2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML2SOAPEncoder.cpp
20 * SAML 2.0 SOAP binding message encoder.
24 #include "exceptions.h"
25 #include "binding/MessageEncoder.h"
26 #include "signature/ContentReference.h"
27 #include "saml2/core/Protocols.h"
30 #include <xmltooling/logging.h>
31 #include <xmltooling/io/HTTPResponse.h>
32 #include <xmltooling/util/NDC.h>
33 #include <xmltooling/signature/Signature.h>
34 #include <xmltooling/soap/SOAP.h>
36 using namespace opensaml::saml2p;
37 using namespace opensaml::saml2md;
38 using namespace opensaml;
39 using namespace xmlsignature;
40 using namespace soap11;
41 using namespace xmltooling::logging;
42 using namespace xmltooling;
47 class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder
51 virtual ~SAML2SOAPEncoder() {}
53 bool isUserAgentPresent() const {
57 const XMLCh* getProtocolFamily() const {
58 return samlconstants::SAML20P_NS;
61 const char* getShortName() const {
66 GenericResponse& genericResponse,
68 const char* destination,
69 const EntityDescriptor* recipient=nullptr,
70 const char* relayState=nullptr,
71 const ArtifactGenerator* artifactGenerator=nullptr,
72 const Credential* credential=nullptr,
73 const XMLCh* signatureAlg=nullptr,
74 const XMLCh* digestAlg=nullptr
78 MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
80 return new SAML2SOAPEncoder();
85 long SAML2SOAPEncoder::encode(
86 GenericResponse& genericResponse,
88 const char* destination,
89 const EntityDescriptor* recipient,
90 const char* relayState,
91 const ArtifactGenerator* artifactGenerator,
92 const Credential* credential,
93 const XMLCh* signatureAlg,
94 const XMLCh* digestAlg
98 xmltooling::NDC ndc("encode");
100 Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP");
102 log.debug("validating input");
103 if (xmlObject->getParent())
104 throw BindingException("Cannot encode XML content with parent.");
106 genericResponse.setContentType("text/xml");
107 HTTPResponse* httpResponse = dynamic_cast<HTTPResponse*>(&genericResponse);
109 httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT");
110 httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
111 httpResponse->setResponseHeader("Pragma", "no-cache");
114 bool detachOnFailure = false;
115 DOMElement* rootElement = nullptr;
117 // Check for a naked message.
118 SignableObject* msg = dynamic_cast<SignableObject*>(xmlObject);
120 // Wrap it in a SOAP envelope and point xmlObject at that.
121 detachOnFailure = true;
122 Envelope* env = EnvelopeBuilder::buildEnvelope();
123 Body* body = BodyBuilder::buildBody();
125 body->getUnknownXMLObjects().push_back(msg);
129 Envelope* env = dynamic_cast<Envelope*>(xmlObject);
132 msg = (env->getBody() && env->getBody()->hasChildren()) ?
133 dynamic_cast<SignableObject*>(env->getBody()->getUnknownXMLObjects().front()) : nullptr;
136 if (msg && credential) {
137 if (msg->getSignature()) {
138 log.debug("message already signed, skipping signature operation");
139 rootElement = env->marshall();
142 log.debug("signing the message and marshalling the envelope");
144 // Build a Signature.
145 Signature* sig = SignatureBuilder::buildSignature();
146 msg->setSignature(sig);
148 sig->setSignatureAlgorithm(signatureAlg);
150 opensaml::ContentReference* cr = dynamic_cast<opensaml::ContentReference*>(sig->getContentReference());
152 cr->setDigestAlgorithm(digestAlg);
155 // Sign message while marshalling.
156 vector<Signature*> sigs(1,sig);
157 rootElement = env->marshall((DOMDocument*)nullptr,&sigs,credential);
161 log.debug("marshalling the envelope");
162 rootElement = env->marshall();
168 if (log.isDebugEnabled())
169 log.debug("marshalled envelope:\n%s", s.str().c_str());
171 log.debug("sending serialized envelope");
172 bool error = (!msg && env->getBody() && env->getBody()->hasChildren() &&
173 dynamic_cast<Fault*>(env->getBody()->getUnknownXMLObjects().front()));
174 long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s);
176 // Cleanup by destroying XML.
180 catch (XMLToolingException&) {
181 if (msg && detachOnFailure) {
182 // A bit weird...we have to "revert" things so that the message is isolated
183 // so the caller can free it.
184 if (msg->getParent()) {
185 msg->getParent()->detach();
193 Fault* fault = dynamic_cast<Fault*>(xmlObject);
196 log.debug("building envelope and marshalling fault");
197 Envelope* env = EnvelopeBuilder::buildEnvelope();
198 Body* body = BodyBuilder::buildBody();
200 body->getUnknownXMLObjects().push_back(fault);
201 rootElement = env->marshall();
206 if (log.isDebugEnabled())
207 log.debug("marshalled envelope:\n%s", s.str().c_str());
209 log.debug("sending serialized envelope");
210 long ret = genericResponse.sendError(s);
212 // Cleanup by destroying XML.
216 catch (XMLToolingException&) {
217 // A bit weird...we have to "revert" things so that the fault is isolated
218 // so the caller can free it.
219 if (fault->getParent()) {
220 fault->getParent()->detach();
227 throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 message or SOAP Fault/Envelope.");