2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
24 * Implements SOAP 1.1 messaging over a transport.
28 #include "exceptions.h"
30 #include "binding/SecurityPolicy.h"
31 #include "binding/SOAPClient.h"
32 #include "saml2/metadata/Metadata.h"
33 #include "saml2/metadata/MetadataCredentialCriteria.h"
34 #include "saml2/metadata/MetadataProvider.h"
36 #include <xmltooling/security/X509TrustEngine.h>
37 #include <xmltooling/soap/SOAP.h>
38 #include <xmltooling/soap/HTTPSOAPTransport.h>
39 #include <xsec/framework/XSECDefs.hpp>
41 using namespace opensaml::saml2;
42 using namespace opensaml::saml2md;
43 using namespace opensaml;
44 using namespace xmltooling;
47 SOAPClient::SOAPClient(SecurityPolicy& policy)
48 : soap11::SOAPClient(policy.getValidating()), m_policy(policy), m_force(true), m_peer(nullptr), m_criteria(nullptr)
52 SOAPClient::~SOAPClient()
56 void SOAPClient::forceTransportAuthentication(bool force)
61 void SOAPClient::send(const soap11::Envelope& env, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
67 m_peer = &(to.getRole());
69 const xmltooling::QName& role = m_peer->getElementQName();
70 if (XMLString::equals(role.getLocalPart(),RoleDescriptor::LOCAL_NAME))
71 m_policy.setRole(m_peer->getSchemaType());
73 m_policy.setRole(&role);
75 // Establish the "expected" issuer identity.
76 const XMLCh* entityID = dynamic_cast<const EntityDescriptor*>(m_peer->getParent())->getEntityID();
77 m_policy.setIssuer(entityID);
78 if (!m_policy.getIssuerMetadata())
79 m_policy.setIssuerMetadata(m_peer);
81 // Call the base class.
82 auto_ptr_char pn(entityID);
83 soap11::SOAPClient::send(env, SOAPTransport::Address(from, pn.get(), endpoint));
86 void SOAPClient::prepareTransport(xmltooling::SOAPTransport& transport)
88 HTTPSOAPTransport* http = dynamic_cast<HTTPSOAPTransport*>(&transport);
90 http->setRequestHeader("SOAPAction", "http://www.oasis-open.org/committees/security");
91 http->setRequestHeader("Xerces-C", XERCES_FULLVERSIONDOT);
92 http->setRequestHeader("XML-Security-C", XSEC_FULLVERSIONDOT);
93 http->setRequestHeader("OpenSAML-C", OPENSAML_FULLVERSIONDOT);
96 const X509TrustEngine* engine = dynamic_cast<const X509TrustEngine*>(m_policy.getTrustEngine());
98 if (!transport.setTrustEngine(engine, m_policy.getMetadataProvider(), m_criteria, m_force))
99 throw BindingException("Unable to install X509TrustEngine into SOAPTransport.");
103 soap11::Envelope* SOAPClient::receive()
105 auto_ptr<soap11::Envelope> env(soap11::SOAPClient::receive());
107 if (m_peer && m_transport->isAuthenticated()) {
108 // Set flag based on peer identity.
109 m_policy.setAuthenticated(true);
112 // Run policy against SOAP layer.
113 m_policy.evaluate(*(env.get()));
115 return env.release();
118 void SOAPClient::reset()
120 m_criteria = nullptr;
122 soap11::SOAPClient::reset();
126 SecurityPolicy& SOAPClient::getPolicy() const