X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2ArtifactDecoder.cpp;h=b58d3565a8b68776fdd923bbfc58c8c62aca0cb8;hb=19779e1afa0a1a75bab7fc6c2c65de7b9ddb5a79;hp=c5f92092ad5860775f5a5ca96576d945cc3f8b27;hpb=7ee9ff757b17337fcc89c61032dd6b51b337a927;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
index c5f9209..b58d356 100644
--- a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
@@ -1,6 +1,6 @@
 /*
- *  Copyright 2001-2007 Internet2
- * 
+ *  Copyright 2001-2010 Internet2
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -16,12 +16,13 @@
 
 /**
  * SAML2ArtifactDecoder.cpp
- * 
- * SAML 2.0 Artifact binding message decoder
+ *
+ * SAML 2.0 Artifact binding message decoder.
  */
 
 #include "internal.h"
 #include "exceptions.h"
+#include "binding/SecurityPolicy.h"
 #include "saml2/binding/SAML2Artifact.h"
 #include "saml2/binding/SAML2MessageDecoder.h"
 #include "saml2/core/Protocols.h"
@@ -29,6 +30,7 @@
 #include "saml2/metadata/MetadataProvider.h"
 
 #include <xmltooling/logging.h>
+#include <xmltooling/XMLToolingConfig.h>
 #include <xmltooling/io/HTTPRequest.h>
 #include <xmltooling/util/NDC.h>
 #include <xmltooling/util/ReplayCache.h>
@@ -42,19 +44,19 @@ using namespace xmltooling;
 using namespace std;
 
 namespace opensaml {
-    namespace saml2p {              
+    namespace saml2p {
         class SAML_DLLLOCAL SAML2ArtifactDecoder : public SAML2MessageDecoder
         {
         public:
             SAML2ArtifactDecoder() {}
             virtual ~SAML2ArtifactDecoder() {}
-            
+
             xmltooling::XMLObject* decode(
                 std::string& relayState,
                 const GenericRequest& genericRequest,
                 SecurityPolicy& policy
                 ) const;
-        };                
+        };
 
         MessageDecoder* SAML_DLLLOCAL SAML2ArtifactDecoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
         {
@@ -89,14 +91,14 @@ XMLObject* SAML2ArtifactDecoder::decode(
         throw BindingException("Artifact binding requires ArtifactResolver and MetadataProvider implementations be supplied.");
 
     // Import the artifact.
-    SAMLArtifact* artifact=NULL;
+    SAMLArtifact* artifact=nullptr;
     try {
         log.debug("processing encoded artifact (%s)", SAMLart);
-        
+
         // Check replay.
         ReplayCache* replayCache = XMLToolingConfig::getConfig().getReplayCache();
         if (replayCache) {
-            if (!replayCache->check("SAML2Artifact", SAMLart, time(NULL) + (2*XMLToolingConfig::getConfig().clock_skew_secs))) {
+            if (!replayCache->check("SAML2Artifact", SAMLart, time(nullptr) + (2*XMLToolingConfig::getConfig().clock_skew_secs))) {
                 log.error("replay detected of artifact (%s)", SAMLart);
                 throw BindingException("Rejecting replayed artifact ($1).", params(1,SAMLart));
             }
@@ -110,16 +112,20 @@ XMLObject* SAML2ArtifactDecoder::decode(
         log.error("error parsing artifact (%s)", SAMLart);
         throw;
     }
-    
+
     // Check the type.
     auto_ptr<SAML2Artifact> artifact2(dynamic_cast<SAML2Artifact*>(artifact));
     if (!artifact2.get()) {
-        throw BindingException("Artifact binding requires SAML 2.0 artifact.");
         delete artifact;
+        log.error("wrong artifact type");
+        throw BindingException("Artifact binding requires SAML 2.0 artifact.");
     }
-    
+
     log.debug("attempting to determine source of artifact...");
-    MetadataProvider::Criteria mc(artifact, policy.getRole(), samlconstants::SAML20P_NS);
+    MetadataProvider::Criteria& mc = policy.getMetadataProviderCriteria();
+    mc.artifact = artifact;
+    mc.role = policy.getRole();
+    mc.protocol = samlconstants::SAML20P_NS;
     pair<const EntityDescriptor*,const RoleDescriptor*> provider=policy.getMetadataProvider()->getEntityDescriptor(mc);
     if (!provider.first) {
         log.error(
@@ -128,7 +134,7 @@ XMLObject* SAML2ArtifactDecoder::decode(
             );
         throw BindingException("Metadata lookup failed, unable to determine artifact issuer.");
     }
-    
+
     if (log.isDebugEnabled()) {
         auto_ptr_char issuer(provider.first->getEntityID());
         log.debug("lookup succeeded, artifact issued by (%s)", issuer.get());
@@ -141,23 +147,27 @@ XMLObject* SAML2ArtifactDecoder::decode(
     // Set issuer into policy.
     policy.setIssuer(provider.first->getEntityID());
     policy.setIssuerMetadata(provider.second);
-    
+
     log.debug("calling ArtifactResolver...");
     auto_ptr<ArtifactResponse> response(
         m_artifactResolver->resolve(*(artifact2.get()), dynamic_cast<const SSODescriptorType&>(*provider.second), policy)
         );
-    
+
     // The policy should be enforced against the ArtifactResponse by the resolve step.
     // Reset only the message state.
     policy.reset(true);
 
     // Now extract details from the payload and check that message.
     XMLObject* payload = response->getPayload();
+    if (!payload) {
+        log.error("ArtifactResponse message did not contain a protocol message");
+        throw BindingException("ArtifactResponse message did not contain a protocol message.");
+    }
     extractMessageDetails(*payload, genericRequest, samlconstants::SAML20P_NS, policy);
     policy.evaluate(*payload, &genericRequest);
 
     // Return the payload only.
     response.release();
-    payload->detach(); 
+    payload->detach();
     return payload;
 }