X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2POSTEncoder.cpp;h=53f08cfabf3c5b727bb2da847ca26b39d90c733a;hb=5e62d2c1fb43763b3d627e641a310a79992b01c0;hp=9a4e7dfbf571dc8a9ddefa4862132f481cc106ec;hpb=b0c11eb8bfd9daa93de903f1ab94f0f34df46c2e;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/binding/impl/SAML2POSTEncoder.cpp b/saml/saml2/binding/impl/SAML2POSTEncoder.cpp index 9a4e7df..53f08cf 100644 --- a/saml/saml2/binding/impl/SAML2POSTEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2POSTEncoder.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2006 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,60 +17,98 @@ /** * SAML2POSTEncoder.cpp * - * SAML 2.0 HTTP-POST binding message encoder + * SAML 2.0 HTTP-POST binding message encoder. */ #include "internal.h" #include "exceptions.h" -#include "saml2/binding/SAML2POSTEncoder.h" +#include "binding/MessageEncoder.h" +#include "signature/ContentReference.h" #include "saml2/core/Protocols.h" #include #include -#include #include +#include +#include +#include +#include +#include +#include +#include #include +#include #include using namespace opensaml::saml2p; +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { namespace saml2p { - MessageEncoder* SAML_DLLLOCAL SAML2POSTEncoderFactory(const DOMElement* const & e) + class SAML_DLLLOCAL SAML2POSTEncoder : public MessageEncoder { - return new SAML2POSTEncoder(e); + public: + SAML2POSTEncoder(const DOMElement* e, const XMLCh* ns, bool simple=false); + virtual ~SAML2POSTEncoder() {} + + const XMLCh* getProtocolFamily() const { + return samlconstants::SAML20P_NS; + } + + long encode( + GenericResponse& genericResponse, + XMLObject* xmlObject, + const char* destination, + const EntityDescriptor* recipient=nullptr, + const char* relayState=nullptr, + const ArtifactGenerator* artifactGenerator=nullptr, + const Credential* credential=nullptr, + const XMLCh* signatureAlg=nullptr, + const XMLCh* digestAlg=nullptr + ) const; + + private: + string m_template; + bool m_simple; + }; + + MessageEncoder* SAML_DLLLOCAL SAML2POSTEncoderFactory(const pair& p) + { + return new SAML2POSTEncoder(p.first, p.second, false); + } + + MessageEncoder* SAML_DLLLOCAL SAML2POSTSimpleSignEncoderFactory(const pair& p) + { + return new SAML2POSTEncoder(p.first, p.second, true); } }; }; -static const XMLCh templat[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e); +static const XMLCh _template[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e); -SAML2POSTEncoder::SAML2POSTEncoder(const DOMElement* e) +SAML2POSTEncoder::SAML2POSTEncoder(const DOMElement* e, const XMLCh* ns, bool simple) + : m_template(XMLHelper::getAttrString(e, "bindingTemplate.html", _template, ns)), m_simple(simple) { - if (e) { - auto_ptr_char t(e->getAttributeNS(NULL, templat)); - if (t.get()) - m_template = t.get(); - } if (m_template.empty()) - throw XMLToolingException("SAML2POSTEncoder requires template attribute."); + throw XMLToolingException("SAML2POSTEncoder requires template XML attribute."); + XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE); } -SAML2POSTEncoder::~SAML2POSTEncoder() {} - long SAML2POSTEncoder::encode( - HTTPResponse& httpResponse, + GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID, + const EntityDescriptor* recipient, const char* relayState, - const CredentialResolver* credResolver, - const XMLCh* sigAlgorithm + const ArtifactGenerator* artifactGenerator, + const Credential* credential, + const XMLCh* signatureAlg, + const XMLCh* digestAlg ) const { #ifdef _DEBUG @@ -78,11 +116,15 @@ long SAML2POSTEncoder::encode( #endif Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2POST"); log.debug("validating input"); - + + TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine(); + if (!engine || !destination) + throw BindingException("Encoding message using POST requires a TemplateEngine instance and a destination."); + HTTPResponse::sanitizeURL(destination); if (xmlObject->getParent()) throw BindingException("Cannot encode XML content with parent."); - StatusResponseType* response = NULL; + StatusResponseType* response = nullptr; RequestAbstractType* request = dynamic_cast(xmlObject); if (!request) { response = dynamic_cast(xmlObject); @@ -90,8 +132,8 @@ long SAML2POSTEncoder::encode( throw BindingException("XML content for SAML 2.0 HTTP-POST Encoder must be a SAML 2.0 protocol message."); } - DOMElement* rootElement = NULL; - if (credResolver) { + DOMElement* rootElement = nullptr; + if (credential && !m_simple) { // Signature based on