X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2POSTEncoder.cpp;h=662d52f68cf200b5a71a8da0c5697801b8a4bf8b;hb=11cd3b15c71ee22f2818d810a17c213123e8c248;hp=3c73d867aad1e80409544addf1b9c7cbba77616d;hpb=8a21bb42163a78e9c324f840004fd9e9821ad745;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/binding/impl/SAML2POSTEncoder.cpp b/saml/saml2/binding/impl/SAML2POSTEncoder.cpp index 3c73d86..662d52f 100644 --- a/saml/saml2/binding/impl/SAML2POSTEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2POSTEncoder.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2006 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,7 +22,8 @@ #include "internal.h" #include "exceptions.h" -#include "saml2/binding/SAML2POSTEncoder.h" +#include "binding/MessageEncoder.h" +#include "signature/ContentReference.h" #include "saml2/core/Protocols.h" #include @@ -33,6 +34,7 @@ #include using namespace opensaml::saml2p; +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; using namespace xmltooling; @@ -41,39 +43,64 @@ using namespace std; namespace opensaml { namespace saml2p { - MessageEncoder* SAML_DLLLOCAL SAML2POSTEncoderFactory(const DOMElement* const & e) + class SAML_DLLLOCAL SAML2POSTEncoder : public MessageEncoder { - return new SAML2POSTEncoder(e, false); + public: + SAML2POSTEncoder(const DOMElement* e, const XMLCh* ns, bool simple=false); + virtual ~SAML2POSTEncoder() {} + + long encode( + GenericResponse& genericResponse, + XMLObject* xmlObject, + const char* destination, + const EntityDescriptor* recipient=NULL, + const char* relayState=NULL, + const ArtifactGenerator* artifactGenerator=NULL, + const Credential* credential=NULL, + const XMLCh* signatureAlg=NULL, + const XMLCh* digestAlg=NULL + ) const; + + private: + string m_template; + bool m_simple; + }; + + MessageEncoder* SAML_DLLLOCAL SAML2POSTEncoderFactory(const pair& p) + { + return new SAML2POSTEncoder(p.first, p.second, false); } - MessageEncoder* SAML_DLLLOCAL SAML2POSTSimpleSignEncoderFactory(const DOMElement* const & e) + MessageEncoder* SAML_DLLLOCAL SAML2POSTSimpleSignEncoderFactory(const pair& p) { - return new SAML2POSTEncoder(e, true); + return new SAML2POSTEncoder(p.first, p.second, true); } }; }; -static const XMLCh templat[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e); +static const XMLCh _template[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e); -SAML2POSTEncoder::SAML2POSTEncoder(const DOMElement* e, bool simple) : m_simple(simple) +SAML2POSTEncoder::SAML2POSTEncoder(const DOMElement* e, const XMLCh* ns, bool simple) : m_simple(simple) { if (e) { - auto_ptr_char t(e->getAttributeNS(NULL, templat)); - if (t.get()) + auto_ptr_char t(e->getAttributeNS(ns, _template)); + if (t.get() && *t.get()) m_template = t.get(); } if (m_template.empty()) - throw XMLToolingException("SAML2POSTEncoder requires template attribute."); + throw XMLToolingException("SAML2POSTEncoder requires template XML attribute."); } long SAML2POSTEncoder::encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID, + const EntityDescriptor* recipient, const char* relayState, - const CredentialResolver* credResolver, - const XMLCh* sigAlgorithm + const ArtifactGenerator* artifactGenerator, + const Credential* credential, + const XMLCh* signatureAlg, + const XMLCh* digestAlg ) const { #ifdef _DEBUG @@ -94,8 +121,7 @@ long SAML2POSTEncoder::encode( } DOMElement* rootElement = NULL; - vector sigs; - if (credResolver && !m_simple) { + if (credential && !m_simple) { // Signature based on native XML signing. if (request ? request->getSignature() : response->getSignature()) { log.debug("message already signed, skipping signature operation"); @@ -104,55 +130,62 @@ long SAML2POSTEncoder::encode( log.debug("signing and marshalling the message"); // Build a Signature. - Signature* sig = buildSignature(credResolver, sigAlgorithm); - - // Append Signature. + Signature* sig = SignatureBuilder::buildSignature(); request ? request->setSignature(sig) : response->setSignature(sig); - + if (signatureAlg) + sig->setSignatureAlgorithm(signatureAlg); + if (digestAlg) { + opensaml::ContentReference* cr = dynamic_cast(sig->getContentReference()); + if (cr) + cr->setDigestAlgorithm(digestAlg); + } + // Sign response while marshalling. - sigs.push_back(sig); + vector sigs(1,sig); + rootElement = xmlObject->marshall((DOMDocument*)NULL,&sigs,credential); } } else { log.debug("marshalling the message"); + rootElement = xmlObject->marshall((DOMDocument*)NULL); } - rootElement = xmlObject->marshall((DOMDocument*)NULL,&sigs); - // Start tracking data. - map pmap; - if (relayState) - pmap["RelayState"] = relayState; + TemplateEngine::TemplateParameters pmap; + if (relayState && *relayState) + pmap.m_map["RelayState"] = relayState; - // Base64 the message. - string& msg = pmap[(request ? "SAMLRequest" : "SAMLResponse")]; + // Serialize the message. + string& msg = pmap.m_map[(request ? "SAMLRequest" : "SAMLResponse")]; XMLHelper::serialize(rootElement, msg); - unsigned int len=0; - XMLByte* out=Base64::encode(reinterpret_cast(msg.data()),msg.size(),&len); - if (!out) - throw BindingException("Base64 encoding of XML failed."); - msg.erase(); - msg.append(reinterpret_cast(out),len); - XMLString::release(&out); - - if (credResolver && m_simple) { + + // SimpleSign. + if (credential && m_simple) { log.debug("applying simple signature to message data"); string input = (request ? "SAMLRequest=" : "SAMLResponse=") + msg; - if (relayState) + if (relayState && *relayState) input = input + "&RelayState=" + relayState; - if (!sigAlgorithm) - sigAlgorithm = DSIGConstants::s_unicodeStrURIRSA_SHA1; - auto_ptr_char alg(sigAlgorithm); - pmap["SigAlg"] = alg.get(); + if (!signatureAlg) + signatureAlg = DSIGConstants::s_unicodeStrURIRSA_SHA1; + auto_ptr_char alg(signatureAlg); + pmap.m_map["SigAlg"] = alg.get(); input = input + "&SigAlg=" + alg.get(); char sigbuf[1024]; memset(sigbuf,0,sizeof(sigbuf)); - auto_ptr key(credResolver->getKey()); - Signature::createRawSignature(key.get(), sigAlgorithm, input.c_str(), input.length(), sigbuf, sizeof(sigbuf)-1); - pmap["Signature"] = sigbuf; + Signature::createRawSignature(credential->getPrivateKey(), signatureAlg, input.c_str(), input.length(), sigbuf, sizeof(sigbuf)-1); + pmap.m_map["Signature"] = sigbuf; } + // Base64 the message. + unsigned int len=0; + XMLByte* out=Base64::encode(reinterpret_cast(msg.data()),msg.size(),&len); + if (!out) + throw BindingException("Base64 encoding of XML failed."); + msg.erase(); + msg.append(reinterpret_cast(out),len); + XMLString::release(&out); + // Push message into template and send result to client. log.debug("message encoded, sending HTML form template to client"); TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine(); @@ -161,7 +194,7 @@ long SAML2POSTEncoder::encode( ifstream infile(m_template.c_str()); if (!infile) throw BindingException("Failed to open HTML template for POST message ($1).", params(1,m_template.c_str())); - pmap["action"] = destination; + pmap.m_map["action"] = destination; stringstream s; engine->run(infile, s, pmap); genericResponse.setContentType("text/html");