#include "exceptions.h"
#include "RootObject.h"
#include "binding/MessageFlowRule.h"
+#include "util/SAMLConstants.h"
#include <xmltooling/util/NDC.h>
#include <xmltooling/util/ReplayCache.h>
const XMLObject& message,
const saml2md::MetadataProvider* metadataProvider,
const QName* role,
- const opensaml::TrustEngine* trustEngine
+ const TrustEngine* trustEngine
) const
{
+ Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.MessageFlow");
+ log.debug("evaluating message flow policy");
+
try {
- const RootObject& obj = dynamic_cast<const RootObject&>(message);
- check(obj.getID(), obj.getIssueInstantEpoch());
+ const XMLCh* ns = message.getElementQName().getNamespaceURI();
+ if (ns && (XMLString::equals(ns, samlconstants::SAML20P_NS) || XMLString::equals(ns, samlconstants::SAML1P_NS))) {
+ const RootObject& obj = dynamic_cast<const RootObject&>(message);
+ check(obj.getID(), obj.getIssueInstantEpoch());
+ }
+ else {
+ log.debug("ignoring unrecognized message type");
+ }
}
catch (bad_cast&) {
- throw BindingException("Message was not of a recognized type.");
+ log.warn("caught a bad_cast while extracting issuer");
}
return pair<saml2::Issuer*,const saml2md::RoleDescriptor*>(NULL,NULL);
}
time_t skew = XMLToolingConfig::getConfig().clock_skew_secs;
time_t now = time(NULL);
if (issueInstant > now + skew) {
- log.error("rejected not-yet-valid message, timestamp (%lu), now (%lu)", issueInstant, now + skew);
+ log.errorStream() << "rejected not-yet-valid message, timestamp (" << issueInstant <<
+ "), newest allowed (" << now + skew << ")" << CategoryStream::ENDLINE;
throw BindingException("Message rejected, was issued in the future.");
}
else if (issueInstant < now - skew - m_expires) {
- log.error("rejected expired message, timestamp (%lu), oldest allowed (%lu)", issueInstant, now - skew - m_expires);
+ log.errorStream() << "rejected expired message, timestamp (" << issueInstant <<
+ "), oldest allowed (" << (now - skew - m_expires) << ")" << CategoryStream::ENDLINE;
throw BindingException("Message expired, was issued too long ago.");
}