2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML2SOAPEncoder.cpp
20 * SAML 2.0 SOAP binding message encoder
24 #include "exceptions.h"
25 #include "binding/HTTPResponse.h"
26 #include "binding/MessageEncoder.h"
27 #include "saml2/core/Protocols.h"
30 #include <log4cpp/Category.hh>
31 #include <xmltooling/util/NDC.h>
32 #include <xmltooling/soap/SOAP.h>
34 using namespace opensaml::saml2p;
35 using namespace opensaml;
36 using namespace xmlsignature;
37 using namespace soap11;
38 using namespace xmltooling;
39 using namespace log4cpp;
44 class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder
47 SAML2SOAPEncoder(const DOMElement* e);
48 virtual ~SAML2SOAPEncoder() {}
51 GenericResponse& genericResponse,
53 const char* destination,
54 const char* recipientID=NULL,
55 const char* relayState=NULL,
56 const Credential* credential=NULL,
57 const XMLCh* sigAlgorithm=NULL
61 MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const DOMElement* const & e)
63 return new SAML2SOAPEncoder(e);
68 SAML2SOAPEncoder::SAML2SOAPEncoder(const DOMElement* e) {}
70 long SAML2SOAPEncoder::encode(
71 GenericResponse& genericResponse,
73 const char* destination,
74 const char* recipientID,
75 const char* relayState,
76 const Credential* credential,
77 const XMLCh* sigAlgorithm
81 xmltooling::NDC ndc("encode");
83 Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP");
85 log.debug("validating input");
86 if (xmlObject->getParent())
87 throw BindingException("Cannot encode XML content with parent.");
89 genericResponse.setContentType("text/xml");
90 HTTPResponse* httpResponse = dynamic_cast<HTTPResponse*>(&genericResponse);
92 httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
93 httpResponse->setResponseHeader("Pragma", "no-cache");
96 DOMElement* rootElement = NULL;
97 StatusResponseType* response = dynamic_cast<StatusResponseType*>(xmlObject);
100 Envelope* env = EnvelopeBuilder::buildEnvelope();
101 Body* body = BodyBuilder::buildBody();
103 body->getUnknownXMLObjects().push_back(response);
105 if (response->getSignature()) {
106 log.debug("response already signed, skipping signature operation");
107 rootElement = env->marshall();
110 log.debug("signing and marshalling the response");
112 // Build a Signature.
113 Signature* sig = SignatureBuilder::buildSignature();
114 response->setSignature(sig);
116 sig->setSignatureAlgorithm(sigAlgorithm);
118 // Sign response while marshalling.
119 vector<Signature*> sigs(1,sig);
120 rootElement = env->marshall((DOMDocument*)NULL,&sigs,credential);
124 log.debug("marshalling the response");
125 rootElement = env->marshall();
130 log.debug("sending serialized response");
131 long ret = genericResponse.sendResponse(s);
133 // Cleanup by destroying XML.
137 catch (XMLToolingException&) {
138 // A bit weird...we have to "revert" things so that the response is isolated
139 // so the caller can free it.
140 if (response->getParent()) {
141 response->getParent()->detach();
148 Fault* fault = dynamic_cast<Fault*>(xmlObject);
151 log.debug("building Envelope and marshalling Fault");
152 Envelope* env = EnvelopeBuilder::buildEnvelope();
153 Body* body = BodyBuilder::buildBody();
155 body->getUnknownXMLObjects().push_back(fault);
156 rootElement = env->marshall();
159 XMLHelper::serialize(rootElement, xmlbuf);
160 istringstream s(xmlbuf);
161 log.debug("sending serialized fault");
162 long ret = genericResponse.sendError(s);
164 // Cleanup by destroying XML.
168 catch (XMLToolingException&) {
169 // A bit weird...we have to "revert" things so that the fault is isolated
170 // so the caller can free it.
171 if (fault->getParent()) {
172 fault->getParent()->detach();
179 Envelope* env = dynamic_cast<Envelope*>(xmlObject);
181 log.debug("marshalling envelope");
182 rootElement = env->marshall();
186 env->getBody()->hasChildren() &&
187 dynamic_cast<Fault*>(env->getBody()->getUnknownXMLObjects().front()));
190 XMLHelper::serialize(rootElement, xmlbuf);
191 istringstream s(xmlbuf);
192 log.debug("sending serialized envelope");
193 long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s);
195 // Cleanup by destroying XML.
200 throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 response or SOAP Fault/Envelope.");