2 * Copyright 2001-2009 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
20 * Implements SOAP 1.1 messaging over a transport.
24 #include "exceptions.h"
26 #include "binding/SecurityPolicy.h"
27 #include "binding/SOAPClient.h"
28 #include "saml2/metadata/Metadata.h"
29 #include "saml2/metadata/MetadataProvider.h"
31 #include <xmltooling/security/X509TrustEngine.h>
32 #include <xmltooling/soap/SOAP.h>
33 #include <xmltooling/soap/HTTPSOAPTransport.h>
34 #include <xsec/framework/XSECDefs.hpp>
36 using namespace opensaml::saml2;
37 using namespace opensaml::saml2md;
38 using namespace opensaml;
39 using namespace xmltooling;
42 SOAPClient::SOAPClient(SecurityPolicy& policy)
43 : soap11::SOAPClient(policy.getValidating()), m_policy(policy), m_force(true), m_peer(NULL), m_criteria(NULL)
47 void SOAPClient::send(const soap11::Envelope& env, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
53 m_peer = &(to.getRole());
55 const xmltooling::QName& role = m_peer->getElementQName();
56 if (XMLString::equals(role.getLocalPart(),RoleDescriptor::LOCAL_NAME))
57 m_policy.setRole(m_peer->getSchemaType());
59 m_policy.setRole(&role);
61 // Establish the "expected" issuer identity.
62 const XMLCh* entityID = dynamic_cast<const EntityDescriptor*>(m_peer->getParent())->getEntityID();
63 m_policy.setIssuer(entityID);
64 if (!m_policy.getIssuerMetadata())
65 m_policy.setIssuerMetadata(m_peer);
67 // Call the base class.
68 auto_ptr_char pn(entityID);
69 soap11::SOAPClient::send(env, SOAPTransport::Address(from, pn.get(), endpoint));
72 void SOAPClient::prepareTransport(xmltooling::SOAPTransport& transport)
74 HTTPSOAPTransport* http = dynamic_cast<HTTPSOAPTransport*>(&transport);
76 http->setRequestHeader("SOAPAction", "http://www.oasis-open.org/committees/security");
77 http->setRequestHeader("Xerces-C", XERCES_FULLVERSIONDOT);
78 http->setRequestHeader("XML-Security-C", XSEC_FULLVERSIONDOT);
79 http->setRequestHeader("OpenSAML-C", OPENSAML_FULLVERSIONDOT);
82 const X509TrustEngine* engine = dynamic_cast<const X509TrustEngine*>(m_policy.getTrustEngine());
84 if (!transport.setTrustEngine(engine, m_policy.getMetadataProvider(), m_criteria, m_force))
85 throw BindingException("Unable to install X509TrustEngine into SOAPTransport.");
89 soap11::Envelope* SOAPClient::receive()
91 auto_ptr<soap11::Envelope> env(soap11::SOAPClient::receive());
93 if (m_peer && m_transport->isAuthenticated()) {
94 // Set flag based on peer identity.
95 m_policy.setAuthenticated(true);
98 // Run policy against SOAP layer.
99 m_policy.evaluate(*(env.get()));
101 return env.release();
104 void SOAPClient::reset()
108 soap11::SOAPClient::reset();