Fix handling of errorFatal flag in rules.

[shibboleth/cpp-opensaml.git] / saml / binding / impl / XMLSigningRule.cpp

diff --git a/saml/binding/impl/XMLSigningRule.cpp b/saml/binding/impl/XMLSigningRule.cpp
index 3cb3daf..047de86 100644 (file)
--- a/saml/binding/impl/XMLSigningRule.cpp
+++ b/saml/binding/impl/XMLSigningRule.cpp
@@ -29,13 +29,13 @@
 #include "saml2/metadata/MetadataProvider.h"
 #include "signature/SignatureProfileValidator.h"
 
-#include <log4cpp/Category.hh>
+#include <xmltooling/logging.h>
 #include <xmltooling/security/SignatureTrustEngine.h>
 
 using namespace opensaml::saml2md;
 using namespace opensaml;
+using namespace xmltooling::logging;
 using namespace xmltooling;
-using namespace log4cpp;
 using namespace std;
 
 using xmlsignature::SignatureException;
@@ -47,10 +47,13 @@ namespace opensaml {
         XMLSigningRule(const DOMElement* e);
         virtual ~XMLSigningRule() {}
         
-        void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
+        const char* getType() const {
+            return XMLSIGNING_POLICY_RULE;
+        }
+        void evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
 
     private:
-        bool m_errorsFatal;
+        bool m_errorFatal;
     };
 
     SecurityPolicyRule* SAML_DLLLOCAL XMLSigningRuleFactory(const DOMElement* const & e)
@@ -58,14 +61,14 @@ namespace opensaml {
         return new XMLSigningRule(e);
     }
     
-    static const XMLCh errorsFatal[] = UNICODE_LITERAL_11(e,r,r,o,r,s,F,a,t,a,l);
+    static const XMLCh errorFatal[] = UNICODE_LITERAL_10(e,r,r,o,r,F,a,t,a,l);
 };
 
-XMLSigningRule::XMLSigningRule(const DOMElement* e) : m_errorsFatal(false)
+XMLSigningRule::XMLSigningRule(const DOMElement* e) : m_errorFatal(false)
 {
     if (e) {
-        const XMLCh* flag = e->getAttributeNS(NULL, errorsFatal);
-        m_errorsFatal = (flag && (*flag==chLatin_t || *flag==chDigit_1)); 
+        const XMLCh* flag = e->getAttributeNS(NULL, errorFatal);
+        m_errorFatal = (flag && (*flag==chLatin_t || *flag==chDigit_1)); 
     }
 }
 
@@ -95,7 +98,7 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re
     }
     catch (ValidationException& ve) {
         log.error("signature profile failed to validate: %s", ve.what());
-        if (m_errorsFatal)
+        if (m_errorFatal)
             throw;
         return;
     }
@@ -105,11 +108,11 @@ void XMLSigningRule::evaluate(const XMLObject& message, const GenericRequest* re
 
     if (!sigtrust->validate(*(signable->getSignature()), *(policy.getMetadataProvider()), &cc)) {
         log.error("unable to verify message signature with supplied trust engine");
-        if (m_errorsFatal)
-            throw SignatureException("Message was signed, but signature could not be verified.");
+        if (m_errorFatal)
+            throw SecurityPolicyException("Message was signed, but signature could not be verified.");
         return;
     }
 
     log.debug("signature verified against message issuer");
-    policy.setSecure(true);
+    policy.setAuthenticated(true);
 }