X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml1%2Fbinding%2Fimpl%2FSAML1SOAPEncoder.cpp;h=c5f41f5f820943252ca89cc59db423a2765aaad2;hp=df00a95c0cdf188e1ae7078a93eff8ab49bfde36;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=0f6286d0ffd9371c187ecb1775cbd199ed051af5 diff --git a/saml/saml1/binding/impl/SAML1SOAPEncoder.cpp b/saml/saml1/binding/impl/SAML1SOAPEncoder.cpp index df00a95..c5f41f5 100644 --- a/saml/saml1/binding/impl/SAML1SOAPEncoder.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPEncoder.cpp @@ -1,23 +1,27 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * http://www.apache.org/licenses/LICENSE-2.0 + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** * SAML1SOAPEncoder.cpp * - * SAML 1.x SOAP binding message encoder + * SAML 1.x SOAP binding message encoder. */ #include "internal.h" @@ -29,6 +33,7 @@ #include #include #include +#include #include #include @@ -53,16 +58,20 @@ namespace opensaml { return false; } + const XMLCh* getProtocolFamily() const { + return samlconstants::SAML11_PROTOCOL_ENUM; + } + long encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const EntityDescriptor* recipient=NULL, - const char* relayState=NULL, - const ArtifactGenerator* artifactGenerator=NULL, - const Credential* credential=NULL, - const XMLCh* signatureAlg=NULL, - const XMLCh* digestAlg=NULL + const EntityDescriptor* recipient=nullptr, + const char* relayState=nullptr, + const ArtifactGenerator* artifactGenerator=nullptr, + const Credential* credential=nullptr, + const XMLCh* signatureAlg=nullptr, + const XMLCh* digestAlg=nullptr ) const; }; @@ -88,7 +97,7 @@ long SAML1SOAPEncoder::encode( #ifdef _DEBUG xmltooling::NDC ndc("encode"); #endif - Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1SOAP"); + Category& log = Category::getInstance(SAML_LOGCAT ".MessageEncoder.SAML1SOAP"); log.debug("validating input"); if (xmlObject->getParent()) @@ -97,25 +106,42 @@ long SAML1SOAPEncoder::encode( genericResponse.setContentType("text/xml"); HTTPResponse* httpResponse = dynamic_cast(&genericResponse); if (httpResponse) { + httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT"); httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); httpResponse->setResponseHeader("Pragma", "no-cache"); } - DOMElement* rootElement = NULL; + bool detachOnFailure = false; + DOMElement* rootElement = nullptr; + + // Check for a naked Response. Response* response = dynamic_cast(xmlObject); if (response) { + // Wrap it in a SOAP envelope and point xmlObject at that. + detachOnFailure = true; + Envelope* env = EnvelopeBuilder::buildEnvelope(); + Body* body = BodyBuilder::buildBody(); + env->setBody(body); + body->getUnknownXMLObjects().push_back(response); + xmlObject = env; + } + + // Now check for a full Envelope (which might have just been created). + Envelope* env = dynamic_cast(xmlObject); + if (env) { + if (!response) { + response = (env->getBody() && env->getBody()->hasChildren()) ? + dynamic_cast(env->getBody()->getUnknownXMLObjects().front()) : nullptr; + } try { - Envelope* env = EnvelopeBuilder::buildEnvelope(); - Body* body = BodyBuilder::buildBody(); - env->setBody(body); - body->getUnknownXMLObjects().push_back(response); - if (credential) { + // Now check for signing requirements. + if (response && credential) { if (response->getSignature()) { log.debug("response already signed, skipping signature operation"); rootElement = env->marshall(); } else { - log.debug("signing and marshalling the response"); + log.debug("signing the response and marshalling the envelope"); // Build a Signature. Signature* sig = SignatureBuilder::buildSignature(); @@ -128,31 +154,39 @@ long SAML1SOAPEncoder::encode( cr->setDigestAlgorithm(digestAlg); } - // Sign response while marshalling. + // Sign message while marshalling. vector sigs(1,sig); - rootElement = env->marshall((DOMDocument*)NULL,&sigs,credential); + rootElement = env->marshall((DOMDocument*)nullptr,&sigs,credential); } } else { - log.debug("marshalling the response"); + log.debug("marshalling the envelope"); rootElement = env->marshall(); } - + stringstream s; s << *rootElement; - log.debug("sending serialized response"); - long ret = genericResponse.sendResponse(s); + + if (log.isDebugEnabled()) + log.debug("marshalled envelope:\n%s", s.str().c_str()); + + log.debug("sending serialized envelope"); + bool error = (!response && env->getBody() && env->getBody()->hasChildren() && + dynamic_cast(env->getBody()->getUnknownXMLObjects().front())); + long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); // Cleanup by destroying XML. delete env; return ret; } catch (XMLToolingException&) { - // A bit weird...we have to "revert" things so that the response is isolated - // so the caller can free it. - if (response->getParent()) { - response->getParent()->detach(); - response->detach(); + if (response && detachOnFailure) { + // A bit weird...we have to "revert" things so that the response is isolated + // so the caller can free it. + if (response->getParent()) { + response->getParent()->detach(); + response->detach(); + } } throw; } @@ -161,17 +195,20 @@ long SAML1SOAPEncoder::encode( Fault* fault = dynamic_cast(xmlObject); if (fault) { try { - log.debug("building Envelope and marshalling Fault"); + log.debug("building envelope and marshalling fault"); Envelope* env = EnvelopeBuilder::buildEnvelope(); Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(fault); rootElement = env->marshall(); - - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized fault"); + + stringstream s; + s << *rootElement; + + if (log.isDebugEnabled()) + log.debug("marshalled envelope:\n%s", s.str().c_str()); + + log.debug("sending serialized envelope"); long ret = genericResponse.sendError(s); // Cleanup by destroying XML. @@ -188,27 +225,6 @@ long SAML1SOAPEncoder::encode( throw; } } - - Envelope* env = dynamic_cast(xmlObject); - if (env) { - log.debug("marshalling envelope"); - rootElement = env->marshall(); - - bool error = - (env->getBody() && - env->getBody()->hasChildren() && - dynamic_cast(env->getBody()->getUnknownXMLObjects().front())); - - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized envelope"); - long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); - // Cleanup by destroying XML. - delete env; - return ret; - } - throw BindingException("XML content for SAML 1.x SOAP Encoder must be a SAML 1.x or SOAP Fault/Envelope."); }