X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1POSTEncoder.cpp;h=2db3d1471efb3cc9305899b0eaaf6a96bc5a9704;hb=04482c5c0e5fac5b688b0d23713526a15c51bd31;hp=f7c8ecd338d91c36670673b211d8458458580b6d;hpb=30060a96ad3a0a97d8a51328c92faa64f4302049;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
index f7c8ecd..2db3d14 100644
--- a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
+++ b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
@@ -1,23 +1,27 @@
-/*
- *  Copyright 2001-2007 Internet2
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
+ *
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
  */
 
 /**
  * SAML1POSTEncoder.cpp
  * 
- * SAML 1.x POST binding/profile message encoder
+ * SAML 1.x POST binding/profile message encoder.
  */
 
 #include "internal.h"
@@ -29,8 +33,13 @@
 #include <fstream>
 #include <sstream>
 #include <xercesc/util/Base64.hpp>
+#include <xsec/framework/XSECDefs.hpp>
+#include <xmltooling/io/HTTPResponse.h>
 #include <xmltooling/logging.h>
+#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/signature/Signature.h>
 #include <xmltooling/util/NDC.h>
+#include <xmltooling/util/PathResolver.h>
 #include <xmltooling/util/TemplateEngine.h>
 
 using namespace opensaml::saml1p;
@@ -48,17 +57,21 @@ namespace opensaml {
         public:
             SAML1POSTEncoder(const DOMElement* e, const XMLCh* ns);
             virtual ~SAML1POSTEncoder() {}
-            
+
+            const XMLCh* getProtocolFamily() const {
+                return samlconstants::SAML11_PROTOCOL_ENUM;
+            }
+
             long encode(
                 GenericResponse& genericResponse,
                 XMLObject* xmlObject,
                 const char* destination,
-                const EntityDescriptor* recipient=NULL,
-                const char* relayState=NULL,
-                const ArtifactGenerator* artifactGenerator=NULL,
-                const Credential* credential=NULL,
-                const XMLCh* signatureAlg=NULL,
-                const XMLCh* digestAlg=NULL
+                const EntityDescriptor* recipient=nullptr,
+                const char* relayState=nullptr,
+                const ArtifactGenerator* artifactGenerator=nullptr,
+                const Credential* credential=nullptr,
+                const XMLCh* signatureAlg=nullptr,
+                const XMLCh* digestAlg=nullptr
                 ) const;
 
         protected:
@@ -76,14 +89,11 @@ namespace opensaml {
 static const XMLCh _template[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e);
 
 SAML1POSTEncoder::SAML1POSTEncoder(const DOMElement* e, const XMLCh* ns)
+    : m_template(XMLHelper::getAttrString(e, "bindingTemplate.html", _template, ns))
 {
-    if (e) {
-        auto_ptr_char t(e->getAttributeNS(ns, _template));
-        if (t.get() && *t.get())
-            m_template = t.get();
-    }
     if (m_template.empty())
         throw XMLToolingException("SAML1POSTEncoder requires template XML attribute.");
+    XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE);
 }
 
 long SAML1POSTEncoder::encode(
@@ -102,12 +112,12 @@ long SAML1POSTEncoder::encode(
     xmltooling::NDC ndc("encode");
 #endif
     Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1POST");
+    log.debug("validating input");
 
     TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine();
-    if (!engine)
-        throw BindingException("Encoding response using POST requires a TemplateEngine instance.");
-    
-    log.debug("validating input");
+    if (!engine || !destination)
+        throw BindingException("Encoding response using POST requires a TemplateEngine instance and a destination.");
+    HTTPResponse::sanitizeURL(destination);
     if (xmlObject->getParent())
         throw BindingException("Cannot encode XML content with parent.");
     Response* response = dynamic_cast<Response*>(xmlObject);
@@ -116,7 +126,7 @@ long SAML1POSTEncoder::encode(
     if (!relayState)
         throw BindingException("SAML 1.x POST Encoder requires relay state (TARGET) value.");
     
-    DOMElement* rootElement = NULL;
+    DOMElement* rootElement = nullptr;
     if (credential) {
         // Signature based on native XML signing.
         if (response->getSignature()) {
@@ -138,7 +148,7 @@ long SAML1POSTEncoder::encode(
     
             // Sign response while marshalling.
             vector<Signature*> sigs(1,sig);
-            rootElement = response->marshall((DOMDocument*)NULL,&sigs,credential);
+            rootElement = response->marshall((DOMDocument*)nullptr,&sigs,credential);
         }
     }
     else {
@@ -153,12 +163,16 @@ long SAML1POSTEncoder::encode(
     log.debug("marshalled response:\n%s", xmlbuf.c_str());
     
     // Replace with base-64 encoded version.
-    unsigned int len=0;
+    xsecsize_t len=0;
     XMLByte* out=Base64::encode(reinterpret_cast<const XMLByte*>(xmlbuf.data()),xmlbuf.size(),&len);
     if (out) {
         xmlbuf.erase();
         xmlbuf.append(reinterpret_cast<char*>(out),len);
+#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE
         XMLString::release(&out);
+#else
+        XMLString::release((char**)&out);
+#endif
     }
     else {
         throw BindingException("Base64 encoding of XML failed.");
@@ -174,6 +188,12 @@ long SAML1POSTEncoder::encode(
     stringstream s;
     engine->run(infile, s, pmap);
     genericResponse.setContentType("text/html");
+    HTTPResponse* httpResponse = dynamic_cast<HTTPResponse*>(&genericResponse);
+    if (httpResponse) {
+        httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT");
+        httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
+        httpResponse->setResponseHeader("Pragma", "no-cache");
+    }
     long ret = genericResponse.sendResponse(s);
 
     // Cleanup by destroying XML.