https://issues.shibboleth.net/jira/browse/SSPCPP-181

diff --git a/saml/binding/MessageDecoder.h b/saml/binding/MessageDecoder.h
index 9f3905d..479f199 100644 (file)
--- a/saml/binding/MessageDecoder.h
+++ b/saml/binding/MessageDecoder.h
@@ -1,6 +1,6 @@
 /*
 /*

- *  Copyright 2001-2007 Internet2
- * 
+ *  Copyright 2001-2009 Internet2
+ *

  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at


@@ -16,8 +16,8 @@
 
 /**
  * @file saml/binding/MessageDecoder.h
 
 /**
  * @file saml/binding/MessageDecoder.h

- * 
- * Interface to SAML protocol binding message decoders. 
+ *
+ * Interface to SAML protocol binding message decoders.

  */
 
 #ifndef __saml_decoder_h__
  */
 
 #ifndef __saml_decoder_h__


@@ -28,7 +28,7 @@
 #include <xmltooling/io/GenericRequest.h>
 
 namespace opensaml {
 #include <xmltooling/io/GenericRequest.h>
 
 namespace opensaml {

-    
+

     class SAML_API SAMLArtifact;
     namespace saml1p {
         class SAML_API Response;
     class SAML_API SAMLArtifact;
     namespace saml1p {
         class SAML_API Response;


@@ -64,12 +64,12 @@ namespace opensaml {
 
         /**
          * Interface to caller-supplied artifact resolution mechanism.
 
         /**
          * Interface to caller-supplied artifact resolution mechanism.

-         * 
+         *

          * Resolving artifacts requires internally performing a SOAP-based
          * call to the artifact source, usually in a mutually authenticated fashion.
          * The potential options vary widely, so the work is encapsulated by this
          * interface, though of course other library facilities may be used.
          * Resolving artifacts requires internally performing a SOAP-based
          * call to the artifact source, usually in a mutually authenticated fashion.
          * The potential options vary widely, so the work is encapsulated by this
          * interface, though of course other library facilities may be used.

-         * 
+         *

          * <p>A MessageDecoder implementation will invoke the supplied interface
          * when it requires an artifact be resolved.
          */
          * <p>A MessageDecoder implementation will invoke the supplied interface
          * when it requires an artifact be resolved.
          */


@@ -85,11 +85,11 @@ namespace opensaml {
              * Resolves one or more SAML 1.x artifacts into a response containing a set of
              * resolved Assertions. The caller is responsible for the resulting Response.
              * The supplied SecurityPolicy is used to access caller-supplied infrastructure
              * Resolves one or more SAML 1.x artifacts into a response containing a set of
              * resolved Assertions. The caller is responsible for the resulting Response.
              * The supplied SecurityPolicy is used to access caller-supplied infrastructure

-             * and to pass back the result of authenticating the resolution process. 
-             * 
+             * and to pass back the result of authenticating the resolution process.
+             *

              * @param artifacts         one or more SAML 1.x artifacts
              * @param idpDescriptor     reference to IdP role of artifact issuer
              * @param artifacts         one or more SAML 1.x artifacts
              * @param idpDescriptor     reference to IdP role of artifact issuer

-             * @param policy            reference to policy containing rules, MetadataProvider, TrustEngine, etc. 
+             * @param policy            reference to policy containing rules, MetadataProvider, TrustEngine, etc.

