/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
#include "internal.h"
-#include "Application.h"
#include "exceptions.h"
+#include "Application.h"
#include "ServiceProvider.h"
+#include "SPRequest.h"
#include "handler/AbstractHandler.h"
#include "handler/RemotedHandler.h"
#include "util/SPConstants.h"
#ifndef SHIBSP_LITE
# include "security/SecurityPolicy.h"
+# include <saml/exceptions.h>
# include <saml/SAMLConfig.h>
# include <saml/binding/ArtifactMap.h>
# include <saml/binding/MessageEncoder.h>
using namespace opensaml::saml2md;
using namespace opensaml::saml2p;
using namespace opensaml::saml2;
+using namespace opensaml;
using namespace samlconstants;
#endif
using namespace shibspconstants;
using namespace shibsp;
-using namespace opensaml;
using namespace soap11;
using namespace xmltooling;
using namespace std;
const char* getType() const {
return "ArtifactResolutionService";
}
+
+ void generateMetadata(SPSSODescriptor& role, const char* handlerURL) const {
+ // Initial guess at index to use.
+ pair<bool,unsigned int> ix = pair<bool,unsigned int>(false,0);
+ if (!strncmp(handlerURL, "https", 5))
+ ix = getUnsignedInt("sslIndex", shibspconstants::ASCII_SHIB2SPCONFIG_NS);
+ if (!ix.first)
+ ix = getUnsignedInt("index");
+ if (!ix.first)
+ ix.second = 1;
+
+ // Find maximum index in use and go one higher.
+ const vector<ArtifactResolutionService*>& services = const_cast<const SPSSODescriptor&>(role).getArtifactResolutionServices();
+ if (!services.empty() && ix.second <= services.back()->getIndex().second)
+ ix.second = services.back()->getIndex().second + 1;
+
+ const char* loc = getString("Location").second;
+ string hurl(handlerURL);
+ if (*loc != '/')
+ hurl += '/';
+ hurl += loc;
+ auto_ptr_XMLCh widen(hurl.c_str());
+
+ ArtifactResolutionService* ep = ArtifactResolutionServiceBuilder::buildArtifactResolutionService();
+ ep->setLocation(widen.get());
+ ep->setBinding(getXMLString("Binding").second);
+ ep->setIndex(ix.second);
+ role.getArtifactResolutionServices().push_back(ep);
+ }
#endif
private:
pair<bool,long> processMessage(const Application& application, HTTPRequest& httpRequest, HTTPResponse& httpResponse) const;
#ifndef SHIBSP_LITE
- pair<bool,long> samlError(
- const Application& app,
- const ArtifactResolve& request,
- HTTPResponse& httpResponse,
- const EntityDescriptor* recipient,
- const XMLCh* code,
- const XMLCh* subcode=NULL,
- const char* msg=NULL
+ pair<bool,long> emptyResponse(
+ const Application& app, const ArtifactResolve& request, HTTPResponse& httpResponse, const EntityDescriptor* recipient
) const;
MessageEncoder* m_encoder;
MessageDecoder* m_decoder;
- QName m_role;
+ xmltooling::QName m_role;
#endif
};
getString("Binding").second,pair<const DOMElement*,const XMLCh*>(e,NULL)
);
}
- catch (exception& ex) {
+ catch (exception&) {
m_log.error("error building MessageEncoder/Decoder pair for binding (%s)", getString("Binding").second);
delete m_encoder;
delete m_decoder;
try {
auto_ptr_char artifact(req->getArtifact() ? req->getArtifact()->getArtifact() : NULL);
if (!artifact.get() || !*artifact.get())
- return samlError(application, *req, httpResponse, entity, StatusCode::REQUESTER, NULL, "Request did not contain an artifact to resolve.");
+ return emptyResponse(application, *req, httpResponse, entity);
auto_ptr_char issuer(policy.getIssuer() ? policy.getIssuer()->getName() : NULL);
m_log.info("resolving artifact (%s) for (%s)", artifact.get(), issuer.get() ? issuer.get() : "unknown");
if (!policy.isAuthenticated()) {
m_log.error("request for artifact was unauthenticated, purging the artifact mapping");
- return samlError(application, *req, httpResponse, entity, StatusCode::REQUESTER, StatusCode::AUTHN_FAILED, "Unable to authenticate request.");
+ return emptyResponse(application, *req, httpResponse, entity);
}
m_log.debug("artifact resolved, preparing response");
return make_pair(true,ret);
}
catch (exception& ex) {
- // Trap localized errors in a SAML Response.
- m_log.error("error processing artifact request, returning SAML error: %s", ex.what());
- return samlError(application, *req, httpResponse, entity, StatusCode::RESPONDER, NULL, ex.what());
+ // Trap localized errors.
+ m_log.error("error processing artifact request: %s", ex.what());
+ return emptyResponse(application, *req, httpResponse, entity);
}
#else
return make_pair(false,0L);
}
#ifndef SHIBSP_LITE
-pair<bool,long> SAML2ArtifactResolution::samlError(
- const Application& app,
- const ArtifactResolve& request,
- HTTPResponse& httpResponse,
- const EntityDescriptor* recipient,
- const XMLCh* code,
- const XMLCh* subcode,
- const char* msg
+pair<bool,long> SAML2ArtifactResolution::emptyResponse(
+ const Application& app, const ArtifactResolve& request, HTTPResponse& httpResponse, const EntityDescriptor* recipient
) const
{
auto_ptr<ArtifactResponse> resp(ArtifactResponseBuilder::buildArtifactResponse());
resp->setInResponseTo(request.getID());
Issuer* me = IssuerBuilder::buildIssuer();
me->setName(app.getRelyingParty(recipient)->getXMLString("entityID").second);
- fillStatus(*resp.get(), code, subcode, msg);
+ fillStatus(*resp.get(), StatusCode::SUCCESS);
long ret = m_encoder->encode(httpResponse, resp.get(), NULL);
resp.release(); // freed by encoder
return make_pair(true,ret);