Revamped binding classes with security policy layer.

[shibboleth/cpp-opensaml.git] / saml / saml1 / binding / impl / SAML1POSTEncoder.cpp

diff --git a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
index f62bd62..ce99ce1 100644 (file)
--- a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
+++ b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp
@@ -17,17 +17,21 @@
 /**
  * SAML1POSTEncoder.cpp
  * 
- * SAML 1.x Artifact binding/profile message encoder
+ * SAML 1.x POST binding/profile message encoder
  */
 
 #include "internal.h"
 #include "exceptions.h"
+#include "binding/HTTPResponse.h"
 #include "saml1/binding/SAML1POSTEncoder.h"
 #include "saml1/core/Protocols.h"
 
+#include <fstream>
+#include <sstream>
 #include <log4cpp/Category.hh>
 #include <xercesc/util/Base64.hpp>
 #include <xmltooling/util/NDC.h>
+#include <xmltooling/util/TemplateEngine.h>
 
 using namespace opensaml::saml1p;
 using namespace opensaml;
@@ -42,26 +46,28 @@ namespace opensaml {
         {
             return new SAML1POSTEncoder(e);
         }
-
-        class SAML_DLLLOCAL _addcert : public binary_function<X509Data*,XSECCryptoX509*,void> {
-        public:
-            void operator()(X509Data* bag, XSECCryptoX509* cert) const {
-                safeBuffer& buf=cert->getDEREncodingSB();
-                X509Certificate* x=X509CertificateBuilder::buildX509Certificate();
-                x->setValue(buf.sbStrToXMLCh());
-                bag->getX509Certificates().push_back(x);
-            }
-        };
     };
 };
 
-SAML1POSTEncoder::SAML1POSTEncoder(const DOMElement* e) {}
+static const XMLCh templat[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e);
+
+SAML1POSTEncoder::SAML1POSTEncoder(const DOMElement* e)
+{
+    if (e) {
+        auto_ptr_char t(e->getAttributeNS(NULL, templat));
+        if (t.get())
+            m_template = t.get();
+    }
+    if (m_template.empty())
+        throw XMLToolingException("SAML1POSTEncoder requires template attribute.");
+}
 
 SAML1POSTEncoder::~SAML1POSTEncoder() {}
 
-void SAML1POSTEncoder::encode(
-    map<string,string>& outputFields,
+long SAML1POSTEncoder::encode(
+    GenericResponse& genericResponse,
     XMLObject* xmlObject,
+    const char* destination,
     const char* recipientID,
     const char* relayState,
     const CredentialResolver* credResolver,
@@ -72,9 +78,11 @@ void SAML1POSTEncoder::encode(
     xmltooling::NDC ndc("encode");
 #endif
     Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1POST");
+
     log.debug("validating input");
-    
-    outputFields.clear();
+    HTTPResponse* httpResponse=dynamic_cast<HTTPResponse*>(&genericResponse);
+    if (!httpResponse)
+        throw BindingException("Unable to cast response interface to HTTPResponse type.");
     if (xmlObject->getParent())
         throw BindingException("Cannot encode XML content with parent.");
     Response* response = dynamic_cast<Response*>(xmlObject);
@@ -92,22 +100,12 @@ void SAML1POSTEncoder::encode(
         else {
             log.debug("signing and marshalling the response");
 
-            // Append a Signature.
-            response->setSignature(SignatureBuilder::buildSignature());
-            response->getSignature()->setSigningKey(credResolver->getKey());
-    
-            // Build KeyInfo.
-            const vector<XSECCryptoX509*>& certs = credResolver->getCertificates();
-            if (!certs.empty()) {
-                KeyInfo* keyInfo=KeyInfoBuilder::buildKeyInfo();
-                X509Data* x509Data=X509DataBuilder::buildX509Data();
-                keyInfo->getX509Datas().push_back(x509Data);
-                for_each(certs.begin(),certs.end(),bind1st(_addcert(),x509Data));
-                response->getSignature()->setKeyInfo(keyInfo);
-            }
+            // Build a Signature.
+            Signature* sig = buildSignature(credResolver, sigAlgorithm);
+            response->setSignature(sig);
     
             // Sign response while marshalling.
-            vector<Signature*> sigs(1,response->getSignature());
+            vector<Signature*> sigs(1,sig);
             rootElement = response->marshall((DOMDocument*)NULL,&sigs);
         }
     }
@@ -128,13 +126,25 @@ void SAML1POSTEncoder::encode(
     else {
         throw BindingException("Base64 encoding of XML failed.");
     }
-    
-    // Pass back output fields.
-    outputFields["SAMLResponse"] = xmlbuf;
-    outputFields["TARGET"] = relayState;
+
+    // Push message into template and send result to client.
+    log.debug("message encoded, sending HTML form template to client");
+    TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine();
+    if (!engine)
+        throw BindingException("Encoding response using POST requires a TemplateEngine instance.");
+    ifstream infile(m_template.c_str());
+    if (!infile)
+        throw BindingException("Failed to open HTML template for POST response ($1).", params(1,m_template.c_str()));
+    map<string,string> params;
+    params["action"] = destination;
+    params["SAMLResponse"] = xmlbuf;
+    params["TARGET"] = relayState;
+    stringstream s;
+    engine->run(infile, s, params);
+    httpResponse->setContentType("text/html");
+    long ret = httpResponse->sendResponse(s, HTTPResponse::SAML_HTTP_STATUS_OK);
 
     // Cleanup by destroying XML.
     delete xmlObject;
-
-    log.debug("message encoded");
+    return ret;
 }