X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibsp%2Fattribute%2Fresolver%2Fimpl%2FQueryAttributeResolver.cpp;h=8a594cbd9b06dba93a3f85233481f679ded20479;hb=7b31214f32c9e83d9976210f8bebaf24a328c21d;hp=46f46aaafc6b58576120cc515adbdd0eedcf5095;hpb=82c2249ed451942c5ce1aeb661459588e8164b54;p=shibboleth%2Fsp.git diff --git a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp index 46f46aa..8a594cb 100644 --- a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp +++ b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp @@ -74,7 +74,7 @@ namespace shibsp { const Application& application, const EntityDescriptor* issuer, const XMLCh* protocol, - const NameID* nameid, + const NameID* nameid=NULL, const XMLCh* authncontext_class=NULL, const XMLCh* authncontext_decl=NULL, const vector* tokens=NULL, @@ -181,7 +181,7 @@ namespace shibsp { const Application& application, const EntityDescriptor* issuer, const XMLCh* protocol, - const NameID* nameid, + const NameID* nameid=NULL, const XMLCh* authncontext_class=NULL, const XMLCh* authncontext_decl=NULL, const vector* tokens=NULL, @@ -216,11 +216,6 @@ namespace shibsp { }; -void SHIBSP_API shibsp::registerAttributeResolvers() -{ - SPConfig::getConfig().AttributeResolverManager.registerFactory(QUERY_ATTRIBUTE_RESOLVER, QueryResolverFactory); -} - QueryResolver::QueryResolver(const DOMElement* e) : m_log(Category::getInstance(SHIBSP_LOGCAT".AttributeResolver")) { #ifdef _DEBUG @@ -269,6 +264,7 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const } const Application& application = ctx.getApplication(); + const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor()); shibsp::SecurityPolicy policy(application); MetadataCredentialCriteria mcc(*AA); shibsp::SOAPClient soaper(policy); @@ -281,7 +277,6 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const if (!XMLString::equals((*ep)->getBinding(),binding.get())) continue; auto_ptr_char loc((*ep)->getLocation()); - auto_ptr_XMLCh issuer(application.getString("entityID").second); NameIdentifier* nameid = NameIdentifierBuilder::buildNameIdentifier(); nameid->setName(ctx.getNameID()->getName()); nameid->setFormat(ctx.getNameID()->getFormat()); @@ -290,7 +285,7 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const subject->setNameIdentifier(nameid); saml1p::AttributeQuery* query = saml1p::AttributeQueryBuilder::buildAttributeQuery(); query->setSubject(subject); - query->setResource(issuer.get()); + query->setResource(relyingParty->getXMLString("entityID").second); for (vector::const_iterator ad = m_SAML1Designators.begin(); ad!=m_SAML1Designators.end(); ++ad) query->getAttributeDesignators().push_back((*ad)->cloneAttributeDesignator()); Request* request = RequestBuilder::buildRequest(); @@ -330,7 +325,7 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const auto_ptr wrapper(response); saml1::Assertion* newtoken = assertions.front(); - pair signedAssertions = application.getRelyingParty(ctx.getEntityDescriptor())->getBool("signedAssertions"); + pair signedAssertions = relyingParty->getBool("requireSignedAssertions"); if (!newtoken->getSignature() && signedAssertions.first && signedAssertions.second) { m_log.error("assertion unsigned, rejecting it based on signedAssertions policy"); return true; @@ -350,7 +345,7 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const throw SecurityPolicyException("Security of SAML 1.x query result not established."); // Lastly, check it over. - saml1::AssertionValidator tokval(application.getAudiences(), time(NULL)); + saml1::AssertionValidator tokval(relyingParty->getXMLString("entityID").second, application.getAudiences(), time(NULL)); tokval.validateAssertion(*newtoken); } catch (exception& ex) { @@ -405,7 +400,7 @@ bool QueryResolver::SAML2Query(QueryContext& ctx) const shibsp::SOAPClient soaper(policy); const PropertySet* relyingParty = application.getRelyingParty(ctx.getEntityDescriptor()); - pair signedAssertions = relyingParty->getBool("signedAssertions"); + pair signedAssertions = relyingParty->getBool("requireSignedAssertions"); pair encryption = relyingParty->getString("encryption"); auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP); @@ -416,8 +411,6 @@ bool QueryResolver::SAML2Query(QueryContext& ctx) const if (!XMLString::equals((*ep)->getBinding(),binding.get())) continue; auto_ptr_char loc((*ep)->getLocation()); - auto_ptr_XMLCh issuer(application.getString("entityID").second); - auto_ptr subject(saml2::SubjectBuilder::buildSubject()); // Encrypt the NameID? @@ -440,7 +433,7 @@ bool QueryResolver::SAML2Query(QueryContext& ctx) const saml2p::AttributeQuery* query = saml2p::AttributeQueryBuilder::buildAttributeQuery(); query->setSubject(subject.release()); Issuer* iss = IssuerBuilder::buildIssuer(); - iss->setName(issuer.get()); + iss->setName(relyingParty->getXMLString("entityID").second); query->setIssuer(iss); for (vector::const_iterator ad = m_SAML2Designators.begin(); ad!=m_SAML2Designators.end(); ++ad) query->getAttributes().push_back((*ad)->cloneAttribute()); @@ -503,7 +496,7 @@ bool QueryResolver::SAML2Query(QueryContext& ctx) const throw SecurityPolicyException("Security of SAML 2.0 query result not established."); // Lastly, check it over. - saml2::AssertionValidator tokval(application.getAudiences(), time(NULL)); + saml2::AssertionValidator tokval(relyingParty->getXMLString("entityID").second, application.getAudiences(), time(NULL)); tokval.validateAssertion(*newtoken); } catch (exception& ex) {