X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1SOAPClient.cpp;h=9a6527b8b28fcb65fe9bafa0841cd99afe4f719e;hb=819e0caf684df63378460e4cb00f2f7a38c9a5cf;hp=97114a0cbbcf0f0171abad594e8e94124c4be233;hpb=d7eb4ef6802be3fa338e482cef94a4d22a8ba881;p=shibboleth%2Fopensaml2.git diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index 97114a0..9a6527b 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -26,24 +26,24 @@ #include "saml1/core/Protocols.h" #include "saml2/metadata/Metadata.h" -#include +#include #include using namespace opensaml::saml1p; using namespace opensaml::saml2md; using namespace opensaml; using namespace soap11; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; -void SAML1SOAPClient::sendSAML(Request* request, const RoleDescriptor& peer, const char* endpoint) +void SAML1SOAPClient::sendSAML(Request* request, const char* from, MetadataCredentialCriteria& to, const char* endpoint) { auto_ptr env(EnvelopeBuilder::buildEnvelope()); Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(request); - m_soaper.send(*env.get(), peer, endpoint); + m_soaper.send(*env.get(), from, to, endpoint); m_correlate = XMLString::replicate(request->getRequestID()); } @@ -56,20 +56,40 @@ Response* SAML1SOAPClient::receiveSAML() // Check for SAML Response. Response* response = dynamic_cast(body->getUnknownXMLObjects().front()); if (response) { - + // Check InResponseTo. if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo())) - throw BindingException("InResponseTo attribute did not correlate with the Request ID."); + throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID."); + + m_soaper.getPolicy().reset(true); + pair minor = response->getMinorVersion(); + m_soaper.getPolicy().evaluate( + *response, + NULL, + (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM + ); + + if (!m_soaper.getPolicy().isSecure()) { + SecurityPolicyException ex("Security policy could not authenticate the message."); + if (m_soaper.getPolicy().getIssuerMetadata()) + annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it + else + ex.raise(); + } // Check Status. Status* status = response->getStatus(); if (status) { const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL; - if (code && *code != StatusCode::SUCCESS && handleError(*status)) - throw BindingException("SAML Response contained an error."); + if (code && *code != StatusCode::SUCCESS && handleError(*status)) { + BindingException ex("SAML Response contained an error."); + if (m_soaper.getPolicy().getIssuerMetadata()) + annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it + else + ex.raise(); + } } - m_soaper.getPolicy().evaluate(*response); env.release(); body->detach(); // frees Envelope response->detach(); // frees Body @@ -77,7 +97,11 @@ Response* SAML1SOAPClient::receiveSAML() } } - throw BindingException("SOAP Envelope did not contain a SAML Response or a Fault."); + BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault."); + if (m_soaper.getPolicy().getIssuerMetadata()) + annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it + else + ex.raise(); } return NULL; } @@ -91,5 +115,5 @@ bool SAML1SOAPClient::handleError(const Status& status) (code ? code->toString().c_str() : "no code"), (str.get() ? str.get() : "no message") ); - return true; + return m_fatal; }