native XML signing. if (request ? request->getSignature() : response->getSignature()) { log.debug("message already signed, skipping signature operation"); @@ -100,50 +142,98 @@ long SAML2POSTEncoder::encode( log.debug("signing and marshalling the message"); // Build a Signature. - Signature* sig = buildSignature(credResolver, sigAlgorithm); - - // Append Signature. + Signature* sig = SignatureBuilder::buildSignature(); request ? request->setSignature(sig) : response->setSignature(sig); - + if (signatureAlg) + sig->setSignatureAlgorithm(signatureAlg); + if (digestAlg) { + opensaml::ContentReference* cr = dynamic_cast(sig->getContentReference()); + if (cr) + cr->setDigestAlgorithm(digestAlg); + } + // Sign response while marshalling. vector sigs(1,sig); - rootElement = xmlObject->marshall((DOMDocument*)NULL,&sigs); + rootElement = xmlObject->marshall((DOMDocument*)nullptr,&sigs,credential); } } else { log.debug("marshalling the message"); - rootElement = xmlObject->marshall(); + rootElement = xmlObject->marshall((DOMDocument*)nullptr); } - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - unsigned int len=0; - XMLByte* out=Base64::encode(reinterpret_cast(xmlbuf.data()),xmlbuf.size(),&len); - if (out) { - xmlbuf.erase(); - xmlbuf.append(reinterpret_cast(out),len); - XMLString::release(&out); + // Serialize the message. + TemplateEngine::TemplateParameters pmap; + string& msg = pmap.m_map[(request ? "SAMLRequest" : "SAMLResponse")]; + XMLHelper::serialize(rootElement, msg); + log.debug("marshalled message:\n%s", msg.c_str()); + + // SimpleSign. + if (credential && m_simple) { + log.debug("applying simple signature to message data"); + string input = (request ? "SAMLRequest=" : "SAMLResponse=") + msg; + if (relayState && *relayState) + input = input + "&RelayState=" + relayState; + if (!signatureAlg) + signatureAlg = DSIGConstants::s_unicodeStrURIRSA_SHA1; + auto_ptr_char alg(signatureAlg); + pmap.m_map["SigAlg"] = alg.get(); + input = input + "&SigAlg=" + alg.get(); + + char sigbuf[1024]; + memset(sigbuf,0,sizeof(sigbuf)); + Signature::createRawSignature(credential->getPrivateKey(), signatureAlg, input.c_str(), input.length(), sigbuf, sizeof(sigbuf)-1); + pmap.m_map["Signature"] = sigbuf; + + auto_ptr keyInfo(credential->getKeyInfo()); + if (keyInfo.get()) { + string& kstring = pmap.m_map["KeyInfo"]; + XMLHelper::serialize(keyInfo->marshall((DOMDocument*)nullptr), kstring); + xsecsize_t len=0; + XMLByte* out=Base64::encode(reinterpret_cast(kstring.data()),kstring.size(),&len); + if (!out) + throw BindingException("Base64 encoding of XML failed."); + kstring.erase(); + kstring.append(reinterpret_cast(out),len); +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE + XMLString::release(&out); +#else + XMLString::release((char**)&out); +#endif + } } - else { + + // Base64 the message. + xsecsize_t len=0; + XMLByte* out=Base64::encode(reinterpret_cast(msg.data()),msg.size(),&len); + if (!out) throw BindingException("Base64 encoding of XML failed."); - } + msg.erase(); + msg.append(reinterpret_cast(out),len); +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE + XMLString::release(&out); +#else + XMLString::release((char**)&out); +#endif - // Push message into template and send result to client. + // Push the rest of it into template and send result to client. log.debug("message encoded, sending HTML form template to client"); - TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine(); - if (!engine) - throw BindingException("Encoding message using POST requires a TemplateEngine instance."); ifstream infile(m_template.c_str()); if (!infile) throw BindingException("Failed to open HTML template for POST message ($1).", params(1,m_template.c_str())); - map params; - params["action"] = destination; - params[request ? "SAMLRequest" : "SAMLResponse"] = xmlbuf; - if (relayState) - params["RelayState"] = relayState; + pmap.m_map["action"] = destination; + if (relayState && *relayState) + pmap.m_map["RelayState"] = relayState; stringstream s; - engine->run(infile, s, params); - long ret = httpResponse.sendResponse(s); + engine->run(infile, s, pmap); + genericResponse.setContentType("text/html"); + HTTPResponse* httpResponse = dynamic_cast(&genericResponse); + if (httpResponse) { + httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT"); + httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); + httpResponse->setResponseHeader("Pragma", "no-cache"); + } + long ret = genericResponse.sendResponse(s); // Cleanup by destroying XML. delete xmlObject;