X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fbinding%2Fimpl%2FSimpleSigningRule.cpp;h=c16dd7e70def246b6becb96218a8156002e4db46;hp=4974d05b491337ff749af524b2332e6253c0b516;hb=1d5fda59e4996860bb2480ad52e29b2160d04725;hpb=07dbbcf3a8fc0aba6fefe741f1760442a0a6ea65 diff --git a/saml/binding/impl/SimpleSigningRule.cpp b/saml/binding/impl/SimpleSigningRule.cpp index 4974d05..c16dd7e 100644 --- a/saml/binding/impl/SimpleSigningRule.cpp +++ b/saml/binding/impl/SimpleSigningRule.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2009 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,7 +52,7 @@ namespace opensaml { const char* getType() const { return SIMPLESIGNING_POLICY_RULE; } - void evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const; + bool evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const; private: // Appends a raw parameter=value pair to the string. @@ -92,33 +92,33 @@ SimpleSigningRule::SimpleSigningRule(const DOMElement* e) : m_errorFatal(false) } } -void SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const +bool SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const { Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.SimpleSigning"); if (!policy.getIssuerMetadata()) { log.debug("ignoring message, no issuer metadata supplied"); - return; + return false; } const SignatureTrustEngine* sigtrust; if (!(sigtrust=dynamic_cast(policy.getTrustEngine()))) { log.debug("ignoring message, no SignatureTrustEngine supplied"); - return; + return false; } const HTTPRequest* httpRequest = dynamic_cast(request); if (!request || !httpRequest) - return; + return false; const char* signature = request->getParameter("Signature"); if (!signature) - return; + return false; const char* sigAlgorithm = request->getParameter("SigAlg"); if (!sigAlgorithm) { log.error("SigAlg parameter not found, no way to verify the signature"); - return; + return false; } string input; @@ -152,7 +152,7 @@ void SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* XMLByte* decoded=Base64::decode(reinterpret_cast(pch),&x); if (!decoded) { log.warn("unable to decode base64 in POST binding message"); - return; + return false; } input = string("SAMLRequest=") + reinterpret_cast(decoded); #ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE @@ -166,7 +166,7 @@ void SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* XMLByte* decoded=Base64::decode(reinterpret_cast(pch),&x); if (!decoded) { log.warn("unable to decode base64 in POST binding message"); - return; + return false; } input = string("SAMLResponse=") + reinterpret_cast(decoded); #ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE @@ -223,9 +223,10 @@ void SimpleSigningRule::evaluate(const XMLObject& message, const GenericRequest* log.error("unable to verify message signature with supplied trust engine"); if (m_errorFatal) throw SecurityPolicyException("Message was signed, but signature could not be verified."); - return; + return false; } log.debug("signature verified against message issuer"); policy.setAuthenticated(true); + return true; }