X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fbinding%2Fimpl%2FSOAPClient.cpp;h=9345e66385ac2d191cd8e2827d4b2ef540f59ed9;hb=f1208cd2f514700244816377443c4951dc22c848;hp=2a6261e63b6016bbdc2a0a4e4b816f9f39c4fcb4;hpb=730ef8006d0bdf6a6d111e416b8828c02f58fc32;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/binding/impl/SOAPClient.cpp b/saml/binding/impl/SOAPClient.cpp index 2a6261e..9345e66 100644 --- a/saml/binding/impl/SOAPClient.cpp +++ b/saml/binding/impl/SOAPClient.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -23,13 +27,16 @@ #include "internal.h" #include "exceptions.h" #include "version.h" +#include "binding/SecurityPolicy.h" #include "binding/SOAPClient.h" #include "saml2/metadata/Metadata.h" +#include "saml2/metadata/MetadataCredentialCriteria.h" #include "saml2/metadata/MetadataProvider.h" #include #include #include +#include using namespace opensaml::saml2; using namespace opensaml::saml2md; @@ -37,30 +44,58 @@ using namespace opensaml; using namespace xmltooling; using namespace std; -void SOAPClient::send(const soap11::Envelope* env, const KeyInfoSource& peer, const char* endpoint) +SOAPClient::SOAPClient(SecurityPolicy& policy) + : soap11::SOAPClient(policy.getValidating()), m_policy(policy), m_force(true), m_peer(nullptr), m_criteria(nullptr) +{ +} + +SOAPClient::~SOAPClient() +{ +} + +void SOAPClient::forceTransportAuthentication(bool force) +{ + m_force = force; +} + +void SOAPClient::send(const soap11::Envelope& env, const char* from, MetadataCredentialCriteria& to, const char* endpoint) { // Clear policy. m_policy.reset(); + + m_criteria = &to; + m_peer = &(to.getRole()); - m_peer = dynamic_cast(&peer); - - soap11::SOAPClient::send(env, peer, endpoint); + const xmltooling::QName& role = m_peer->getElementQName(); + if (XMLString::equals(role.getLocalPart(),RoleDescriptor::LOCAL_NAME)) + m_policy.setRole(m_peer->getSchemaType()); + else + m_policy.setRole(&role); + + // Establish the "expected" issuer identity. + const XMLCh* entityID = dynamic_cast(m_peer->getParent())->getEntityID(); + m_policy.setIssuer(entityID); + if (!m_policy.getIssuerMetadata()) + m_policy.setIssuerMetadata(m_peer); + + // Call the base class. + auto_ptr_char pn(entityID); + soap11::SOAPClient::send(env, SOAPTransport::Address(from, pn.get(), endpoint)); } -void SOAPClient::prepareTransport(const xmltooling::SOAPTransport& transport) +void SOAPClient::prepareTransport(xmltooling::SOAPTransport& transport) { - const HTTPSOAPTransport* http = dynamic_cast(&transport); + HTTPSOAPTransport* http = dynamic_cast(&transport); if (http) { http->setRequestHeader("SOAPAction", "http://www.oasis-open.org/committees/security"); http->setRequestHeader("Xerces-C", XERCES_FULLVERSIONDOT); - http->setRequestHeader("XML-Security-C", XSEC_VERSION); + http->setRequestHeader("XML-Security-C", XSEC_FULLVERSIONDOT); http->setRequestHeader("OpenSAML-C", OPENSAML_FULLVERSIONDOT); } const X509TrustEngine* engine = dynamic_cast(m_policy.getTrustEngine()); if (engine) { - const MetadataProvider* metadata = m_policy.getMetadataProvider(); - if (!transport.setTrustEngine(engine, m_force, metadata ? metadata->getKeyResolver() : NULL)) + if (!transport.setTrustEngine(engine, m_policy.getMetadataProvider(), m_criteria, m_force)) throw BindingException("Unable to install X509TrustEngine into SOAPTransport."); } } @@ -69,17 +104,12 @@ soap11::Envelope* SOAPClient::receive() { auto_ptr env(soap11::SOAPClient::receive()); if (env.get()) { - if (m_peer && m_transport->isSecure()) { - // Set issuer based on peer identity. - EntityDescriptor* parent = dynamic_cast(m_peer->getParent()); - if (parent) { - Issuer* issuer = IssuerBuilder::buildIssuer(); - issuer->setName(parent->getEntityID()); - m_policy.setIssuer(issuer); - m_policy.setIssuerMetadata(m_peer); - m_policy.setSecure(true); - } + if (m_peer && m_transport->isAuthenticated()) { + // Set flag based on peer identity. + m_policy.setAuthenticated(true); } + + // Run policy against SOAP layer. m_policy.evaluate(*(env.get())); } return env.release(); @@ -87,8 +117,13 @@ soap11::Envelope* SOAPClient::receive() void SOAPClient::reset() { + m_criteria = nullptr; + m_peer = nullptr; soap11::SOAPClient::reset(); m_policy.reset(); - XMLString::release(&m_correlate); - m_correlate=NULL; +} + +SecurityPolicy& SOAPClient::getPolicy() const +{ + return m_policy; }