X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2SOAPClient.cpp;h=08cba6d3c495308970e94a33c795ab5480075271;hb=a0323c50525a6ff43795da2dc786e5aeaf726d41;hp=db6d1f52f999d5fa46fae9b75e8260c3b0f7d5b1;hpb=c102f8fc67748f03d53c6da51da9e8f3f7b79554;p=shibboleth%2Fopensaml2.git

diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
index db6d1f5..08cba6d 100644
--- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp
+++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,60 +26,58 @@
 #include "saml2/core/Protocols.h"
 #include "saml2/metadata/Metadata.h"
 
-#include <log4cpp/Category.hh>
+#include <xmltooling/logging.h>
 #include <xmltooling/soap/SOAP.h>
 
 using namespace opensaml::saml2p;
 using namespace opensaml::saml2md;
 using namespace opensaml;
 using namespace soap11;
+using namespace xmltooling::logging;
 using namespace xmltooling;
-using namespace log4cpp;
 using namespace std;
 
-void SAML2SOAPClient::sendSAML(RequestAbstractType* request, const RoleDescriptor& peer, const char* endpoint)
+void SAML2SOAPClient::sendSAML(RequestAbstractType* request, MetadataCredentialCriteria& peer, const char* endpoint)
 {
-    Envelope* env = EnvelopeBuilder::buildEnvelope();
+    auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
     Body* body = BodyBuilder::buildBody();
     env->setBody(body);
-    body->getXMLObjects().push_back(request);
-    try {
-        send(env, peer, endpoint);
-        m_correlate = XMLString::replicate(request->getID());
-        delete env;
-    }
-    catch (XMLToolingException&) {
-        // A bit weird...we have to "revert" things so that the request is isolated
-        // so the caller can free it.
-        request->getParent()->detach();
-        request->detach();
-        throw;
-    }
+    body->getUnknownXMLObjects().push_back(request);
+    m_soaper.send(*env.get(), peer, endpoint);
+    m_correlate = XMLString::replicate(request->getID());
 }
 
 StatusResponseType* SAML2SOAPClient::receiveSAML()
 {
-    auto_ptr<Envelope> env(receive());
+    auto_ptr<Envelope> env(m_soaper.receive());
     if (env.get()) {
         Body* body = env->getBody();
         if (body && body->hasChildren()) {
             // Check for SAML Response.
-            StatusResponseType* response = dynamic_cast<StatusResponseType*>(body->getXMLObjects().front());
+            StatusResponseType* response = dynamic_cast<StatusResponseType*>(body->getUnknownXMLObjects().front());
             if (response) {
                 
                 // Check InResponseTo.
-                if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo()))
-                    throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
-                
+                if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
+                    throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+
+                m_soaper.getPolicy().reset(true);
+                m_soaper.getPolicy().evaluate(*response, NULL, samlconstants::SAML20P_NS);
+                if (!m_soaper.getPolicy().isSecure()) {
+                    SecurityPolicyException ex("Security policy could not authenticate the message.");
+                    annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata(), response->getStatus());   // throws it
+                }
+
                 // Check Status.
                 Status* status = response->getStatus();
                 if (status) {
                     const XMLCh* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
-                    if (code && !XMLString::equals(code,StatusCode::SUCCESS) && handleError(*status))
-                        throw BindingException("SAML Response contained an error.");
+                    if (code && !XMLString::equals(code,StatusCode::SUCCESS) && handleError(*status)) {
+                        BindingException ex("SAML response contained an error.");
+                        annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata(), status);   // throws it
+                    }
                 }
                 
-                m_policy.evaluate(*response);
                 env.release();
                 body->detach(); // frees Envelope
                 response->detach();   // frees Body
@@ -87,7 +85,11 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
             }
         }
         
-        throw BindingException("SOAP Envelope did not contain a SAML Response or a Fault.");
+        BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault.");
+        if (m_soaper.getPolicy().getIssuerMetadata())
+            annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
+        else
+            ex.raise();
     }
     return NULL;
 }
@@ -101,5 +103,5 @@ bool SAML2SOAPClient::handleError(const Status& status)
         (code.get() ? code.get() : "no code"),
         (str.get() ? str.get() : "no message")
         );
-    return true;
+    return m_fatal;
 }