2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * SAML2SOAPEncoder.cpp
20 * SAML 2.0 SOAP binding message encoder
24 #include "exceptions.h"
25 #include "binding/MessageEncoder.h"
26 #include "signature/ContentReference.h"
27 #include "saml2/core/Protocols.h"
30 #include <xmltooling/logging.h>
31 #include <xmltooling/io/HTTPResponse.h>
32 #include <xmltooling/util/NDC.h>
33 #include <xmltooling/soap/SOAP.h>
35 using namespace opensaml::saml2p;
36 using namespace opensaml::saml2md;
37 using namespace opensaml;
38 using namespace xmlsignature;
39 using namespace soap11;
40 using namespace xmltooling::logging;
41 using namespace xmltooling;
46 class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder
50 virtual ~SAML2SOAPEncoder() {}
52 bool isUserAgentPresent() const {
57 GenericResponse& genericResponse,
59 const char* destination,
60 const EntityDescriptor* recipient=NULL,
61 const char* relayState=NULL,
62 const ArtifactGenerator* artifactGenerator=NULL,
63 const Credential* credential=NULL,
64 const XMLCh* signatureAlg=NULL,
65 const XMLCh* digestAlg=NULL
69 MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
71 return new SAML2SOAPEncoder();
76 long SAML2SOAPEncoder::encode(
77 GenericResponse& genericResponse,
79 const char* destination,
80 const EntityDescriptor* recipient,
81 const char* relayState,
82 const ArtifactGenerator* artifactGenerator,
83 const Credential* credential,
84 const XMLCh* signatureAlg,
85 const XMLCh* digestAlg
89 xmltooling::NDC ndc("encode");
91 Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP");
93 log.debug("validating input");
94 if (xmlObject->getParent())
95 throw BindingException("Cannot encode XML content with parent.");
97 genericResponse.setContentType("text/xml");
98 HTTPResponse* httpResponse = dynamic_cast<HTTPResponse*>(&genericResponse);
100 httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private");
101 httpResponse->setResponseHeader("Pragma", "no-cache");
104 DOMElement* rootElement = NULL;
105 SignableObject* msg = dynamic_cast<SignableObject*>(xmlObject);
108 Envelope* env = EnvelopeBuilder::buildEnvelope();
109 Body* body = BodyBuilder::buildBody();
111 body->getUnknownXMLObjects().push_back(msg);
113 if (msg->getSignature()) {
114 log.debug("message already signed, skipping signature operation");
115 rootElement = env->marshall();
118 log.debug("signing the message and marshalling the envelope");
120 // Build a Signature.
121 Signature* sig = SignatureBuilder::buildSignature();
122 msg->setSignature(sig);
124 sig->setSignatureAlgorithm(signatureAlg);
126 opensaml::ContentReference* cr = dynamic_cast<opensaml::ContentReference*>(sig->getContentReference());
128 cr->setDigestAlgorithm(digestAlg);
131 // Sign message while marshalling.
132 vector<Signature*> sigs(1,sig);
133 rootElement = env->marshall((DOMDocument*)NULL,&sigs,credential);
137 log.debug("marshalling the envelope");
138 rootElement = env->marshall();
143 log.debug("sending serialized envelope");
144 long ret = genericResponse.sendResponse(s);
146 // Cleanup by destroying XML.
150 catch (XMLToolingException&) {
151 // A bit weird...we have to "revert" things so that the response is isolated
152 // so the caller can free it.
153 if (msg->getParent()) {
154 msg->getParent()->detach();
161 Fault* fault = dynamic_cast<Fault*>(xmlObject);
164 log.debug("building envelope and marshalling fault");
165 Envelope* env = EnvelopeBuilder::buildEnvelope();
166 Body* body = BodyBuilder::buildBody();
168 body->getUnknownXMLObjects().push_back(fault);
169 rootElement = env->marshall();
172 XMLHelper::serialize(rootElement, xmlbuf);
173 istringstream s(xmlbuf);
174 log.debug("sending serialized fault");
175 long ret = genericResponse.sendError(s);
177 // Cleanup by destroying XML.
181 catch (XMLToolingException&) {
182 // A bit weird...we have to "revert" things so that the fault is isolated
183 // so the caller can free it.
184 if (fault->getParent()) {
185 fault->getParent()->detach();
192 Envelope* env = dynamic_cast<Envelope*>(xmlObject);
194 SignableObject* msg =
195 (env->getBody() && env->getBody()->hasChildren()) ?
196 dynamic_cast<SignableObject*>(env->getBody()->getUnknownXMLObjects().front()) : NULL;
197 if (msg && credential) {
198 if (msg->getSignature()) {
199 log.debug("message already signed, skipping signature operation");
200 rootElement = env->marshall();
203 log.debug("signing the message and marshalling the envelope");
205 // Build a Signature.
206 Signature* sig = SignatureBuilder::buildSignature();
207 msg->setSignature(sig);
209 sig->setSignatureAlgorithm(signatureAlg);
211 opensaml::ContentReference* cr = dynamic_cast<opensaml::ContentReference*>(sig->getContentReference());
213 cr->setDigestAlgorithm(digestAlg);
216 // Sign message while marshalling.
217 vector<Signature*> sigs(1,sig);
218 rootElement = env->marshall((DOMDocument*)NULL,&sigs,credential);
222 log.debug("marshalling the envelope");
223 rootElement = env->marshall();
227 XMLHelper::serialize(rootElement, xmlbuf);
228 istringstream s(xmlbuf);
229 log.debug("sending serialized envelope");
232 env->getBody()->hasChildren() &&
233 dynamic_cast<Fault*>(env->getBody()->getUnknownXMLObjects().front()));
234 long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s);
236 // Cleanup by destroying XML.
241 throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 message or SOAP Fault/Envelope.");