X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2SOAPEncoder.cpp;h=43e5af1659aa221b818a01a1fdb5998618a77e69;hb=f1208cd2f514700244816377443c4951dc22c848;hp=7b56dee74875c9b57c1a603f6b937a321c27bf19;hpb=c3c89629114e8a29b8c9a769956b6b4e7e2c4c24;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp b/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp index 7b56dee..43e5af1 100644 --- a/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp @@ -1,69 +1,103 @@ -/* - * Copyright 2001-2006 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * http://www.apache.org/licenses/LICENSE-2.0 + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** * SAML2SOAPEncoder.cpp * - * SAML 2.0 SOAP binding message encoder + * SAML 2.0 SOAP binding message encoder. */ #include "internal.h" #include "exceptions.h" -#include "binding/HTTPResponse.h" -#include "saml2/binding/SAML2SOAPEncoder.h" +#include "binding/MessageEncoder.h" +#include "signature/ContentReference.h" #include "saml2/core/Protocols.h" #include -#include +#include +#include #include +#include #include using namespace opensaml::saml2p; +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; using namespace soap11; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { namespace saml2p { - MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const DOMElement* const & e) + class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder + { + public: + SAML2SOAPEncoder() {} + virtual ~SAML2SOAPEncoder() {} + + bool isUserAgentPresent() const { + return false; + } + + const XMLCh* getProtocolFamily() const { + return samlconstants::SAML20P_NS; + } + + long encode( + GenericResponse& genericResponse, + XMLObject* xmlObject, + const char* destination, + const EntityDescriptor* recipient=nullptr, + const char* relayState=nullptr, + const ArtifactGenerator* artifactGenerator=nullptr, + const Credential* credential=nullptr, + const XMLCh* signatureAlg=nullptr, + const XMLCh* digestAlg=nullptr + ) const; + }; + + MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const pair& p) { - return new SAML2SOAPEncoder(e); + return new SAML2SOAPEncoder(); } }; }; -SAML2SOAPEncoder::SAML2SOAPEncoder(const DOMElement* e) {} - long SAML2SOAPEncoder::encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID, + const EntityDescriptor* recipient, const char* relayState, - const CredentialResolver* credResolver, - const XMLCh* sigAlgorithm + const ArtifactGenerator* artifactGenerator, + const Credential* credential, + const XMLCh* signatureAlg, + const XMLCh* digestAlg ) const { #ifdef _DEBUG xmltooling::NDC ndc("encode"); #endif - Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1SOAP"); + Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP"); log.debug("validating input"); if (xmlObject->getParent()) @@ -72,56 +106,85 @@ long SAML2SOAPEncoder::encode( genericResponse.setContentType("text/xml"); HTTPResponse* httpResponse = dynamic_cast(&genericResponse); if (httpResponse) { - httpResponse->setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); - httpResponse->setHeader("Pragma", "no-cache"); + httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT"); + httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); + httpResponse->setResponseHeader("Pragma", "no-cache"); + } + + bool detachOnFailure = false; + DOMElement* rootElement = nullptr; + + // Check for a naked message. + SignableObject* msg = dynamic_cast(xmlObject); + if (msg) { + // Wrap it in a SOAP envelope and point xmlObject at that. + detachOnFailure = true; + Envelope* env = EnvelopeBuilder::buildEnvelope(); + Body* body = BodyBuilder::buildBody(); + env->setBody(body); + body->getUnknownXMLObjects().push_back(msg); + xmlObject = env; } - DOMElement* rootElement = NULL; - StatusResponseType* response = dynamic_cast(xmlObject); - if (response) { + Envelope* env = dynamic_cast(xmlObject); + if (env) { + if (!msg) { + msg = (env->getBody() && env->getBody()->hasChildren()) ? + dynamic_cast(env->getBody()->getUnknownXMLObjects().front()) : nullptr; + } try { - Envelope* env = EnvelopeBuilder::buildEnvelope(); - Body* body = BodyBuilder::buildBody(); - env->setBody(body); - body->getXMLObjects().push_back(response); - if (credResolver ) { - if (response->getSignature()) { - log.debug("response already signed, skipping signature operation"); + if (msg && credential) { + if (msg->getSignature()) { + log.debug("message already signed, skipping signature operation"); rootElement = env->marshall(); } else { - log.debug("signing and marshalling the response"); + log.debug("signing the message and marshalling the envelope"); // Build a Signature. - Signature* sig = buildSignature(credResolver, sigAlgorithm); - response->setSignature(sig); + Signature* sig = SignatureBuilder::buildSignature(); + msg->setSignature(sig); + if (signatureAlg) + sig->setSignatureAlgorithm(signatureAlg); + if (digestAlg) { + opensaml::ContentReference* cr = dynamic_cast(sig->getContentReference()); + if (cr) + cr->setDigestAlgorithm(digestAlg); + } - // Sign response while marshalling. + // Sign message while marshalling. vector sigs(1,sig); - rootElement = env->marshall((DOMDocument*)NULL,&sigs); + rootElement = env->marshall((DOMDocument*)nullptr,&sigs,credential); } } else { - log.debug("marshalling the response"); + log.debug("marshalling the envelope"); rootElement = env->marshall(); } + + stringstream s; + s << *rootElement; - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized response"); - long ret = genericResponse.sendResponse(s); + if (log.isDebugEnabled()) + log.debug("marshalled envelope:\n%s", s.str().c_str()); + + log.debug("sending serialized envelope"); + bool error = (!msg && env->getBody() && env->getBody()->hasChildren() && + dynamic_cast(env->getBody()->getUnknownXMLObjects().front())); + long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); // Cleanup by destroying XML. delete env; return ret; } catch (XMLToolingException&) { - // A bit weird...we have to "revert" things so that the response is isolated - // so the caller can free it. - if (response->getParent()) { - response->getParent()->detach(); - response->detach(); + if (msg && detachOnFailure) { + // A bit weird...we have to "revert" things so that the message is isolated + // so the caller can free it. + if (msg->getParent()) { + msg->getParent()->detach(); + msg->detach(); + } } throw; } @@ -130,17 +193,20 @@ long SAML2SOAPEncoder::encode( Fault* fault = dynamic_cast(xmlObject); if (fault) { try { - log.debug("building Envelope and marshalling Fault"); + log.debug("building envelope and marshalling fault"); Envelope* env = EnvelopeBuilder::buildEnvelope(); Body* body = BodyBuilder::buildBody(); env->setBody(body); - body->getXMLObjects().push_back(fault); + body->getUnknownXMLObjects().push_back(fault); rootElement = env->marshall(); - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized fault"); + stringstream s; + s << *rootElement; + + if (log.isDebugEnabled()) + log.debug("marshalled envelope:\n%s", s.str().c_str()); + + log.debug("sending serialized envelope"); long ret = genericResponse.sendError(s); // Cleanup by destroying XML. @@ -158,26 +224,5 @@ long SAML2SOAPEncoder::encode( } } - Envelope* env = dynamic_cast(xmlObject); - if (env) { - log.debug("marshalling envelope"); - rootElement = env->marshall(); - - bool error = - (env->getBody() && - env->getBody()->hasChildren() && - dynamic_cast(env->getBody()->getXMLObjects().front())); - - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized envelope"); - long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); - - // Cleanup by destroying XML. - delete env; - return ret; - } - - throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 response or SOAP Fault/Envelope."); + throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 message or SOAP Fault/Envelope."); }