Multi-line svn commit, see body.

[shibboleth/cpp-opensaml.git] / saml / saml2 / binding / impl / SAML2ArtifactDecoder.cpp

diff --git a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
index c309162..ae7545a 100644 (file)
--- a/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
+++ b/saml/saml2/binding/impl/SAML2ArtifactDecoder.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2006 Internet2
+ *  Copyright 2001-2007 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,15 +22,14 @@
 
 #include "internal.h"
 #include "exceptions.h"
-#include "binding/HTTPRequest.h"
-#include "saml/binding/SAMLArtifact.h"
+#include "binding/MessageDecoder.h"
 #include "saml2/binding/SAML2Artifact.h"
-#include "saml2/binding/SAML2ArtifactDecoder.h"
 #include "saml2/core/Protocols.h"
 #include "saml2/metadata/Metadata.h"
 #include "saml2/metadata/MetadataProvider.h"
 
-#include <log4cpp/Category.hh>
+#include <xmltooling/logging.h>
+#include <xmltooling/io/HTTPRequest.h>
 #include <xmltooling/util/NDC.h>
 #include <xmltooling/util/ReplayCache.h>
 
@@ -38,21 +37,32 @@ using namespace opensaml::saml2md;
 using namespace opensaml::saml2p;
 using namespace opensaml::saml2;
 using namespace opensaml;
+using namespace xmltooling::logging;
 using namespace xmltooling;
-using namespace log4cpp;
 using namespace std;
 
 namespace opensaml {
     namespace saml2p {              
-        MessageDecoder* SAML_DLLLOCAL SAML2ArtifactDecoderFactory(const DOMElement* const & e)
+        class SAML_DLLLOCAL SAML2ArtifactDecoder : public MessageDecoder
         {
-            return new SAML2ArtifactDecoder(e);
+        public:
+            SAML2ArtifactDecoder() {}
+            virtual ~SAML2ArtifactDecoder() {}
+            
+            xmltooling::XMLObject* decode(
+                std::string& relayState,
+                const GenericRequest& genericRequest,
+                SecurityPolicy& policy
+                ) const;
+        };                
+
+        MessageDecoder* SAML_DLLLOCAL SAML2ArtifactDecoderFactory(const pair<const DOMElement*,const XMLCh*>& p)
+        {
+            return new SAML2ArtifactDecoder();
         }
     };
 };
 
-SAML2ArtifactDecoder::SAML2ArtifactDecoder(const DOMElement* e) {}
-
 XMLObject* SAML2ArtifactDecoder::decode(
     string& relayState,
     const GenericRequest& genericRequest,
@@ -66,13 +76,11 @@ XMLObject* SAML2ArtifactDecoder::decode(
 
     log.debug("validating input");
     const HTTPRequest* httpRequest=dynamic_cast<const HTTPRequest*>(&genericRequest);
-    if (!httpRequest) {
-        log.error("unable to cast request to HTTPRequest type");
-        return NULL;
-    }
+    if (!httpRequest)
+        throw BindingException("Unable to cast request object to HTTPRequest type.");
     const char* SAMLart = httpRequest->getParameter("SAMLart");
     if (!SAMLart)
-        return NULL;
+        throw BindingException("Request missing SAMLart parameter.");
     const char* state = httpRequest->getParameter("RelayState");
     if (state)
         relayState = state;
@@ -124,33 +132,36 @@ XMLObject* SAML2ArtifactDecoder::decode(
         auto_ptr_char issuer(provider->getEntityID());
         log.debug("lookup succeeded, artifact issued by (%s)", issuer.get());
     }
+
+    // Mock up an Issuer object for the policy.
+    auto_ptr<Issuer> issuer(IssuerBuilder::buildIssuer());
+    issuer->setName(provider->getEntityID());
+    policy.setIssuer(issuer.get());
+    issuer.release();   // owned by policy now
     
     log.debug("attempting to find artifact issuing role...");
     const RoleDescriptor* roledesc=provider->getRoleDescriptor(*(policy.getRole()), samlconstants::SAML20P_NS);
     if (!roledesc || !dynamic_cast<const SSODescriptorType*>(roledesc)) {
         log.error("unable to find compatible SAML role (%s) in metadata", policy.getRole()->toString().c_str());
-        BindingException ex("Unable to find compatible metadata role for artifact issuer.");
-        annotateException(&ex,provider); // throws it
+        throw BindingException("Unable to find compatible metadata role for artifact issuer.");
     }
+    policy.setIssuerMetadata(roledesc);
     
-    try {
-        auto_ptr<ArtifactResponse> response(
-            m_artifactResolver->resolve(*(artifact2.get()), dynamic_cast<const SSODescriptorType&>(*roledesc), policy)
-            );
-        
-        policy.evaluate(*(response.get()), &genericRequest);
+    log.debug("calling ArtifactResolver...");
+    auto_ptr<ArtifactResponse> response(
+        m_artifactResolver->resolve(*(artifact2.get()), dynamic_cast<const SSODescriptorType&>(*roledesc), policy)
+        );
+    
+    // The policy should be enforced against the ArtifactResponse by the resolve step.
+    // Reset only the message state.
+    policy.reset(true);
 
-        // Extract payload and check that message.
-        XMLObject* payload = response->getPayload();
-        policy.evaluate(*payload, &genericRequest);
+    // Extract payload and check that message.
+    XMLObject* payload = response->getPayload();
+    policy.evaluate(*payload, &genericRequest, samlconstants::SAML20P_NS);
 
-        // Return the payload only.
-        response.release();
-        payload->detach(); 
-        return payload;
-    }
-    catch (XMLToolingException& ex) {
-        annotateException(&ex,roledesc,false);
-        throw;
-    }
+    // Return the payload only.
+    response.release();
+    payload->detach(); 
+    return payload;
 }