-/*
- * Copyright 2009 Internet2
+/**
+ * Licensed to the University Corporation for Advanced Internet
+ * Development, Inc. (UCAID) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for
+ * additional information regarding copyright ownership.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * UCAID licenses this file to you under the Apache License,
+ * Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the
+ * License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific
+ * language governing permissions and limitations under the License.
*/
/**
* BearerConfirmationRule.cpp
*
- * SAML 2.0 Bearer SubjectConfirmation SecurityPolicyRule
+ * SAML 2.0 Bearer SubjectConfirmation SecurityPolicyRule.
*/
#include "internal.h"
#include "saml2/core/Assertions.h"
#include "saml2/profile/SAML2AssertionPolicy.h"
+#include <xercesc/util/XMLUniDefs.hpp>
#include <xmltooling/logging.h>
+#include <xmltooling/XMLToolingConfig.h>
#include <xmltooling/io/HTTPRequest.h>
using namespace opensaml::saml2;
};
};
-BearerConfirmationRule::BearerConfirmationRule(const DOMElement* e) : m_validity(true), m_recipient(true), m_correlation(true), m_fatal(true)
+BearerConfirmationRule::BearerConfirmationRule(const DOMElement* e)
+ : m_validity(XMLHelper::getAttrBool(e, true, checkValidity)),
+ m_recipient(XMLHelper::getAttrBool(e, true, checkRecipient)),
+ m_correlation(XMLHelper::getAttrBool(e, true, checkCorrelation)),
+ m_fatal(XMLHelper::getAttrBool(e, true, missingFatal))
{
- const XMLCh* flag = e ? e->getAttributeNS(NULL, checkValidity) : NULL;
- m_validity = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
- flag = e ? e->getAttributeNS(NULL, checkRecipient) : NULL;
- m_recipient = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
- flag = e ? e->getAttributeNS(NULL, checkCorrelation) : NULL;
- m_correlation = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
- flag = e ? e->getAttributeNS(NULL, missingFatal) : NULL;
- m_fatal = (!flag || (*flag != chLatin_f && *flag != chDigit_0));
}
bool BearerConfirmationRule::evaluate(const XMLObject& message, const GenericRequest* request, opensaml::SecurityPolicy& policy) const
if (!a)
return false;
- logging::Category& log = logging::Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.BearerConfirmation");
+ logging::Category& log = logging::Category::getInstance(SAML_LOGCAT ".SecurityPolicyRule.BearerConfirmation");
- const char* msg=NULL;
+ const char* msg="assertion is missing bearer SubjectConfirmation";
const Subject* subject = a->getSubject();
if (subject) {
const vector<SubjectConfirmation*>& confs = subject->getSubjectConfirmations();
if (httpRequest && httpRequest->getRequestURL()) {
string dest = httpRequest->getRequestURL();
auto_ptr_XMLCh destination(dest.substr(0,dest.find('?')).c_str());
- if (!XMLString::equals(destination.get(), data ? data->getRecipient() : NULL)) {
+ if (!XMLString::equals(destination.get(), data ? data->getRecipient() : nullptr)) {
msg = "bearer confirmation failed with recipient mismatch";
continue;
}
}
if (m_correlation && policy.getCorrelationID() && *(policy.getCorrelationID())) {
- if (!XMLString::equals(policy.getCorrelationID(), data ? data->getInResponseTo() : NULL)) {
+ if (!XMLString::equals(policy.getCorrelationID(), data ? data->getInResponseTo() : nullptr)) {
msg = "bearer confirmation failed with request correlation mismatch";
continue;
}
}
}
- log.error(msg);
+ log.error(msg ? msg : "no error message");
if (m_fatal)
throw SecurityPolicyException("Unable to locate satisfiable bearer SubjectConfirmation in assertion.");
return false;