X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1SOAPClient.cpp;h=bcd76c10514c20b51b8d63a5b7737ff827d612b4;hb=79a4c41067afcfa75eb82aa3c49ba3573640b0bd;hp=69bbf008c10891fc5f2885ea86815de17af159d1;hpb=2cf60ce131535beae932489d2d1e3d2355799061;p=shibboleth%2Fopensaml2.git diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index 69bbf00..bcd76c1 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -37,49 +37,53 @@ using namespace xmltooling; using namespace log4cpp; using namespace std; -void SAML1SOAPClient::sendSAML(Request* request, const RoleDescriptor& peer, const char* endpoint) +void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint) { - Envelope* env = EnvelopeBuilder::buildEnvelope(); + auto_ptr env(EnvelopeBuilder::buildEnvelope()); Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(request); - try { - send(env, peer, endpoint); - m_correlate = XMLString::replicate(request->getRequestID()); - delete env; - } - catch (XMLToolingException&) { - // A bit weird...we have to "revert" things so that the request is isolated - // so the caller can free it. - request->getParent()->detach(); - request->detach(); - throw; - } + m_soaper.send(*env.get(), peer, endpoint); + m_correlate = XMLString::replicate(request->getRequestID()); } Response* SAML1SOAPClient::receiveSAML() { - auto_ptr env(receive()); + auto_ptr env(m_soaper.receive()); if (env.get()) { Body* body = env->getBody(); if (body && body->hasChildren()) { // Check for SAML Response. Response* response = dynamic_cast(body->getUnknownXMLObjects().front()); if (response) { - + // Check InResponseTo. - if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo())) - throw BindingException("InResponseTo attribute did not correlate with the Request ID."); + if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo())) + throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID."); + + m_soaper.getPolicy().evaluate(*response); + + if (!m_soaper.getPolicy().isSecure()) { + SecurityPolicyException ex("Security policy could not authenticate the message."); + if (m_soaper.getPolicy().getIssuerMetadata()) + annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it + else + ex.raise(); + } // Check Status. Status* status = response->getStatus(); if (status) { const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL; - if (code && *code != StatusCode::SUCCESS && handleError(*status)) - throw BindingException("SAML Response contained an error."); + if (code && *code != StatusCode::SUCCESS && handleError(*status)) { + BindingException ex("SAML Response contained an error."); + if (m_soaper.getPolicy().getIssuerMetadata()) + annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it + else + ex.raise(); + } } - m_policy.evaluate(*response); env.release(); body->detach(); // frees Envelope response->detach(); // frees Body @@ -87,7 +91,11 @@ Response* SAML1SOAPClient::receiveSAML() } } - throw BindingException("SOAP Envelope did not contain a SAML Response or a Fault."); + BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault."); + if (m_soaper.getPolicy().getIssuerMetadata()) + annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it + else + ex.raise(); } return NULL; } @@ -101,5 +109,5 @@ bool SAML1SOAPClient::handleError(const Status& status) (code ? code->toString().c_str() : "no code"), (str.get() ? str.get() : "no message") ); - return true; + return m_fatal; }