Reducing header overuse, non-inlining selected methods (CPPOST-35).

[shibboleth/cpp-opensaml.git] / saml / saml1 / binding / impl / SAML1SOAPClient.cpp

diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
index 9a6527b..d6e86ee 100644 (file)
--- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp
+++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2009 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,6 +22,8 @@
 
 #include "internal.h"
 #include "exceptions.h"
+#include "binding/SecurityPolicy.h"
+#include "binding/SOAPClient.h"
 #include "saml1/binding/SAML1SOAPClient.h"
 #include "saml1/core/Protocols.h"
 #include "saml2/metadata/Metadata.h"
@@ -62,25 +64,18 @@ Response* SAML1SOAPClient::receiveSAML()
                     throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
                 
                 m_soaper.getPolicy().reset(true);
-                pair<bool,int> minor = response->getMinorVersion();
-                m_soaper.getPolicy().evaluate(
-                    *response,
-                    NULL,
-                    (minor.first && minor.second==0) ? samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM
-                    );
-                
-                if (!m_soaper.getPolicy().isSecure()) {
-                    SecurityPolicyException ex("Security policy could not authenticate the message.");
-                    if (m_soaper.getPolicy().getIssuerMetadata())
-                        annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
-                    else
-                        ex.raise();
-                }
+
+                // Extract Response details and run policy against it.
+                // We don't pull Issuer out of any assertions because some profiles may permit
+                // alternate issuers at that layer.
+                m_soaper.getPolicy().setMessageID(response->getResponseID());
+                m_soaper.getPolicy().setIssueInstant(response->getIssueInstantEpoch());
+                m_soaper.getPolicy().evaluate(*response);
                 
                 // Check Status.
                 Status* status = response->getStatus();
                 if (status) {
-                    const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
+                    const xmltooling::QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
                     if (code && *code != StatusCode::SUCCESS && handleError(*status)) {
                         BindingException ex("SAML Response contained an error.");
                         if (m_soaper.getPolicy().getIssuerMetadata())
@@ -108,7 +103,7 @@ Response* SAML1SOAPClient::receiveSAML()
 
 bool SAML1SOAPClient::handleError(const Status& status)
 {
-    const QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : NULL;
+    const xmltooling::QName* code = status.getStatusCode() ? status.getStatusCode()->getValue() : NULL;
     auto_ptr_char str((status.getStatusMessage() ? status.getStatusMessage()->getMessage() : NULL));
     Category::getInstance(SAML_LOGCAT".SOAPClient").error(
         "SOAP client detected a SAML error: (%s) (%s)",