X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fbinding%2Fimpl%2FClientCertAuthRule.cpp;h=fc5be31a50cb97416b9b838fffa8093e83d651e9;hp=63a6bb127bfab94df9e2ddce1b6642013c317b50;hb=f753e2293ab6a40575bc9b294490e134eac5db9e;hpb=b951e528ad7d0764ddc4ced037a8bd53bd3c9890 diff --git a/saml/binding/impl/ClientCertAuthRule.cpp b/saml/binding/impl/ClientCertAuthRule.cpp index 63a6bb1..fc5be31 100644 --- a/saml/binding/impl/ClientCertAuthRule.cpp +++ b/saml/binding/impl/ClientCertAuthRule.cpp @@ -49,8 +49,7 @@ pair ClientCertAuthRule::evaluate( const XMLObject& message, const MetadataProvider* metadataProvider, const QName* role, - const opensaml::TrustEngine* trustEngine, - const MessageExtractor& extractor + const opensaml::TrustEngine* trustEngine ) const { Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.ClientCertAuth"); @@ -72,7 +71,7 @@ pair ClientCertAuthRule::evaluate( try { log.debug("extracting issuer from message"); - pair issuerInfo = extractor.getIssuerAndProtocol(message); + pair issuerInfo = getIssuerAndProtocol(message); auto_ptr issuer(issuerInfo.first); if (!issuerInfo.first || !issuerInfo.second || @@ -115,3 +114,21 @@ pair ClientCertAuthRule::evaluate( } return ret; } + +pair ClientCertAuthRule::getIssuerAndProtocol(const XMLObject& message) const +{ + // We just let any bad casts throw here. + + // Shortcuts some of the casting. + const XMLCh* ns = message.getElementQName().getNamespaceURI(); + if (ns) { + if (XMLString::equals(ns, samlconstants::SAML20P_NS)) { + // 2.0 namespace should be castable to a specialized 2.0 root. + const saml2::RootObject& root = dynamic_cast(message); + saml2::Issuer* issuer = root.getIssuer(); + if (issuer && issuer->getName()) + return make_pair(issuer->cloneIssuer(), samlconstants::SAML20P_NS); + } + } + return pair(NULL,NULL); +}