X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1POSTDecoder.cpp;h=92a28b7e4a801233778f5d67be596a28af3671b2;hb=96437360be3fa1f0c182bdd13b54e00110e45f11;hp=bf3395e3d6da9a7f0ead00a6b5dc9da279440d2d;hpb=058cbd0d0333f2c1b019c9efc51293514ec799a2;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml1/binding/impl/SAML1POSTDecoder.cpp b/saml/saml1/binding/impl/SAML1POSTDecoder.cpp index bf3395e..92a28b7 100644 --- a/saml/saml1/binding/impl/SAML1POSTDecoder.cpp +++ b/saml/saml1/binding/impl/SAML1POSTDecoder.cpp @@ -22,14 +22,14 @@ #include "internal.h" #include "exceptions.h" -#include "binding/MessageDecoder.h" +#include "saml1/binding/SAML1MessageDecoder.h" #include "saml1/core/Assertions.h" #include "saml1/core/Protocols.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/MetadataProvider.h" -#include #include +#include #include #include #include @@ -38,16 +38,16 @@ using namespace opensaml::saml2md; using namespace opensaml::saml1p; using namespace opensaml::saml1; using namespace opensaml; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { namespace saml1p { - class SAML_DLLLOCAL SAML1POSTDecoder : public MessageDecoder + class SAML_DLLLOCAL SAML1POSTDecoder : public SAML1MessageDecoder { public: - SAML1POSTDecoder(const DOMElement* e) {} + SAML1POSTDecoder() {} virtual ~SAML1POSTDecoder() {} xmltooling::XMLObject* decode( @@ -57,9 +57,9 @@ namespace opensaml { ) const; }; - MessageDecoder* SAML_DLLLOCAL SAML1POSTDecoderFactory(const DOMElement* const & e) + MessageDecoder* SAML_DLLLOCAL SAML1POSTDecoderFactory(const pair& p) { - return new SAML1POSTDecoder(e); + return new SAML1POSTDecoder(); } }; }; @@ -77,16 +77,14 @@ XMLObject* SAML1POSTDecoder::decode( log.debug("validating input"); const HTTPRequest* httpRequest=dynamic_cast(&genericRequest); - if (!httpRequest) { - log.error("unable to cast request to HTTPRequest type"); - return NULL; - } + if (!httpRequest) + throw BindingException("Unable to cast request object to HTTPRequest type."); if (strcmp(httpRequest->getMethod(),"POST")) - return NULL; + throw BindingException("Invalid HTTP method ($1).", params(1, httpRequest->getMethod())); const char* samlResponse = httpRequest->getParameter("SAMLResponse"); const char* TARGET = httpRequest->getParameter("TARGET"); if (!samlResponse || !TARGET) - return NULL; + throw BindingException("Request missing SAMLResponse or TARGET parameters."); relayState = TARGET; // Decode the base64 into SAML. @@ -110,20 +108,29 @@ XMLObject* SAML1POSTDecoder::decode( throw BindingException("Decoded message was not a SAML 1.x Response."); if (!policy.getValidating()) - SchemaValidators.validate(xmlObject.get()); + SchemaValidators.validate(response); + + pair minor = response->getMinorVersion(); + extractMessageDetails( + *response, + genericRequest, + (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM, + policy + ); // Run through the policy. - policy.evaluate(*response, &genericRequest); + policy.evaluate(*response,&genericRequest); // Check recipient URL. auto_ptr_char recipient(response->getRecipient()); const char* recipient2 = httpRequest->getRequestURL(); + const char* delim = strchr(recipient2, '?'); if (!recipient.get() || !*(recipient.get())) { log.error("response missing Recipient attribute"); throw BindingException("SAML response did not contain Recipient attribute identifying intended destination."); } - else if (!recipient2 || !*recipient2 || strcmp(recipient.get(),recipient2)) { - log.error("POST targeted at (%s), but delivered to (%s)", recipient.get(), recipient2 ? recipient2 : "none"); + else if ((delim && strncmp(recipient.get(), recipient2, delim - recipient2)) || (!delim && strcmp(recipient.get(),recipient2))) { + log.error("POST targeted at (%s), but delivered to (%s)", recipient.get(), recipient2); throw BindingException("SAML message delivered with POST to incorrect server URL."); }