saml/saml2/binding/impl/SAML2SOAPClient.cpp

   1 /*
   2  *  Copyright 2001-2009 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * SAML2SOAPClient.cpp
  19  *
  20  * Specialized SOAPClient for SAML 2.0 SOAP binding.
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "binding/SecurityPolicy.h"
  26 #include "binding/SOAPClient.h"
  27 #include "saml2/binding/SAML2SOAPClient.h"
  28 #include "saml2/core/Protocols.h"
  29 #include "saml2/metadata/Metadata.h"
  30 #include "saml2/metadata/MetadataProvider.h"
  31
  32 #include <xmltooling/logging.h>
  33 #include <xmltooling/soap/SOAP.h>
  34
  35 using namespace opensaml::saml2;
  36 using namespace opensaml::saml2p;
  37 using namespace opensaml::saml2md;
  38 using namespace opensaml;
  39 using namespace soap11;
  40 using namespace xmltooling::logging;
  41 using namespace xmltooling;
  42 using namespace std;
  43
  44 void SAML2SOAPClient::sendSAML(RequestAbstractType* request, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
  45 {
  46     auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
  47     Body* body = BodyBuilder::buildBody();
  48     env->setBody(body);
  49     body->getUnknownXMLObjects().push_back(request);
  50     m_soaper.send(*env.get(), from, to, endpoint);
  51     m_correlate = XMLString::replicate(request->getID());
  52 }
  53
  54 StatusResponseType* SAML2SOAPClient::receiveSAML()
  55 {
  56     auto_ptr<Envelope> env(m_soaper.receive());
  57     if (env.get()) {
  58         Body* body = env->getBody();
  59         if (body && body->hasChildren()) {
  60             // Check for SAML Response.
  61             StatusResponseType* response = dynamic_cast<StatusResponseType*>(body->getUnknownXMLObjects().front());
  62             if (response) {
  63                 // Check InResponseTo.
  64                 if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
  65                     throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
  66
  67                 SecurityPolicy& policy = m_soaper.getPolicy();
  68                 policy.reset(true);
  69
  70                 // Extract Response details.
  71                 policy.setMessageID(response->getID());
  72                 policy.setIssueInstant(response->getIssueInstantEpoch());
  73
  74                 // Extract and re-verify Issuer if present.
  75                 const Issuer* issuer = response->getIssuer();
  76                 if (issuer)
  77                     policy.setIssuer(issuer);   // This will throw if it conflicts with the known peer identity.
  78
  79                 // Now run the policy.
  80                 policy.evaluate(*response);
  81
  82                 // Check Status.
  83                 Status* status = response->getStatus();
  84                 if (status) {
  85                     const XMLCh* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
  86                     if (code && !XMLString::equals(code,StatusCode::SUCCESS) && handleError(*status)) {
  87                         BindingException ex("SAML response contained an error.");
  88                         annotateException(&ex, policy.getIssuerMetadata(), status);   // throws it
  89                     }
  90                 }
  91
  92                 env.release();
  93                 body->detach(); // frees Envelope
  94                 response->detach();   // frees Body
  95                 return response;
  96             }
  97         }
  98
  99         BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault.");
 100         if (m_soaper.getPolicy().getIssuerMetadata())
 101             annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
 102         else
 103             ex.raise();
 104     }
 105     return NULL;
 106 }
 107
 108 bool SAML2SOAPClient::handleError(const Status& status)
 109 {
 110     auto_ptr_char code((status.getStatusCode() ? status.getStatusCode()->getValue() : NULL));
 111     auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : NULL));
 112     Category::getInstance(SAML_LOGCAT".SOAPClient").error(
 113         "SOAP client detected a SAML error: (%s) (%s)",
 114         (code.get() ? code.get() : "no code"),
 115         (str.get() ? str.get() : "no message")
 116         );
 117     return m_fatal;
 118 }