Major revamp of credential and trust handling code, PKIX engine still needs work.

[shibboleth/cpp-opensaml.git] / saml / saml2 / binding / impl / SAML2SOAPClient.cpp

diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
index 4a1fc04..4b077ba 100644 (file)
--- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp
+++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
@@ -37,7 +37,7 @@ using namespace xmltooling;
 using namespace log4cpp;
 using namespace std;
 
-void SAML2SOAPClient::sendSAML(RequestAbstractType* request, const RoleDescriptor& peer, const char* endpoint)
+void SAML2SOAPClient::sendSAML(RequestAbstractType* request, MetadataCredentialCriteria& peer, const char* endpoint)
 {
     auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
     Body* body = BodyBuilder::buildBody();
@@ -58,7 +58,7 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
             if (response) {
                 
                 // Check InResponseTo.
-                if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo()))
+                if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
                     throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
                 
                 // Check Status.
@@ -70,6 +70,9 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
                 }
                 
                 m_soaper.getPolicy().evaluate(*response);
+                if (!m_soaper.getPolicy().isSecure())
+                    throw BindingException("Security policy could not authenticate the message.");
+
                 env.release();
                 body->detach(); // frees Envelope
                 response->detach();   // frees Body