X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2MessageRule.cpp;h=43e68eda15043b5c978c059951c5037d416c5999;hb=932cfaae2176c2eba1a9938dc420591a9551a7f3;hp=fc297cf2177c2c8cb310cd324b3705dee4f962b2;hpb=632fdee22ac4b756eaa3158217b9acd6c831e7be;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/saml2/binding/impl/SAML2MessageRule.cpp b/saml/saml2/binding/impl/SAML2MessageRule.cpp
index fc297cf..43e68ed 100644
--- a/saml/saml2/binding/impl/SAML2MessageRule.cpp
+++ b/saml/saml2/binding/impl/SAML2MessageRule.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,9 +15,9 @@
  */
 
 /**
- * SAML1MessageRule.cpp
+ * SAML2MessageRule.cpp
  * 
- * SAML 1.x message extraction rule
+ * SAML 2.0 message extraction rule
  */
 
 #include "internal.h"
@@ -45,34 +45,33 @@ namespace opensaml {
     }
 };
 
-bool SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
+void SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
 {
     Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.SAML2Message");
     
     const QName& q = message.getElementQName(); 
     policy.setMessageQName(&q);
     
+    if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20P_NS)) {
+        log.debug("not a SAML 2.0 protocol message");
+        return;
+    }
+
     try {
-        const opensaml::RootObject& samlRoot = dynamic_cast<const opensaml::RootObject&>(message);
+        const saml2::RootObject& samlRoot = dynamic_cast<const saml2::RootObject&>(message);
         policy.setMessageID(samlRoot.getID());
         policy.setIssueInstant(samlRoot.getIssueInstantEpoch());
 
-        if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20P_NS)) {
-            log.warn("not a SAML 2.0 protocol message");
-            throw BindingException("Message was not a recognized SAML 2.0 protocol element.");
-        }
-
         log.debug("extracting issuer from message");
-        const saml2::RootObject& saml2Root = dynamic_cast<const saml2::RootObject&>(samlRoot);
-        Issuer* issuer = saml2Root.getIssuer();
+        Issuer* issuer = samlRoot.getIssuer();
         if (issuer && issuer->getName()) {
             auto_ptr<Issuer> copy(issuer->cloneIssuer());
             policy.setIssuer(copy.get());
             copy.release();
         }
-        else {
+        else if (XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME)) {
             // No issuer in the message, so we have to try the Response approach. 
-            const vector<Assertion*>& assertions = dynamic_cast<const Response&>(saml2Root).getAssertions();
+            const vector<Assertion*>& assertions = dynamic_cast<const Response&>(samlRoot).getAssertions();
             if (!assertions.empty()) {
                 issuer = assertions.front()->getIssuer();
                 if (issuer && issuer->getName()) {
@@ -85,7 +84,7 @@ bool SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest*
 
         if (!policy.getIssuer()) {
             log.warn("issuer identity not extracted");
-            return false;
+            return;
         }
 
         if (log.isDebugEnabled()) {
@@ -96,7 +95,7 @@ bool SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest*
         if (policy.getMetadataProvider() && policy.getRole()) {
             if (policy.getIssuer()->getFormat() && !XMLString::equals(policy.getIssuer()->getFormat(), saml2::NameIDType::ENTITY)) {
                 log.warn("non-system entity issuer, skipping metadata lookup");
-                return false;
+                return;
             }
             
             log.debug("searching metadata for message issuer...");
@@ -104,23 +103,20 @@ bool SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest*
             if (!entity) {
                 auto_ptr_char temp(policy.getIssuer()->getName());
                 log.warn("no metadata found, can't establish identity of issuer (%s)", temp.get());
-                return false;
+                return;
             }
     
             log.debug("matched message issuer against metadata, searching for applicable role...");
             const RoleDescriptor* roledesc=entity->getRoleDescriptor(*policy.getRole(), samlconstants::SAML20P_NS);
             if (!roledesc) {
                 log.warn("unable to find compatible role (%s) in metadata", policy.getRole()->toString().c_str());
-                return false;
+                return;
             }
             policy.setIssuerMetadata(roledesc);
-            return true;
         }
     }
     catch (bad_cast&) {
         // Just trap it.
         log.warn("caught a bad_cast while examining message");
     }
-
-    return false;
 }