saml/saml2/binding/impl/SAML2SOAPEncoder.cpp

   1 /*
   2  *  Copyright 2001-2007 Internet2
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *     http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 /**
  18  * SAML2SOAPEncoder.cpp
  19  *
  20  * SAML 2.0 SOAP binding message encoder
  21  */
  22
  23 #include "internal.h"
  24 #include "exceptions.h"
  25 #include "binding/HTTPResponse.h"
  26 #include "binding/MessageEncoder.h"
  27 #include "saml2/core/Protocols.h"
  28
  29 #include <sstream>
  30 #include <log4cpp/Category.hh>
  31 #include <xmltooling/util/NDC.h>
  32 #include <xmltooling/soap/SOAP.h>
  33
  34 using namespace opensaml::saml2p;
  35 using namespace opensaml;
  36 using namespace xmlsignature;
  37 using namespace soap11;
  38 using namespace xmltooling;
  39 using namespace log4cpp;
  40 using namespace std;
  41
  42 namespace opensaml {
  43     namespace saml2p {
  44         class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder
  45         {
  46         public:
  47             SAML2SOAPEncoder(const DOMElement* e);
  48             virtual ~SAML2SOAPEncoder() {}
  49
  50             long encode(
  51                 GenericResponse& genericResponse,
  52                 XMLObject* xmlObject,
  53                 const char* destination,
  54                 const char* recipientID=NULL,
  55                 const char* relayState=NULL,
  56                 const Credential* credential=NULL,
  57                 const XMLCh* sigAlgorithm=NULL
  58                 ) const;
  59         };
  60
  61         MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const DOMElement* const & e)
  62         {
  63             return new SAML2SOAPEncoder(e);
  64         }
  65     };
  66 };
  67
  68 SAML2SOAPEncoder::SAML2SOAPEncoder(const DOMElement* e) {}
  69
  70 long SAML2SOAPEncoder::encode(
  71     GenericResponse& genericResponse,
  72     XMLObject* xmlObject,
  73     const char* destination,
  74     const char* recipientID,
  75     const char* relayState,
  76     const Credential* credential,
  77     const XMLCh* sigAlgorithm
  78     ) const
  79 {
  80 #ifdef _DEBUG
  81     xmltooling::NDC ndc("encode");
  82 #endif
  83     Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP");
  84
  85     log.debug("validating input");
  86     if (xmlObject->getParent())
  87         throw BindingException("Cannot encode XML content with parent.");
  88
  89     genericResponse.setContentType("text/xml");
  90     HTTPResponse* httpResponse = dynamic_cast<HTTPResponse*>(&genericResponse);
  91     if (httpResponse) {
  92         httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
  93         httpResponse->setResponseHeader("Pragma", "no-cache");
  94     }
  95
  96     DOMElement* rootElement = NULL;
  97     StatusResponseType* response = dynamic_cast<StatusResponseType*>(xmlObject);
  98     if (response) {
  99         try {
 100             Envelope* env = EnvelopeBuilder::buildEnvelope();
 101             Body* body = BodyBuilder::buildBody();
 102             env->setBody(body);
 103             body->getUnknownXMLObjects().push_back(response);
 104             if (credential) {
 105                 if (response->getSignature()) {
 106                     log.debug("response already signed, skipping signature operation");
 107                     rootElement = env->marshall();
 108                 }
 109                 else {
 110                     log.debug("signing and marshalling the response");
 111
 112                     // Build a Signature.
 113                     Signature* sig = SignatureBuilder::buildSignature();
 114                     response->setSignature(sig);
 115                     if (sigAlgorithm)
 116                         sig->setSignatureAlgorithm(sigAlgorithm);
 117
 118                     // Sign response while marshalling.
 119                     vector<Signature*> sigs(1,sig);
 120                     rootElement = env->marshall((DOMDocument*)NULL,&sigs,credential);
 121                 }
 122             }
 123             else {
 124                 log.debug("marshalling the response");
 125                 rootElement = env->marshall();
 126             }
 127
 128             stringstream s;
 129             s << *rootElement;
 130             log.debug("sending serialized response");
 131             long ret = genericResponse.sendResponse(s);
 132
 133             // Cleanup by destroying XML.
 134             delete env;
 135             return ret;
 136         }
 137         catch (XMLToolingException&) {
 138             // A bit weird...we have to "revert" things so that the response is isolated
 139             // so the caller can free it.
 140             if (response->getParent()) {
 141                 response->getParent()->detach();
 142                 response->detach();
 143             }
 144             throw;
 145         }
 146     }
 147
 148     Fault* fault = dynamic_cast<Fault*>(xmlObject);
 149     if (fault) {
 150         try {
 151             log.debug("building Envelope and marshalling Fault");
 152             Envelope* env = EnvelopeBuilder::buildEnvelope();
 153             Body* body = BodyBuilder::buildBody();
 154             env->setBody(body);
 155             body->getUnknownXMLObjects().push_back(fault);
 156             rootElement = env->marshall();
 157
 158             string xmlbuf;
 159             XMLHelper::serialize(rootElement, xmlbuf);
 160             istringstream s(xmlbuf);
 161             log.debug("sending serialized fault");
 162             long ret = genericResponse.sendError(s);
 163
 164             // Cleanup by destroying XML.
 165             delete env;
 166             return ret;
 167         }
 168         catch (XMLToolingException&) {
 169             // A bit weird...we have to "revert" things so that the fault is isolated
 170             // so the caller can free it.
 171             if (fault->getParent()) {
 172                 fault->getParent()->detach();
 173                 fault->detach();
 174             }
 175             throw;
 176         }
 177     }
 178
 179     Envelope* env = dynamic_cast<Envelope*>(xmlObject);
 180     if (env) {
 181         log.debug("marshalling envelope");
 182         rootElement = env->marshall();
 183
 184         bool error =
 185             (env->getBody() &&
 186                 env->getBody()->hasChildren() &&
 187                     dynamic_cast<Fault*>(env->getBody()->getUnknownXMLObjects().front()));
 188
 189         string xmlbuf;
 190         XMLHelper::serialize(rootElement, xmlbuf);
 191         istringstream s(xmlbuf);
 192         log.debug("sending serialized envelope");
 193         long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s);
 194
 195         // Cleanup by destroying XML.
 196         delete env;
 197         return ret;
 198     }
 199
 200     throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 response or SOAP Fault/Envelope.");
 201 }