X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2MessageRule.cpp;h=76649b15bcdd9460ea6340a0f106f0a1fb8d57a3;hb=9fddf9054c76de6239295b98a559fcc75453effc;hp=398242aedbd9b21c20079d66b0ff081bb846ef07;hpb=e304cd038a7d5f06945341d85a6d47b45cfe6e79;p=shibboleth%2Fopensaml2.git

diff --git a/saml/saml2/binding/impl/SAML2MessageRule.cpp b/saml/saml2/binding/impl/SAML2MessageRule.cpp
index 398242a..76649b1 100644
--- a/saml/saml2/binding/impl/SAML2MessageRule.cpp
+++ b/saml/saml2/binding/impl/SAML2MessageRule.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,23 +22,32 @@
 
 #include "internal.h"
 #include "exceptions.h"
-#include "saml2/binding/SAML2MessageRule.h"
+#include "binding/SecurityPolicyRule.h"
 #include "saml2/core/Protocols.h"
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/MetadataProvider.h"
 #include "util/SAMLConstants.h"
 
-#include <log4cpp/Category.hh>
+#include <xmltooling/logging.h>
 
 using namespace opensaml::saml2md;
 using namespace opensaml::saml2p;
 using namespace opensaml::saml2;
 using namespace opensaml;
+using namespace xmltooling::logging;
 using namespace xmltooling;
-using namespace log4cpp;
 using namespace std;
 
 namespace opensaml {
+    class SAML_DLLLOCAL SAML2MessageRule : public SecurityPolicyRule
+    {
+    public:
+        SAML2MessageRule(const DOMElement* e) {}
+        virtual ~SAML2MessageRule() {}
+        
+        void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
+    };
+
     SecurityPolicyRule* SAML_DLLLOCAL SAML2MessageRuleFactory(const DOMElement* const & e)
     {
         return new SAML2MessageRule(e);
@@ -52,8 +61,8 @@ void SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest*
     const QName& q = message.getElementQName(); 
     policy.setMessageQName(&q);
     
-    if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20P_NS)) {
-        log.debug("not a SAML 2.0 protocol message");
+    if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20P_NS)&&
+        !XMLString::equals(q.getNamespaceURI(), samlconstants::SAML20_NS)) {
         return;
     }
 
@@ -63,45 +72,45 @@ void SAML2MessageRule::evaluate(const XMLObject& message, const GenericRequest*
         policy.setIssueInstant(samlRoot.getIssueInstantEpoch());
 
         log.debug("extracting issuer from message");
-        Issuer* issuer = samlRoot.getIssuer();
-        if (issuer && issuer->getName()) {
-            auto_ptr<Issuer> copy(issuer->cloneIssuer());
-            policy.setIssuer(copy.get());
-            copy.release();
+        const Issuer* issuer = samlRoot.getIssuer();
+        if (issuer) {
+            policy.setIssuer(issuer);
         }
         else if (XMLString::equals(q.getLocalPart(), Response::LOCAL_NAME)) {
             // No issuer in the message, so we have to try the Response approach. 
-            const vector<Assertion*>& assertions = dynamic_cast<const Response&>(samlRoot).getAssertions();
+            const vector<saml2::Assertion*>& assertions = dynamic_cast<const Response&>(samlRoot).getAssertions();
             if (!assertions.empty()) {
                 issuer = assertions.front()->getIssuer();
-                if (issuer && issuer->getName()) {
-                    auto_ptr<Issuer> copy(issuer->cloneIssuer());
-                    policy.setIssuer(copy.get());
-                    copy.release();
-                }
+                if (issuer)
+                    policy.setIssuer(issuer);
             }
         }
 
-        if (!policy.getIssuer()) {
+        if (!issuer) {
             log.warn("issuer identity not extracted");
             return;
         }
 
         if (log.isDebugEnabled()) {
-            auto_ptr_char iname(policy.getIssuer()->getName());
+            auto_ptr_char iname(issuer->getName());
             log.debug("message from (%s)", iname.get());
         }
 
+        if (policy.getIssuerMetadata()) {
+            log.debug("metadata for issuer already set, leaving in place");
+            return;
+        }
+
         if (policy.getMetadataProvider() && policy.getRole()) {
-            if (policy.getIssuer()->getFormat() && !XMLString::equals(policy.getIssuer()->getFormat(), saml2::NameIDType::ENTITY)) {
+            if (issuer->getFormat() && !XMLString::equals(issuer->getFormat(), NameIDType::ENTITY)) {
                 log.warn("non-system entity issuer, skipping metadata lookup");
                 return;
             }
             
             log.debug("searching metadata for message issuer...");
-            const EntityDescriptor* entity = policy.getMetadataProvider()->getEntityDescriptor(policy.getIssuer()->getName());
+            const EntityDescriptor* entity = policy.getMetadataProvider()->getEntityDescriptor(issuer->getName());
             if (!entity) {
-                auto_ptr_char temp(policy.getIssuer()->getName());
+                auto_ptr_char temp(issuer->getName());
                 log.warn("no metadata found, can't establish identity of issuer (%s)", temp.get());
                 return;
             }