2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML1SOAPDecoder.cpp
20 * SAML 1.x SOAP binding message decoder
24 #include "exceptions.h"
25 #include "binding/MessageDecoder.h"
26 #include "saml1/core/Protocols.h"
28 #include <log4cpp/Category.hh>
29 #include <xmltooling/soap/SOAP.h>
30 #include <xmltooling/util/NDC.h>
31 #include <xmltooling/validation/ValidatorSuite.h>
33 using namespace opensaml::saml1p;
34 using namespace opensaml;
35 using namespace soap11;
36 using namespace xmltooling;
37 using namespace log4cpp;
42 class SAML_DLLLOCAL SAML1SOAPDecoder : public MessageDecoder
45 SAML1SOAPDecoder(const DOMElement* e) {}
46 virtual ~SAML1SOAPDecoder() {}
48 xmltooling::XMLObject* decode(
49 std::string& relayState,
50 const GenericRequest& genericRequest,
51 SecurityPolicy& policy
55 MessageDecoder* SAML_DLLLOCAL SAML1SOAPDecoderFactory(const DOMElement* const & e)
57 return new SAML1SOAPDecoder(e);
62 XMLObject* SAML1SOAPDecoder::decode(
64 const GenericRequest& genericRequest,
65 SecurityPolicy& policy
69 xmltooling::NDC ndc("decode");
71 Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML1SOAP");
73 log.debug("validating input");
74 string s = genericRequest.getContentType();
75 if (s.find("text/xml") == string::npos) {
76 log.warn("ignoring incorrect content type (%s)", s.c_str() ? s.c_str() : "none");
80 const char* data = genericRequest.getRequestBody();
82 log.warn("empty request body");
85 istringstream is(data);
87 // Parse and bind the document into an XMLObject.
88 DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser()
89 : XMLToolingConfig::getConfig().getParser()).parse(is);
90 XercesJanitor<DOMDocument> janitor(doc);
91 auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
94 Envelope* env = dynamic_cast<Envelope*>(xmlObject.get());
96 throw BindingException("Decoded message was not a SOAP 1.1 Envelope.");
98 if (!policy.getValidating())
99 SchemaValidators.validate(env);
101 Body* body = env->getBody();
102 if (body && body->hasChildren()) {
103 Request* request = dynamic_cast<Request*>(body->getUnknownXMLObjects().front());
105 // Run through the policy at two layers.
106 policy.evaluate(*env, &genericRequest);
107 policy.evaluate(*request, &genericRequest);
109 body->detach(); // frees Envelope
110 request->detach(); // frees Body
115 throw BindingException("SOAP Envelope did not contain a SAML Request.");