Settable digest algorithm, enhanced prefix handling in signatures, pending xmlsec...

[shibboleth/cpp-opensaml.git] / saml / saml1 / binding / impl / SAML1POSTEncoder.cpp

diff --git a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
index de3b377..6b4a7d4 100644 (file)
--- a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
+++ b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
@@ -23,6 +23,7 @@
 #include "internal.h"
 #include "exceptions.h"
 #include "binding/MessageEncoder.h"
+#include "signature/ContentReference.h"
 #include "saml1/core/Protocols.h"
 
 #include <fstream>
@@ -49,17 +50,18 @@ namespace opensaml {
             
             long encode(
                 GenericResponse& genericResponse,
-                xmltooling::XMLObject* xmlObject,
+                XMLObject* xmlObject,
                 const char* destination,
                 const char* recipientID=NULL,
                 const char* relayState=NULL,
-                const xmltooling::CredentialResolver* credResolver=NULL,
-                const XMLCh* sigAlgorithm=NULL
+                const Credential* credential=NULL,
+                const XMLCh* signatureAlg=NULL,
+                const XMLCh* digestAlg=NULL
                 ) const;
 
         protected:
             /** Pathname of HTML template for transmission of message via POST. */
-            std::string m_template;
+            string m_template;
         };
 
         MessageEncoder* SAML_DLLLOCAL SAML1POSTEncoderFactory(const DOMElement* const & e)
@@ -88,8 +90,9 @@ long SAML1POSTEncoder::encode(
     const char* destination,
     const char* recipientID,
     const char* relayState,
-    const CredentialResolver* credResolver,
-    const XMLCh* sigAlgorithm
+    const Credential* credential,
+    const XMLCh* signatureAlg,
+    const XMLCh* digestAlg
     ) const
 {
 #ifdef _DEBUG
@@ -107,7 +110,7 @@ long SAML1POSTEncoder::encode(
         throw BindingException("SAML 1.x POST Encoder requires relay state (TARGET) value.");
     
     DOMElement* rootElement = NULL;
-    if (credResolver) {
+    if (credential) {
         // Signature based on native XML signing.
         if (response->getSignature()) {
             log.debug("response already signed, skipping signature operation");
@@ -116,12 +119,19 @@ long SAML1POSTEncoder::encode(
             log.debug("signing and marshalling the response");
 
             // Build a Signature.
-            Signature* sig = buildSignature(credResolver, sigAlgorithm);
+            Signature* sig = SignatureBuilder::buildSignature();
             response->setSignature(sig);
+            if (signatureAlg)
+                sig->setSignatureAlgorithm(signatureAlg);
+            if (digestAlg) {
+                opensaml::ContentReference* cr = dynamic_cast<opensaml::ContentReference*>(sig->getContentReference());
+                if (cr)
+                    cr->setDigestAlgorithm(digestAlg);
+            }
     
             // Sign response while marshalling.
             vector<Signature*> sigs(1,sig);
-            rootElement = response->marshall((DOMDocument*)NULL,&sigs);
+            rootElement = response->marshall((DOMDocument*)NULL,&sigs,credential);
         }
     }
     else {