X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2ECPDecoder.cpp;h=d571b1bee75c2ffb368fea4a2bcc0eb26390e2f9;hp=3446fdf90b7c37c25169a0c4af1ca1c7d8dbaef4;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=c072b75e6f6e05e24a1c35b952008b38d0d375c1 diff --git a/saml/saml2/binding/impl/SAML2ECPDecoder.cpp b/saml/saml2/binding/impl/SAML2ECPDecoder.cpp index 3446fdf..d571b1b 100644 --- a/saml/saml2/binding/impl/SAML2ECPDecoder.cpp +++ b/saml/saml2/binding/impl/SAML2ECPDecoder.cpp @@ -1,23 +1,27 @@ -/* - * Copyright 2001-2009 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. * - * http://www.apache.org/licenses/LICENSE-2.0 + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** * SAML2ECPDecoder.cpp * - * SAML 2.0 ECP profile message decoder + * SAML 2.0 ECP profile message decoder. */ #include "internal.h" @@ -31,6 +35,7 @@ #include #include #include +#include #include #include @@ -72,16 +77,16 @@ XMLObject* SAML2ECPDecoder::decode( #ifdef _DEBUG xmltooling::NDC ndc("decode"); #endif - Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML2ECP"); + Category& log = Category::getInstance(SAML_LOGCAT ".MessageDecoder.SAML2ECP"); log.debug("validating input"); - const HTTPRequest* httpRequest=dynamic_cast(&genericRequest); - if (!httpRequest) - throw BindingException("Unable to cast request object to HTTPRequest type."); - string s = genericRequest.getContentType(); - if (s.find("application/vnd.paos+xml") == string::npos) { - log.warn("ignoring incorrect content type (%s)", s.c_str() ? s.c_str() : "none"); - throw BindingException("Invalid content type for PAOS message."); + const HTTPRequest* httpRequest = dynamic_cast(&genericRequest); + if (httpRequest) { + string s = httpRequest->getContentType(); + if (s.find("application/vnd.paos+xml") == string::npos) { + log.warn("ignoring incorrect content type (%s)", s.c_str() ? s.c_str() : "none"); + throw BindingException("Invalid content type for PAOS message."); + } } const char* data = genericRequest.getRequestBody(); @@ -114,17 +119,19 @@ XMLObject* SAML2ECPDecoder::decode( extractMessageDetails(*response, genericRequest, samlconstants::SAML20P_NS, policy); policy.evaluate(*response, &genericRequest); - // Check destination URL. - auto_ptr_char dest(response->getDestination()); - const char* dest2 = httpRequest->getRequestURL(); - const char* delim = strchr(dest2, '?'); - if (response->getSignature() && (!dest.get() || !*(dest.get()))) { - log.error("signed SAML message missing Destination attribute"); - throw BindingException("Signed SAML message missing Destination attribute identifying intended destination."); - } - else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(),dest2)))) { - log.error("PAOS response targeted at (%s), but delivered to (%s)", dest.get(), dest2); - throw BindingException("SAML message delivered with PAOS to incorrect server URL."); + // Check destination URL if this is HTTP. + if (httpRequest) { + auto_ptr_char dest(response->getDestination()); + const char* dest2 = httpRequest->getRequestURL(); + const char* delim = strchr(dest2, '?'); + if (response->getSignature() && (!dest.get() || !*(dest.get()))) { + log.error("signed SAML message missing Destination attribute"); + throw BindingException("Signed SAML message missing Destination attribute identifying intended destination."); + } + else if (dest.get() && *dest.get() && ((delim && strncmp(dest.get(), dest2, delim - dest2)) || (!delim && strcmp(dest.get(), dest2)))) { + log.error("PAOS response targeted at (%s), but delivered to (%s)", dest.get(), dest2); + throw BindingException("SAML message delivered with PAOS to incorrect server URL."); + } } // Check for RelayState header. @@ -133,7 +140,7 @@ XMLObject* SAML2ECPDecoder::decode( const vector& blocks = const_cast(env->getHeader())->getUnknownXMLObjects(); vector::const_iterator h = find_if(blocks.begin(), blocks.end(), hasQName(xmltooling::QName(samlconstants::SAML20ECP_NS, RelayState))); - const ElementProxy* ep = dynamic_cast(h != blocks.end() ? *h : NULL); + const ElementProxy* ep = dynamic_cast(h != blocks.end() ? *h : nullptr); if (ep) { auto_ptr_char rs(ep->getTextContent()); if (rs.get())