X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2RedirectEncoder.cpp;h=b40cb8bd1e8ac83daa16e34f171ba47307579cdd;hb=e9554c255ad3c91c7c4976e7a1a54905903e66a2;hp=9e2b3d1636a516fffffecc2a5e62e485be8e2f38;hpb=b1614d3c1fc1f4230ab2a123f43994127c25462c;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/binding/impl/SAML2RedirectEncoder.cpp b/saml/saml2/binding/impl/SAML2RedirectEncoder.cpp index 9e2b3d1..b40cb8b 100644 --- a/saml/saml2/binding/impl/SAML2RedirectEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2RedirectEncoder.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,28 +17,33 @@ /** * SAML2RedirectEncoder.cpp * - * SAML 2.0 HTTP-POST binding message encoder + * SAML 2.0 HTTP-POST binding message encoder. */ #include "internal.h" #include "exceptions.h" -#include "binding/HTTPResponse.h" #include "binding/MessageEncoder.h" #include "saml2/binding/SAML2Redirect.h" #include "saml2/core/Protocols.h" #include #include -#include #include +#include +#include +#include +#include +#include +#include #include #include using namespace opensaml::saml2p; +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { @@ -46,23 +51,29 @@ namespace opensaml { class SAML_DLLLOCAL SAML2RedirectEncoder : public MessageEncoder { public: - SAML2RedirectEncoder(const DOMElement* e) {} + SAML2RedirectEncoder() {} virtual ~SAML2RedirectEncoder() {} + + bool isCompact() const { + return true; + } long encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID=NULL, - const char* relayState=NULL, - const Credential* credential=NULL, - const XMLCh* sigAlgorithm=NULL + const EntityDescriptor* recipient=nullptr, + const char* relayState=nullptr, + const ArtifactGenerator* artifactGenerator=nullptr, + const Credential* credential=nullptr, + const XMLCh* signatureAlg=nullptr, + const XMLCh* digestAlg=nullptr ) const; }; - MessageEncoder* SAML_DLLLOCAL SAML2RedirectEncoderFactory(const DOMElement* const & e) + MessageEncoder* SAML_DLLLOCAL SAML2RedirectEncoderFactory(const pair& p) { - return new SAML2RedirectEncoder(e); + return new SAML2RedirectEncoder(); } }; }; @@ -71,10 +82,12 @@ long SAML2RedirectEncoder::encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID, + const EntityDescriptor* recipient, const char* relayState, + const ArtifactGenerator* artifactGenerator, const Credential* credential, - const XMLCh* sigAlgorithm + const XMLCh* signatureAlg, + const XMLCh* digestAlg ) const { #ifdef _DEBUG @@ -89,7 +102,7 @@ long SAML2RedirectEncoder::encode( if (xmlObject->getParent()) throw BindingException("Cannot encode XML content with parent."); - StatusResponseType* response = NULL; + StatusResponseType* response = nullptr; RequestAbstractType* request = dynamic_cast(xmlObject); if (!request) { response = dynamic_cast(xmlObject); @@ -100,20 +113,22 @@ long SAML2RedirectEncoder::encode( // Check for XML signature. if (request ? request->getSignature() : response->getSignature()) { log.debug("message already signed, removing native signature due to size considerations"); - request ? request->setSignature(NULL) : response->setSignature(NULL); + request ? request->setSignature(nullptr) : response->setSignature(nullptr); } log.debug("marshalling, deflating, base64-encoding the message"); DOMElement* rootElement = xmlObject->marshall(); string xmlbuf; XMLHelper::serialize(rootElement, xmlbuf); + log.debug("marshalled message:\n%s", xmlbuf.c_str()); unsigned int len; char* deflated = deflate(const_cast(xmlbuf.c_str()), xmlbuf.length(), &len); if (!deflated) throw BindingException("Failed to deflate message."); - XMLByte* encoded=Base64::encode(reinterpret_cast(deflated),len,&len); + xsecsize_t xlen; + XMLByte* encoded=Base64::encode(reinterpret_cast(deflated), len, &xlen); delete[] deflated; if (!encoded) throw BindingException("Base64 encoding of XML failed."); @@ -121,27 +136,35 @@ long SAML2RedirectEncoder::encode( // Create beginnings of redirect query string. const URLEncoder* escaper = XMLToolingConfig::getConfig().getURLEncoder(); xmlbuf.erase(); - xmlbuf.append(reinterpret_cast(encoded),len); + xmlbuf.append(reinterpret_cast(encoded), xlen); +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE + XMLString::release(&encoded); +#else + XMLString::release((char**)&encoded); +#endif + xmlbuf = (request ? "SAMLRequest=" : "SAMLResponse=") + escaper->encode(xmlbuf.c_str()); - if (relayState) + if (relayState && *relayState) xmlbuf = xmlbuf + "&RelayState=" + escaper->encode(relayState); if (credential) { + log.debug("signing the message"); + // Sign the query string after adding the algorithm. - if (!sigAlgorithm) - sigAlgorithm = DSIGConstants::s_unicodeStrURIRSA_SHA1; - auto_ptr_char alg(sigAlgorithm); + if (!signatureAlg) + signatureAlg = DSIGConstants::s_unicodeStrURIRSA_SHA1; + auto_ptr_char alg(signatureAlg); xmlbuf = xmlbuf + "&SigAlg=" + escaper->encode(alg.get()); char sigbuf[1024]; memset(sigbuf,0,sizeof(sigbuf)); - Signature::createRawSignature(credential->getPrivateKey(), sigAlgorithm, xmlbuf.c_str(), xmlbuf.length(), sigbuf, sizeof(sigbuf)-1); + Signature::createRawSignature(credential->getPrivateKey(), signatureAlg, xmlbuf.c_str(), xmlbuf.length(), sigbuf, sizeof(sigbuf)-1); xmlbuf = xmlbuf + "&Signature=" + escaper->encode(sigbuf); } // Generate redirect. log.debug("message encoded, sending redirect to client"); - xmlbuf.insert(0,1,(strchr(destination,'?') ? '&' : '?')); + xmlbuf.insert((string::size_type)0,(string::size_type)1,(strchr(destination,'?') ? '&' : '?')); xmlbuf.insert(0,destination); long ret = httpResponse->sendRedirect(xmlbuf.c_str());