              * @return the corresponding SAML Assertions wrapped in a Response.
              */
             virtual saml1p::Response* resolve(
              * @return the corresponding SAML Assertions wrapped in a Response.
              */
             virtual saml1p::Response* resolve(


@@ -102,11 +102,11 @@ namespace opensaml {
              * Resolves a SAML 2.0 artifact into the corresponding SAML protocol message.
              * The caller is responsible for the resulting ArtifactResponse message.
              * The supplied SecurityPolicy is used to access caller-supplied infrastructure
              * Resolves a SAML 2.0 artifact into the corresponding SAML protocol message.
              * The caller is responsible for the resulting ArtifactResponse message.
              * The supplied SecurityPolicy is used to access caller-supplied infrastructure

-             * and to pass back the result of authenticating the resolution process. 
-             * 
+             * and to pass back the result of authenticating the resolution process.
+             *

              * @param artifact          reference to a SAML 2.0 artifact
              * @param ssoDescriptor     reference to SSO role of artifact issuer (may be SP or IdP)
              * @param artifact          reference to a SAML 2.0 artifact
              * @param ssoDescriptor     reference to SSO role of artifact issuer (may be SP or IdP)

-             * @param policy            reference to policy containing rules, MetadataProvider, TrustEngine, etc. 
+             * @param policy            reference to policy containing rules, MetadataProvider, TrustEngine, etc.

              * @return the corresponding SAML protocol message or NULL
              */
             virtual saml2p::ArtifactResponse* resolve(
              * @return the corresponding SAML protocol message or NULL
              */
             virtual saml2p::ArtifactResponse* resolve(


@@ -114,31 +114,39 @@ namespace opensaml {
                 const saml2md::SSODescriptorType& ssoDescriptor,
                 SecurityPolicy& policy
                 ) const=0;
                 const saml2md::SSODescriptorType& ssoDescriptor,
                 SecurityPolicy& policy
                 ) const=0;

+
+            /**
+             * Returns true iff the metadata provided includes a supported artifact resolution service.
+             *
+             * @param ssoDescriptor reference to SSO role of artifact issuer (may be SP or IdP)
+             * @return true iff the artifact issuer offers endpoints supported by this resolver
+             */
+            virtual bool isSupported(const saml2md::SSODescriptorType& ssoDescriptor) const;

         };
 
         /**
          * Provides an ArtifactResolver implementation for the MessageDecoder to use.
         };
 
         /**
          * Provides an ArtifactResolver implementation for the MessageDecoder to use.

-         * The implementation's lifetime must be longer than the lifetime of this object. 
-         * This method must be externally synchronized. 
-         * 
+         * The implementation's lifetime must be longer than the lifetime of this object.
+         * This method must be externally synchronized.
+         *

          * @param artifactResolver   an ArtifactResolver implementation to use
          */
         void setArtifactResolver(const ArtifactResolver* artifactResolver) {
             m_artifactResolver = artifactResolver;
         }
          * @param artifactResolver   an ArtifactResolver implementation to use
          */
         void setArtifactResolver(const ArtifactResolver* artifactResolver) {
             m_artifactResolver = artifactResolver;
         }

-        
+

         /**
          * Decodes a transport request into a SAML protocol message, and evaluates it
          * against a supplied SecurityPolicy. If the transport request does not contain
          * the information necessary to decode the request, NULL will be returned.
          * Errors during the decoding process will be raised as exceptions.
         /**
          * Decodes a transport request into a SAML protocol message, and evaluates it
          * against a supplied SecurityPolicy. If the transport request does not contain
          * the information necessary to decode the request, NULL will be returned.
          * Errors during the decoding process will be raised as exceptions.

-         * 
+         *

          * <p>Artifact-based bindings require an ArtifactResolver be set to
          * turn an artifact into the corresponding message.
          * <p>Artifact-based bindings require an ArtifactResolver be set to
          * turn an artifact into the corresponding message.

-         * 
+         *

          * @param relayState        will be set to RelayState/TARGET value accompanying message
          * @param genericRequest    reference to interface for accessing transport request to decode
          * @param relayState        will be set to RelayState/TARGET value accompanying message
          * @param genericRequest    reference to interface for accessing transport request to decode

-         * @param policy            reference to policy containing rules, MetadataProvider, TrustEngine, etc. 
+         * @param policy            reference to policy containing rules, MetadataProvider, TrustEngine, etc.

