/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "internal.h"
#include "exceptions.h"
+#include "binding/SecurityPolicy.h"
+#include "binding/SOAPClient.h"
#include "saml1/binding/SAML1SOAPClient.h"
#include "saml1/core/Protocols.h"
#include "saml2/metadata/Metadata.h"
using namespace xmltooling;
using namespace std;
-void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint)
+SAML1SOAPClient::SAML1SOAPClient(opensaml::SOAPClient& soaper, bool fatalSAMLErrors) : m_soaper(soaper), m_fatal(fatalSAMLErrors), m_correlate(nullptr)
+{
+}
+
+SAML1SOAPClient::~SAML1SOAPClient()
+{
+ XMLString::release(&m_correlate);
+}
+
+void SAML1SOAPClient::sendSAML(Request* request, const char* from, MetadataCredentialCriteria& to, const char* endpoint)
{
auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
Body* body = BodyBuilder::buildBody();
env->setBody(body);
body->getUnknownXMLObjects().push_back(request);
- m_soaper.send(*env.get(), peer, endpoint);
+ m_soaper.send(*env.get(), from, to, endpoint);
m_correlate = XMLString::replicate(request->getRequestID());
}
throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
m_soaper.getPolicy().reset(true);
- pair<bool,int> minor = response->getMinorVersion();
- m_soaper.getPolicy().evaluate(
- *response,
- NULL,
- (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM
- );
-
- if (!m_soaper.getPolicy().isSecure()) {
- SecurityPolicyException ex("Security policy could not authenticate the message.");
- if (m_soaper.getPolicy().getIssuerMetadata())
- annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata()); // throws it
- else
- ex.raise();
- }
+
+ // Extract Response details and run policy against it.
+ // We don't pull Issuer out of any assertions because some profiles may permit
+ // alternate issuers at that layer.
+ m_soaper.getPolicy().setMessageID(response->getResponseID());
+ m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch());
+ m_soaper.getPolicy().evaluate(*response);
// Check Status.
Status* status = response->getStatus();
if (status) {
- const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
+ const xmltooling::QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : nullptr;
if (code && *code != StatusCode::SUCCESS && handleError(*status)) {
BindingException ex("SAML Response contained an error.");
if (m_soaper.getPolicy().getIssuerMetadata())
else
ex.raise();
}
- return NULL;
+ return nullptr;
}
bool SAML1SOAPClient::handleError(const Status& status)
{
- const QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : NULL;
- auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : NULL));
+ const xmltooling::QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : nullptr;
+ auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : nullptr));
Category::getInstance(SAML_LOGCAT".SOAPClient").error(
"SOAP client detected a SAML error: (%s) (%s)",
(code ? code->toString().c_str() : "no code"),