X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2RedirectDecoder.cpp;h=485fa881d62240c2e161289bdf7f138bb5f44d96;hp=ff0f5f7c0cddb9e994f594f2844c4e581f905496;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=7ee9ff757b17337fcc89c61032dd6b51b337a927 diff --git a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp index ff0f5f7..485fa88 100644 --- a/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp +++ b/saml/saml2/binding/impl/SAML2RedirectDecoder.cpp @@ -1,27 +1,32 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** * SAML2RedirectDecoder.cpp - * - * SAML 2.0 HTTP Redirect binding message encoder + * + * SAML 2.0 HTTP Redirect binding message encoder. */ #include "internal.h" #include "exceptions.h" +#include "binding/SecurityPolicy.h" #include "saml2/binding/SAML2MessageDecoder.h" #include "saml2/binding/SAML2Redirect.h" #include "saml2/core/Protocols.h" @@ -30,8 +35,10 @@ #include #include +#include #include #include +#include #include using namespace opensaml::saml2md; @@ -44,19 +51,19 @@ using namespace xmltooling; using namespace std; namespace opensaml { - namespace saml2p { + namespace saml2p { class SAML_DLLLOCAL SAML2RedirectDecoder : public SAML2MessageDecoder { public: SAML2RedirectDecoder() {} virtual ~SAML2RedirectDecoder() {} - + xmltooling::XMLObject* decode( std::string& relayState, const GenericRequest& genericRequest, SecurityPolicy& policy ) const; - }; + }; MessageDecoder* SAML_DLLLOCAL SAML2RedirectDecoderFactory(const pair& p) { @@ -74,14 +81,12 @@ XMLObject* SAML2RedirectDecoder::decode( #ifdef _DEBUG xmltooling::NDC ndc("decode"); #endif - Category& log = Category::getInstance(SAML_LOGCAT".MessageDecoder.SAML2Redirect"); + Category& log = Category::getInstance(SAML_LOGCAT ".MessageDecoder.SAML2Redirect"); log.debug("validating input"); const HTTPRequest* httpRequest=dynamic_cast(&genericRequest); if (!httpRequest) throw BindingException("Unable to cast request object to HTTPRequest type."); - if (strcmp(httpRequest->getMethod(),"GET")) - throw BindingException("Invalid HTTP method ($1).", params(1, httpRequest->getMethod())); const char* msg = httpRequest->getParameter("SAMLResponse"); if (!msg) msg = httpRequest->getParameter("SAMLRequest"); @@ -99,21 +104,29 @@ XMLObject* SAML2RedirectDecoder::decode( } // Decode the compressed message into SAML. First we base64-decode it. - unsigned int x; + xsecsize_t x; XMLByte* decoded=Base64::decode(reinterpret_cast(msg),&x); if (!decoded) throw BindingException("Unable to decode base64 in Redirect binding message."); - + // Now we have to inflate it. stringstream s; - if (inflate((char*)decoded, x, s)==0) { + if (inflate(reinterpret_cast(decoded), x, s)==0) { +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE XMLString::release(&decoded); +#else + XMLString::release((char**)&decoded); +#endif throw BindingException("Unable to inflate Redirect binding message."); } if (log.isDebugEnabled()) log.debug("decoded SAML message:\n%s", s.str().c_str()); +#ifdef OPENSAML_XERCESC_HAS_XMLBYTE_RELEASE XMLString::release(&decoded); - +#else + XMLString::release((char**)&decoded); +#endif + // Parse and bind the document into an XMLObject. DOMDocument* doc = (policy.getValidating() ? XMLToolingConfig::getConfig().getValidatingParser() : XMLToolingConfig::getConfig().getParser()).parse(s); @@ -121,8 +134,8 @@ XMLObject* SAML2RedirectDecoder::decode( auto_ptr xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true)); janitor.release(); - saml2::RootObject* root = NULL; - StatusResponseType* response = NULL; + saml2::RootObject* root = nullptr; + StatusResponseType* response = nullptr; RequestAbstractType* request = dynamic_cast(xmlObject.get()); if (!request) { response = dynamic_cast(xmlObject.get()); @@ -133,10 +146,9 @@ XMLObject* SAML2RedirectDecoder::decode( else { root = static_cast(request); } - - if (!policy.getValidating()) - SchemaValidators.validate(root); - + + SchemaValidators.validate(root); + // Run through the policy. extractMessageDetails(*root, genericRequest, samlconstants::SAML20P_NS, policy); policy.evaluate(*root, &genericRequest);