          * @return  the decoded message, or NULL if the decoder did not recognize the request content
          */
         virtual xmltooling::XMLObject* decode(
          * @return  the decoded message, or NULL if the decoder did not recognize the request content
          */
         virtual xmltooling::XMLObject* decode(


@@ -155,7 +163,7 @@ namespace opensaml {
 
         /**
          * Extracts policy-relevant message details.
 
         /**
          * Extracts policy-relevant message details.

-         * 
+         *

          * @param message   the incoming message
          * @param request   the protocol request
          * @param protocol  the protocol family in use
          * @param message   the incoming message
          * @param request   the protocol request
          * @param protocol  the protocol family in use

diff --git a/saml/binding/impl/MessageDecoder.cpp b/saml/binding/impl/MessageDecoder.cpp
index 070d90d..56ddae1 100644 (file)
--- a/saml/binding/impl/MessageDecoder.cpp
+++ b/saml/binding/impl/MessageDecoder.cpp
@@ -1,6 +1,6 @@
 /*
 /*

- *  Copyright 2001-2007 Internet2
- * 
+ *  Copyright 2001-2009 Internet2
+ *

  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at


@@ -16,14 +16,17 @@
 
 /**
  * MessageDecoder.cpp
 
 /**
  * MessageDecoder.cpp

- * 
- * Interface to SAML protocol binding message decoders. 
+ *
+ * Interface to SAML protocol binding message decoders.

  */
 
 #include "internal.h"
 #include "binding/MessageDecoder.h"
  */
 
 #include "internal.h"
 #include "binding/MessageDecoder.h"

+#include "saml2/metadata/EndpointManager.h"
+#include "saml2/metadata/Metadata.h"

 #include "util/SAMLConstants.h"
 
 #include "util/SAMLConstants.h"
 

+using namespace opensaml::saml2md;

 using namespace opensaml;
 using namespace xmltooling;
 using namespace std;
 using namespace opensaml;
 using namespace xmltooling;
 using namespace std;


@@ -33,7 +36,7 @@ namespace opensaml {
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML1ArtifactDecoderFactory;
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML1POSTDecoderFactory;
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML1SOAPDecoderFactory;
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML1ArtifactDecoderFactory;
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML1POSTDecoderFactory;
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML1SOAPDecoderFactory;

-    }; 
+    };

 
     namespace saml2p {
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML2ArtifactDecoderFactory;
 
     namespace saml2p {
         SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair<const DOMElement*,const XMLCh*> >::Factory SAML2ArtifactDecoderFactory;


@@ -57,3 +60,18 @@ void SAML_API opensaml::registerMessageDecoders()
     conf.MessageDecoderManager.registerFactory(samlconstants::SAML20_BINDING_SOAP, saml2p::SAML2SOAPDecoderFactory);
     conf.MessageDecoderManager.registerFactory(samlconstants::SAML20_BINDING_PAOS, saml2p::SAML2ECPDecoderFactory);
 }
     conf.MessageDecoderManager.registerFactory(samlconstants::SAML20_BINDING_SOAP, saml2p::SAML2SOAPDecoderFactory);
     conf.MessageDecoderManager.registerFactory(samlconstants::SAML20_BINDING_PAOS, saml2p::SAML2ECPDecoderFactory);
 }

+
+bool MessageDecoder::ArtifactResolver::isSupported(const SSODescriptorType& ssoDescriptor) const
+{
+    EndpointManager<ArtifactResolutionService> mgr(ssoDescriptor.getArtifactResolutionServices());
+    if (ssoDescriptor.hasSupport(samlconstants::SAML20P_NS)) {
+        auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP);
+        return (mgr.getByBinding(binding.get()) != NULL);
+    }
+    else if (ssoDescriptor.hasSupport(samlconstants::SAML11_PROTOCOL_ENUM) || ssoDescriptor.hasSupport(samlconstants::SAML10_PROTOCOL_ENUM)) {
+        auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP);
+        return (mgr.getByBinding(binding.get()) != NULL);
+    }
+
+    return false;
+}