X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2RedirectDecoder.cpp;h=6d6ce6d8b5cc28c35c81b366e831bbb1115f927b;hb=38463f7d414fe51baa470750e15286abb3e00ad7;hp=c5a78a96e4aafe7130fa5a2505890e955fd44225;hpb=9dd4e5ff67983ff0507d702066a33e8b0ec26a92;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp index c5a78a9..6d6ce6d 100644 --- a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp +++ b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp @@ -1,6 +1,6 @@ /* * Copyright 2001-2007 Internet2 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,21 +16,21 @@ /** * SAML2RedirectDecoder.cpp - * + * * SAML 2.0 HTTP Redirect binding message encoder */ #include "internal.h" #include "exceptions.h" -#include "binding/HTTPRequest.h" -#include "binding/MessageDecoder.h" +#include "saml2/binding/SAML2MessageDecoder.h" #include "saml2/binding/SAML2Redirect.h" #include "saml2/core/Protocols.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/MetadataProvider.h" -#include #include +#include +#include #include #include @@ -39,28 +39,28 @@ using namespace opensaml::saml2p; using namespace opensaml::saml2; using namespace opensaml; using namespace xmlsignature; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { - namespace saml2p { - class SAML_DLLLOCAL SAML2RedirectDecoder : public MessageDecoder + namespace saml2p { + class SAML_DLLLOCAL SAML2RedirectDecoder : public SAML2MessageDecoder { public: - SAML2RedirectDecoder(const DOMElement* e) {} + SAML2RedirectDecoder() {} virtual ~SAML2RedirectDecoder() {} - + xmltooling::XMLObject* decode( std::string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy ) const; - }; + }; - MessageDecoder* SAML_DLLLOCAL SAML2RedirectDecoderFactory(const DOMElement* const & e) + MessageDecoder* SAML_DLLLOCAL SAML2RedirectDecoderFactory(const pair& p) { - return new SAML2RedirectDecoder(e); + return new SAML2RedirectDecoder(); } }; }; @@ -78,17 +78,13 @@ XMLObject* SAML2RedirectDecoder::decode( log.debug("validating input"); const HTTPRequest* httpRequest=dynamic_cast(&genericRequest); - if (!httpRequest) { - log.error("unable to cast request to HTTPRequest type"); - return NULL; - } - if (strcmp(httpRequest->getMethod(),"GET")) - return NULL; + if (!httpRequest) + throw BindingException("Unable to cast request object to HTTPRequest type."); const char* msg = httpRequest->getParameter("SAMLResponse"); if (!msg) msg = httpRequest->getParameter("SAMLRequest"); if (!msg) - return NULL; + throw BindingException("Request missing SAMLRequest or SAMLResponse query string parameter."); const char* state = httpRequest->getParameter("RelayState"); if (state) relayState = state; @@ -97,25 +93,33 @@ XMLObject* SAML2RedirectDecoder::decode( state = httpRequest->getParameter("SAMLEncoding"); if (state && strcmp(state,samlconstants::SAML20_BINDING_URL_ENCODING_DEFLATE)) { log.warn("SAMLEncoding (%s) was not recognized", state); - return NULL; + throw BindingException("Unsupported SAMLEncoding value."); } // Decode the compressed message into SAML. First we base64-decode it. - unsigned int x; + xsecsize_t x; XMLByte* decoded=Base64::decode(reinterpret_cast(msg),&x); if (!decoded) throw BindingException("Unable to decode base64 in Redirect binding message."); - + // Now we have to inflate it. stringstream s; - if (inflate((char*)decoded, x, s)==0) { + if (inflate(reinterpret_cast(decoded), x, s)==0) { +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE XMLString::release(&decoded); +#else + XMLString::release((char**)&decoded); +#endif throw BindingException("Unable to inflate Redirect binding message."); } if (log.isDebugEnabled()) log.debug("decoded SAML message:\n%s", s.str().c_str()); +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE XMLString::release(&decoded); - +#else + XMLString::release((char**)&decoded); +#endif + // Parse and bind the document into an XMLObject. DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser() : XMLToolingConfig::getConfig().getParser()).parse(s); @@ -135,22 +139,24 @@ XMLObject* SAML2RedirectDecoder::decode( else { root = static_cast(request); } - + if (!policy.getValidating()) - SchemaValidators.validate(xmlObject.get()); - + SchemaValidators.validate(root); + // Run through the policy. + extractMessageDetails(*root, genericRequest, samlconstants::SAML20P_NS, policy); policy.evaluate(*root, &genericRequest); // Check destination URL. auto_ptr_char dest(request ? request->getDestination() : response->getDestination()); const char* dest2 = httpRequest->getRequestURL(); + const char* delim = strchr(dest2, '?'); if ((root->getSignature() || httpRequest->getParameter("Signature")) && (!dest.get() || !*(dest.get()))) { log.error("signed SAML message missing Destination attribute"); throw BindingException("Signed SAML message missing Destination attribute identifying intended destination."); } - else if (dest.get() && (!dest2 || !*dest2 || strcmp(dest.get(),dest2))) { - log.error("Redirect targeted at (%s), but delivered to (%s)", dest.get(), dest2 ? dest2 : "none"); + else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2)))) { + log.error("Redirect targeted at (%s), but delivered to (%s)", dest.get(), dest2); throw BindingException("SAML message delivered with Redirect to incorrect server URL."); }