X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1POSTEncoder.cpp;h=94b7f1671395daafb57a0f36489d86035e9e1a02;hp=f56ac58abbbad2db075ea197dd12eec66b2a81c6;hb=54b7006826fd06e8e2bc251aaba38cccc85b3936;hpb=f1bda358410f56dd2e1ec0cee0704257075b4d18 diff --git a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp index f56ac58..94b7f16 100644 --- a/saml/saml1/binding/impl/SAML1POSTEncoder.cpp +++ b/saml/saml1/binding/impl/SAML1POSTEncoder.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2009 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ /** * SAML1POSTEncoder.cpp * - * SAML 1.x POST binding/profile message encoder + * SAML 1.x POST binding/profile message encoder. */ #include "internal.h" @@ -28,17 +28,22 @@ #include #include -#include #include +#include +#include +#include +#include +#include #include +#include #include using namespace opensaml::saml1p; using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { @@ -46,7 +51,7 @@ namespace opensaml { class SAML_DLLLOCAL SAML1POSTEncoder : public MessageEncoder { public: - SAML1POSTEncoder(const DOMElement* e); + SAML1POSTEncoder(const DOMElement* e, const XMLCh* ns); virtual ~SAML1POSTEncoder() {} long encode( @@ -66,24 +71,25 @@ namespace opensaml { string m_template; }; - MessageEncoder* SAML_DLLLOCAL SAML1POSTEncoderFactory(const DOMElement* const & e) + MessageEncoder* SAML_DLLLOCAL SAML1POSTEncoderFactory(const pair& p) { - return new SAML1POSTEncoder(e); + return new SAML1POSTEncoder(p.first, p.second); } }; }; static const XMLCh _template[] = UNICODE_LITERAL_8(t,e,m,p,l,a,t,e); -SAML1POSTEncoder::SAML1POSTEncoder(const DOMElement* e) +SAML1POSTEncoder::SAML1POSTEncoder(const DOMElement* e, const XMLCh* ns) { if (e) { - auto_ptr_char t(e->getAttribute(_template)); + auto_ptr_char t(e->getAttributeNS(ns, _template)); if (t.get() && *t.get()) m_template = t.get(); } if (m_template.empty()) throw XMLToolingException("SAML1POSTEncoder requires template XML attribute."); + XMLToolingConfig::getConfig().getPathResolver()->resolve(m_template, PathResolver::XMLTOOLING_CFG_FILE); } long SAML1POSTEncoder::encode( @@ -102,8 +108,12 @@ long SAML1POSTEncoder::encode( xmltooling::NDC ndc("encode"); #endif Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1POST"); - log.debug("validating input"); + + TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine(); + if (!engine || !destination) + throw BindingException("Encoding response using POST requires a TemplateEngine instance and a destination."); + HTTPResponse::sanitizeURL(destination); if (xmlObject->getParent()) throw BindingException("Cannot encode XML content with parent."); Response* response = dynamic_cast(xmlObject); @@ -141,35 +151,45 @@ long SAML1POSTEncoder::encode( log.debug("marshalling the response"); rootElement = response->marshall(); } - - string xmlbuf; + + // Push message into template. + TemplateEngine::TemplateParameters pmap; + string& xmlbuf = pmap.m_map["SAMLResponse"]; XMLHelper::serialize(rootElement, xmlbuf); - unsigned int len=0; + log.debug("marshalled response:\n%s", xmlbuf.c_str()); + + // Replace with base-64 encoded version. + xsecsize_t len=0; XMLByte* out=Base64::encode(reinterpret_cast(xmlbuf.data()),xmlbuf.size(),&len); if (out) { xmlbuf.erase(); xmlbuf.append(reinterpret_cast(out),len); +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE XMLString::release(&out); +#else + XMLString::release((char**)&out); +#endif } else { throw BindingException("Base64 encoding of XML failed."); } - // Push message into template and send result to client. + // Fill in the rest of the data and send to the client. log.debug("message encoded, sending HTML form template to client"); - TemplateEngine* engine = XMLToolingConfig::getConfig().getTemplateEngine(); - if (!engine) - throw BindingException("Encoding response using POST requires a TemplateEngine instance."); ifstream infile(m_template.c_str()); if (!infile) throw BindingException("Failed to open HTML template for POST response ($1).", params(1,m_template.c_str())); - TemplateEngine::TemplateParameters params; - params.m_map["action"] = destination; - params.m_map["SAMLResponse"] = xmlbuf; - params.m_map["TARGET"] = relayState; + pmap.m_map["action"] = destination; + pmap.m_map["TARGET"] = relayState; stringstream s; - engine->run(infile, s, params); + engine->run(infile, s, pmap); genericResponse.setContentType("text/html"); + HTTPResponse* httpResponse = dynamic_cast(&genericResponse); + if (httpResponse) { + httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT"); + httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); + httpResponse->setResponseHeader("Pragma", "no-cache"); + } long ret = genericResponse.sendResponse(s); // Cleanup by destroying XML.