> validate = m_settings->getBool("validate");
-    policy.setValidating(validate.first && validate.second);
-    setValidating(validate.first && validate.second);
+}
+
+SOAPClient::~SOAPClient()
+{
+    if (m_credResolver)
+        m_credResolver->unlock();
 }
 
 void SOAPClient::send(const soap11::Envelope& env, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
@@ -67,6 +74,7 @@ void SOAPClient::send(const soap11::Envelope& env, const char* from, MetadataCre
             // Reset criteria back.
             to.setKeyAlgorithm(NULL);
             to.setKeySize(0);
+            to.getKeyNames().clear();
 
             if (cred) {
                 // Check for message.
@@ -113,8 +121,7 @@ void SOAPClient::prepareTransport(SOAPTransport& transport)
     if ((!flag.first || flag.second) && !transport.isConfidential())
         throw opensaml::BindingException("Transport confidentiality required, but not available."); 
 
-    flag = m_settings->getBool("validate");
-    setValidating(flag.first && flag.second);
+    setValidating(getPolicy().getValidating());
     flag = m_relyingParty->getBool("requireTransportAuth");
     forceTransportAuthentication(!flag.first || flag.second);
 
@@ -133,6 +140,7 @@ void SOAPClient::prepareTransport(SOAPTransport& transport)
             if (authType.first)
                 m_criteria->getKeyNames().insert(authType.second);
             const Credential* cred = m_credResolver->resolve(m_criteria);
+            m_criteria->getKeyNames().clear();
             if (cred) {
                 if (!transport.setCredential(cred))
                     log.error("failed to load Credential into SOAPTransport");