/*
- * Copyright 2001-2006 Internet2
+ * Copyright 2001-2007 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "saml1/core/Protocols.h"
#include "saml2/metadata/Metadata.h"
-#include <log4cpp/Category.hh>
+#include <xmltooling/logging.h>
#include <xmltooling/soap/SOAP.h>
using namespace opensaml::saml1p;
using namespace opensaml::saml2md;
using namespace opensaml;
using namespace soap11;
+using namespace xmltooling::logging;
using namespace xmltooling;
-using namespace log4cpp;
using namespace std;
-void SAML1SOAPClient::sendSAML(Request* request, const RoleDescriptor& peer, const char* endpoint)
+void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint)
{
- Envelope* env = EnvelopeBuilder::buildEnvelope();
+ auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
Body* body = BodyBuilder::buildBody();
env->setBody(body);
body->getUnknownXMLObjects().push_back(request);
- try {
- send(env, peer, endpoint);
- m_correlate = XMLString::replicate(request->getRequestID());
- delete env;
- }
- catch (XMLToolingException&) {
- // A bit weird...we have to "revert" things so that the request is isolated
- // so the caller can free it.
- request->getParent()->detach();
- request->detach();
- throw;
- }
+ m_soaper.send(*env.get(), peer, endpoint);
+ m_correlate = XMLString::replicate(request->getRequestID());
}
Response* SAML1SOAPClient::receiveSAML()
{
- auto_ptr<Envelope> env(receive());
+ auto_ptr<Envelope> env(m_soaper.receive());
if (env.get()) {
Body* body = env->getBody();
if (body && body->hasChildren()) {
// Check for SAML Response.
Response* response = dynamic_cast<Response*>(body->getUnknownXMLObjects().front());
if (response) {
-
+
// Check InResponseTo.
- if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo()))
- throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
+ if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
+ throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+
+ m_soaper.getPolicy().reset(true);
+ pair<bool,int> minor = response->getMinorVersion();
+ m_soaper.getPolicy().evaluate(
+ *response,
+ NULL,
+ (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM
+ );
+
+ if (!m_soaper.getPolicy().isSecure()) {
+ SecurityPolicyException ex("Security policy could not authenticate the message.");
+ if (m_soaper.getPolicy().getIssuerMetadata())
+ annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
+ else
+ ex.raise();
+ }
// Check Status.
Status* status = response->getStatus();
if (status) {
const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
- if (code && *code != StatusCode::SUCCESS && handleError(*status))
- throw BindingException("SAML Response contained an error.");
+ if (code && *code != StatusCode::SUCCESS && handleError(*status)) {
+ BindingException ex("SAML Response contained an error.");
+ if (m_soaper.getPolicy().getIssuerMetadata())
+ annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
+ else
+ ex.raise();
+ }
}
- m_policy.evaluate(*response);
env.release();
body->detach(); // frees Envelope
response->detach(); // frees Body
}
}
- throw BindingException("SOAP Envelope did not contain a SAML Response or a Fault.");
+ BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault.");
+ if (m_soaper.getPolicy().getIssuerMetadata())
+ annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
+ else
+ ex.raise();
}
return NULL;
}
(code ? code->toString().c_str() : "no code"),
(str.get() ? str.get() : "no message")
);
- return true;
+ return m_fatal;
}
projects / shibboleth / cpp-opensaml.git / blobdiff