Major revamp of credential and trust handling code, PKIX engine still needs work.

[shibboleth/cpp-opensaml.git] / saml / saml2 / binding / impl / SAML2SOAPClient.cpp

diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
index 673f5fc..4b077ba 100644 (file)
--- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp
+++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp
@@ -37,29 +37,19 @@ using namespace xmltooling;
 using namespace log4cpp;
 using namespace std;
 
-void SAML2SOAPClient::sendSAML(RequestAbstractType* request, const RoleDescriptor& peer, const char* endpoint)
+void SAML2SOAPClient::sendSAML(RequestAbstractType* request, MetadataCredentialCriteria& peer, const char* endpoint)
 {
-    Envelope* env = EnvelopeBuilder::buildEnvelope();
+    auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
     Body* body = BodyBuilder::buildBody();
     env->setBody(body);
     body->getUnknownXMLObjects().push_back(request);
-    try {
-        send(env, peer, endpoint);
-        m_correlate = XMLString::replicate(request->getID());
-        delete env;
-    }
-    catch (XMLToolingException&) {
-        // A bit weird...we have to "revert" things so that the request is isolated
-        // so the caller can free it.
-        request->getParent()->detach();
-        request->detach();
-        throw;
-    }
+    m_soaper.send(*env.get(), peer, endpoint);
+    m_correlate = XMLString::replicate(request->getID());
 }
 
 StatusResponseType* SAML2SOAPClient::receiveSAML()
 {
-    auto_ptr<Envelope> env(receive());
+    auto_ptr<Envelope> env(m_soaper.receive());
     if (env.get()) {
         Body* body = env->getBody();
         if (body && body->hasChildren()) {
@@ -68,7 +58,7 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
             if (response) {
                 
                 // Check InResponseTo.
-                if (m_correlate && !XMLString::equals(m_correlate, response->getInResponseTo()))
+                if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
                     throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
                 
                 // Check Status.
@@ -79,7 +69,10 @@ StatusResponseType* SAML2SOAPClient::receiveSAML()
                         throw BindingException("SAML Response contained an error.");
                 }
                 
-                m_policy.evaluate(*response);
+                m_soaper.getPolicy().evaluate(*response);
+                if (!m_soaper.getPolicy().isSecure())
+                    throw BindingException("Security policy could not authenticate the message.");
+
                 env.release();
                 body->detach(); // frees Envelope
                 response->detach();   // frees Body