2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * SAML1SOAPEncoder.cpp
24 * SAML 1.x SOAP binding message encoder.
28 #include "exceptions.h"
29 #include "binding/MessageEncoder.h"
30 #include "signature/ContentReference.h"
31 #include "saml1/core/Protocols.h"
34 #include <xmltooling/logging.h>
35 #include <xmltooling/io/HTTPResponse.h>
36 #include <xmltooling/signature/Signature.h>
37 #include <xmltooling/util/NDC.h>
38 #include <xmltooling/soap/SOAP.h>
40 using namespace opensaml::saml1p;
41 using namespace opensaml::saml2md;
42 using namespace opensaml;
43 using namespace xmlsignature;
44 using namespace soap11;
45 using namespace xmltooling::logging;
46 using namespace xmltooling;
51 class SAML_DLLLOCAL SAML1SOAPEncoder : public MessageEncoder
55 virtual ~SAML1SOAPEncoder() {}
57 bool isUserAgentPresent() const {
61 const XMLCh* getProtocolFamily() const {
62 return samlconstants::SAML11_PROTOCOL_ENUM;
66 GenericResponse& genericResponse,
68 const char* destination,
69 const EntityDescriptor* recipient=nullptr,
70 const char* relayState=nullptr,
71 const ArtifactGenerator* artifactGenerator=nullptr,
72 const Credential* credential=nullptr,
73 const XMLCh* signatureAlg=nullptr,
74 const XMLCh* digestAlg=nullptr
78 MessageEncoder* SAML_DLLLOCAL SAML1SOAPEncoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
80 return new SAML1SOAPEncoder();
85 long SAML1SOAPEncoder::encode(
86 GenericResponse& genericResponse,
88 const char* destination,
89 const EntityDescriptor* recipient,
90 const char* relayState,
91 const ArtifactGenerator* artifactGenerator,
92 const Credential* credential,
93 const XMLCh* signatureAlg,
94 const XMLCh* digestAlg
98 xmltooling::NDC ndc("encode");
100 Category& log = Category::getInstance(SAML_LOGCAT ".MessageEncoder.SAML1SOAP");
102 log.debug("validating input");
103 if (xmlObject->getParent())
104 throw BindingException("Cannot encode XML content with parent.");
106 genericResponse.setContentType("text/xml");
107 HTTPResponse* httpResponse = dynamic_cast<HTTPResponse*>(&genericResponse);
109 httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT");
110 httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
111 httpResponse->setResponseHeader("Pragma", "no-cache");
114 bool detachOnFailure = false;
115 DOMElement* rootElement = nullptr;
117 // Check for a naked Response.
118 Response* response = dynamic_cast<Response*>(xmlObject);
120 // Wrap it in a SOAP envelope and point xmlObject at that.
121 detachOnFailure = true;
122 Envelope* env = EnvelopeBuilder::buildEnvelope();
123 Body* body = BodyBuilder::buildBody();
125 body->getUnknownXMLObjects().push_back(response);
129 // Now check for a full Envelope (which might have just been created).
130 Envelope* env = dynamic_cast<Envelope*>(xmlObject);
133 response = (env->getBody() && env->getBody()->hasChildren()) ?
134 dynamic_cast<Response*>(env->getBody()->getUnknownXMLObjects().front()) : nullptr;
137 // Now check for signing requirements.
138 if (response && credential) {
139 if (response->getSignature()) {
140 log.debug("response already signed, skipping signature operation");
141 rootElement = env->marshall();
144 log.debug("signing the response and marshalling the envelope");
146 // Build a Signature.
147 Signature* sig = SignatureBuilder::buildSignature();
148 response->setSignature(sig);
150 sig->setSignatureAlgorithm(signatureAlg);
152 opensaml::ContentReference* cr = dynamic_cast<opensaml::ContentReference*>(sig->getContentReference());
154 cr->setDigestAlgorithm(digestAlg);
157 // Sign message while marshalling.
158 vector<Signature*> sigs(1,sig);
159 rootElement = env->marshall((DOMDocument*)nullptr,&sigs,credential);
163 log.debug("marshalling the envelope");
164 rootElement = env->marshall();
170 if (log.isDebugEnabled())
171 log.debug("marshalled envelope:\n%s", s.str().c_str());
173 log.debug("sending serialized envelope");
174 bool error = (!response && env->getBody() && env->getBody()->hasChildren() &&
175 dynamic_cast<Fault*>(env->getBody()->getUnknownXMLObjects().front()));
176 long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s);
178 // Cleanup by destroying XML.
182 catch (XMLToolingException&) {
183 if (response && detachOnFailure) {
184 // A bit weird...we have to "revert" things so that the response is isolated
185 // so the caller can free it.
186 if (response->getParent()) {
187 response->getParent()->detach();
195 Fault* fault = dynamic_cast<Fault*>(xmlObject);
198 log.debug("building envelope and marshalling fault");
199 Envelope* env = EnvelopeBuilder::buildEnvelope();
200 Body* body = BodyBuilder::buildBody();
202 body->getUnknownXMLObjects().push_back(fault);
203 rootElement = env->marshall();
208 if (log.isDebugEnabled())
209 log.debug("marshalled envelope:\n%s", s.str().c_str());
211 log.debug("sending serialized envelope");
212 long ret = genericResponse.sendError(s);
214 // Cleanup by destroying XML.
218 catch (XMLToolingException&) {
219 // A bit weird...we have to "revert" things so that the fault is isolated
220 // so the caller can free it.
221 if (fault->getParent()) {
222 fault->getParent()->detach();
229 throw BindingException("XML content for SAML 1.x SOAP Encoder must be a SAML 1.x <Response> or SOAP Fault/Envelope.");