X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1SOAPClient.cpp;h=513eb7e63a713b7e1893df3a2a104e1934e222f2;hb=f1208cd2f514700244816377443c4951dc22c848;hp=bcd76c10514c20b51b8d63a5b7737ff827d612b4;hpb=db648eb8d96bd4414060b4a7a59da5a78749d98b;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index bcd76c1..513eb7e 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -1,17 +1,21 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** @@ -22,28 +26,39 @@ #include "internal.h" #include "exceptions.h" +#include "binding/SecurityPolicy.h" +#include "binding/SOAPClient.h" #include "saml1/binding/SAML1SOAPClient.h" #include "saml1/core/Protocols.h" #include "saml2/metadata/Metadata.h" -#include +#include #include using namespace opensaml::saml1p; using namespace opensaml::saml2md; using namespace opensaml; using namespace soap11; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; -void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint) +SAML1SOAPClient::SAML1SOAPClient(opensaml::SOAPClient& soaper, bool fatalSAMLErrors) : m_soaper(soaper), m_fatal(fatalSAMLErrors), m_correlate(nullptr) +{ +} + +SAML1SOAPClient::~SAML1SOAPClient() +{ + XMLString::release(&m_correlate); +} + +void SAML1SOAPClient::sendSAML(Request* request, const char* from, MetadataCredentialCriteria& to, const char* endpoint) { auto_ptr env(EnvelopeBuilder::buildEnvelope()); Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(request); - m_soaper.send(*env.get(), peer, endpoint); + m_soaper.send(*env.get(), from, to, endpoint); m_correlate = XMLString::replicate(request->getRequestID()); } @@ -61,20 +76,19 @@ Response* SAML1SOAPClient::receiveSAML() if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo())) throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID."); + m_soaper.getPolicy().reset(true); + + // Extract Response details and run policy against it. + // We don't pull Issuer out of any assertions because some profiles may permit + // alternate issuers at that layer. + m_soaper.getPolicy().setMessageID(response->getResponseID()); + m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch()); m_soaper.getPolicy().evaluate(*response); - if (!m_soaper.getPolicy().isSecure()) { - SecurityPolicyException ex("Security policy could not authenticate the message."); - if (m_soaper.getPolicy().getIssuerMetadata()) - annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it - else - ex.raise(); - } - // Check Status. Status* status = response->getStatus(); if (status) { - const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL; + const xmltooling::QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : nullptr; if (code && *code != StatusCode::SUCCESS && handleError(*status)) { BindingException ex("SAML Response contained an error."); if (m_soaper.getPolicy().getIssuerMetadata()) @@ -97,13 +111,13 @@ Response* SAML1SOAPClient::receiveSAML() else ex.raise(); } - return NULL; + return nullptr; } bool SAML1SOAPClient::handleError(const Status& status) { - const QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : NULL; - auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : NULL)); + const xmltooling::QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : nullptr; + auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : nullptr)); Category::getInstance(SAML_LOGCAT".SOAPClient").error( "SOAP client detected a SAML error: (%s) (%s)", (code ? code->toString().c_str() : "no code"),