X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2SOAPEncoder.cpp;h=71837473ac7e00665e9d062f50b296a0e05bfdd8;hp=7a5bfefb30be4c7fbd52e858c9221c0f2733de6b;hb=1462057b3b9ae7e165d34d988e30b14c213672ca;hpb=0e738d39ba71958fe55692498c91fc6e6d402604 diff --git a/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp b/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp index 7a5bfef..7183747 100644 --- a/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp @@ -1,42 +1,49 @@ -/* - * Copyright 2001-2007 Internet2 - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at +/** + * Licensed to the University Corporation for Advanced Internet + * Development, Inc. (UCAID) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for + * additional information regarding copyright ownership. + * + * UCAID licenses this file to you under the Apache License, + * Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the + * License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific + * language governing permissions and limitations under the License. */ /** * SAML2SOAPEncoder.cpp * - * SAML 2.0 SOAP binding message encoder + * SAML 2.0 SOAP binding message encoder. */ #include "internal.h" #include "exceptions.h" -#include "binding/HTTPResponse.h" #include "binding/MessageEncoder.h" +#include "signature/ContentReference.h" #include "saml2/core/Protocols.h" #include -#include +#include +#include #include +#include #include using namespace opensaml::saml2p; +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; using namespace soap11; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { @@ -44,43 +51,53 @@ namespace opensaml { class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder { public: - SAML2SOAPEncoder(const DOMElement* e); + SAML2SOAPEncoder() {} virtual ~SAML2SOAPEncoder() {} - + + bool isUserAgentPresent() const { + return false; + } + + const XMLCh* getProtocolFamily() const { + return samlconstants::SAML20P_NS; + } + long encode( GenericResponse& genericResponse, - xmltooling::XMLObject* xmlObject, + XMLObject* xmlObject, const char* destination, - const char* recipientID=NULL, - const char* relayState=NULL, - const xmltooling::CredentialResolver* credResolver=NULL, - const XMLCh* sigAlgorithm=NULL + const EntityDescriptor* recipient=nullptr, + const char* relayState=nullptr, + const ArtifactGenerator* artifactGenerator=nullptr, + const Credential* credential=nullptr, + const XMLCh* signatureAlg=nullptr, + const XMLCh* digestAlg=nullptr ) const; }; - MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const DOMElement* const & e) + MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const pair& p) { - return new SAML2SOAPEncoder(e); + return new SAML2SOAPEncoder(); } }; }; -SAML2SOAPEncoder::SAML2SOAPEncoder(const DOMElement* e) {} - long SAML2SOAPEncoder::encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID, + const EntityDescriptor* recipient, const char* relayState, - const CredentialResolver* credResolver, - const XMLCh* sigAlgorithm + const ArtifactGenerator* artifactGenerator, + const Credential* credential, + const XMLCh* signatureAlg, + const XMLCh* digestAlg ) const { #ifdef _DEBUG xmltooling::NDC ndc("encode"); #endif - Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP"); + Category& log = Category::getInstance(SAML_LOGCAT ".MessageEncoder.SAML2SOAP"); log.debug("validating input"); if (xmlObject->getParent()) @@ -89,55 +106,85 @@ long SAML2SOAPEncoder::encode( genericResponse.setContentType("text/xml"); HTTPResponse* httpResponse = dynamic_cast(&genericResponse); if (httpResponse) { + httpResponse->setResponseHeader("Expires", "01-Jan-1997 12:00:00 GMT"); httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); httpResponse->setResponseHeader("Pragma", "no-cache"); } - DOMElement* rootElement = NULL; - StatusResponseType* response = dynamic_cast(xmlObject); - if (response) { + bool detachOnFailure = false; + DOMElement* rootElement = nullptr; + + // Check for a naked message. + SignableObject* msg = dynamic_cast(xmlObject); + if (msg) { + // Wrap it in a SOAP envelope and point xmlObject at that. + detachOnFailure = true; + Envelope* env = EnvelopeBuilder::buildEnvelope(); + Body* body = BodyBuilder::buildBody(); + env->setBody(body); + body->getUnknownXMLObjects().push_back(msg); + xmlObject = env; + } + + Envelope* env = dynamic_cast(xmlObject); + if (env) { + if (!msg) { + msg = (env->getBody() && env->getBody()->hasChildren()) ? + dynamic_cast(env->getBody()->getUnknownXMLObjects().front()) : nullptr; + } try { - Envelope* env = EnvelopeBuilder::buildEnvelope(); - Body* body = BodyBuilder::buildBody(); - env->setBody(body); - body->getUnknownXMLObjects().push_back(response); - if (credResolver ) { - if (response->getSignature()) { - log.debug("response already signed, skipping signature operation"); + if (msg && credential) { + if (msg->getSignature()) { + log.debug("message already signed, skipping signature operation"); rootElement = env->marshall(); } else { - log.debug("signing and marshalling the response"); + log.debug("signing the message and marshalling the envelope"); // Build a Signature. - Signature* sig = buildSignature(credResolver, sigAlgorithm); - response->setSignature(sig); + Signature* sig = SignatureBuilder::buildSignature(); + msg->setSignature(sig); + if (signatureAlg) + sig->setSignatureAlgorithm(signatureAlg); + if (digestAlg) { + opensaml::ContentReference* cr = dynamic_cast(sig->getContentReference()); + if (cr) + cr->setDigestAlgorithm(digestAlg); + } - // Sign response while marshalling. + // Sign message while marshalling. vector sigs(1,sig); - rootElement = env->marshall((DOMDocument*)NULL,&sigs); + rootElement = env->marshall((DOMDocument*)nullptr,&sigs,credential); } } else { - log.debug("marshalling the response"); + log.debug("marshalling the envelope"); rootElement = env->marshall(); } - + stringstream s; s << *rootElement; - log.debug("sending serialized response"); - long ret = genericResponse.sendResponse(s); + + if (log.isDebugEnabled()) + log.debug("marshalled envelope:\n%s", s.str().c_str()); + + log.debug("sending serialized envelope"); + bool error = (!msg && env->getBody() && env->getBody()->hasChildren() && + dynamic_cast(env->getBody()->getUnknownXMLObjects().front())); + long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); // Cleanup by destroying XML. delete env; return ret; } catch (XMLToolingException&) { - // A bit weird...we have to "revert" things so that the response is isolated - // so the caller can free it. - if (response->getParent()) { - response->getParent()->detach(); - response->detach(); + if (msg && detachOnFailure) { + // A bit weird...we have to "revert" things so that the message is isolated + // so the caller can free it. + if (msg->getParent()) { + msg->getParent()->detach(); + msg->detach(); + } } throw; } @@ -146,17 +193,20 @@ long SAML2SOAPEncoder::encode( Fault* fault = dynamic_cast(xmlObject); if (fault) { try { - log.debug("building Envelope and marshalling Fault"); + log.debug("building envelope and marshalling fault"); Envelope* env = EnvelopeBuilder::buildEnvelope(); Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(fault); rootElement = env->marshall(); - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized fault"); + stringstream s; + s << *rootElement; + + if (log.isDebugEnabled()) + log.debug("marshalled envelope:\n%s", s.str().c_str()); + + log.debug("sending serialized envelope"); long ret = genericResponse.sendError(s); // Cleanup by destroying XML. @@ -174,26 +224,5 @@ long SAML2SOAPEncoder::encode( } } - Envelope* env = dynamic_cast(xmlObject); - if (env) { - log.debug("marshalling envelope"); - rootElement = env->marshall(); - - bool error = - (env->getBody() && - env->getBody()->hasChildren() && - dynamic_cast(env->getBody()->getUnknownXMLObjects().front())); - - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized envelope"); - long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); - - // Cleanup by destroying XML. - delete env; - return ret; - } - - throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 response or SOAP Fault/Envelope."); + throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 message or SOAP Fault/Envelope."); }