From: Scott Cantor Date: Tue, 27 Jan 2009 19:15:14 +0000 (+0000) Subject: https://issues.shibboleth.net/jira/browse/SSPCPP-181 X-Git-Tag: 2.2.0~39 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=3a32a5a263b304bce0014f0dbfa7ab476065cd19 https://issues.shibboleth.net/jira/browse/SSPCPP-181 --- diff --git a/saml/binding/MessageDecoder.h b/saml/binding/MessageDecoder.h index 9f3905d..479f199 100644 --- a/saml/binding/MessageDecoder.h +++ b/saml/binding/MessageDecoder.h @@ -1,6 +1,6 @@ /* - * Copyright 2001-2007 Internet2 - * + * Copyright 2001-2009 Internet2 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,8 +16,8 @@ /** * @file saml/binding/MessageDecoder.h - * - * Interface to SAML protocol binding message decoders. + * + * Interface to SAML protocol binding message decoders. */ #ifndef __saml_decoder_h__ @@ -28,7 +28,7 @@ #include namespace opensaml { - + class SAML_API SAMLArtifact; namespace saml1p { class SAML_API Response; @@ -64,12 +64,12 @@ namespace opensaml { /** * Interface to caller-supplied artifact resolution mechanism. - * + * * Resolving artifacts requires internally performing a SOAP-based * call to the artifact source, usually in a mutually authenticated fashion. * The potential options vary widely, so the work is encapsulated by this * interface, though of course other library facilities may be used. - * + * *

A MessageDecoder implementation will invoke the supplied interface * when it requires an artifact be resolved. */ @@ -85,11 +85,11 @@ namespace opensaml { * Resolves one or more SAML 1.x artifacts into a response containing a set of * resolved Assertions. The caller is responsible for the resulting Response. * The supplied SecurityPolicy is used to access caller-supplied infrastructure - * and to pass back the result of authenticating the resolution process. - * + * and to pass back the result of authenticating the resolution process. + * * @param artifacts one or more SAML 1.x artifacts * @param idpDescriptor reference to IdP role of artifact issuer - * @param policy reference to policy containing rules, MetadataProvider, TrustEngine, etc. + * @param policy reference to policy containing rules, MetadataProvider, TrustEngine, etc. * @return the corresponding SAML Assertions wrapped in a Response. */ virtual saml1p::Response* resolve( @@ -102,11 +102,11 @@ namespace opensaml { * Resolves a SAML 2.0 artifact into the corresponding SAML protocol message. * The caller is responsible for the resulting ArtifactResponse message. * The supplied SecurityPolicy is used to access caller-supplied infrastructure - * and to pass back the result of authenticating the resolution process. - * + * and to pass back the result of authenticating the resolution process. + * * @param artifact reference to a SAML 2.0 artifact * @param ssoDescriptor reference to SSO role of artifact issuer (may be SP or IdP) - * @param policy reference to policy containing rules, MetadataProvider, TrustEngine, etc. + * @param policy reference to policy containing rules, MetadataProvider, TrustEngine, etc. * @return the corresponding SAML protocol message or NULL */ virtual saml2p::ArtifactResponse* resolve( @@ -114,31 +114,39 @@ namespace opensaml { const saml2md::SSODescriptorType& ssoDescriptor, SecurityPolicy& policy ) const=0; + + /** + * Returns true iff the metadata provided includes a supported artifact resolution service. + * + * @param ssoDescriptor reference to SSO role of artifact issuer (may be SP or IdP) + * @return true iff the artifact issuer offers endpoints supported by this resolver + */ + virtual bool isSupported(const saml2md::SSODescriptorType& ssoDescriptor) const; }; /** * Provides an ArtifactResolver implementation for the MessageDecoder to use. - * The implementation's lifetime must be longer than the lifetime of this object. - * This method must be externally synchronized. - * + * The implementation's lifetime must be longer than the lifetime of this object. + * This method must be externally synchronized. + * * @param artifactResolver an ArtifactResolver implementation to use */ void setArtifactResolver(const ArtifactResolver* artifactResolver) { m_artifactResolver = artifactResolver; } - + /** * Decodes a transport request into a SAML protocol message, and evaluates it * against a supplied SecurityPolicy. If the transport request does not contain * the information necessary to decode the request, NULL will be returned. * Errors during the decoding process will be raised as exceptions. - * + * *

Artifact-based bindings require an ArtifactResolver be set to * turn an artifact into the corresponding message. - * + * * @param relayState will be set to RelayState/TARGET value accompanying message * @param genericRequest reference to interface for accessing transport request to decode - * @param policy reference to policy containing rules, MetadataProvider, TrustEngine, etc. + * @param policy reference to policy containing rules, MetadataProvider, TrustEngine, etc. * @return the decoded message, or NULL if the decoder did not recognize the request content */ virtual xmltooling::XMLObject* decode( @@ -155,7 +163,7 @@ namespace opensaml { /** * Extracts policy-relevant message details. - * + * * @param message the incoming message * @param request the protocol request * @param protocol the protocol family in use diff --git a/saml/binding/impl/MessageDecoder.cpp b/saml/binding/impl/MessageDecoder.cpp index 070d90d..56ddae1 100644 --- a/saml/binding/impl/MessageDecoder.cpp +++ b/saml/binding/impl/MessageDecoder.cpp @@ -1,6 +1,6 @@ /* - * Copyright 2001-2007 Internet2 - * + * Copyright 2001-2009 Internet2 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,14 +16,17 @@ /** * MessageDecoder.cpp - * - * Interface to SAML protocol binding message decoders. + * + * Interface to SAML protocol binding message decoders. */ #include "internal.h" #include "binding/MessageDecoder.h" +#include "saml2/metadata/EndpointManager.h" +#include "saml2/metadata/Metadata.h" #include "util/SAMLConstants.h" +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmltooling; using namespace std; @@ -33,7 +36,7 @@ namespace opensaml { SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair >::Factory SAML1ArtifactDecoderFactory; SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair >::Factory SAML1POSTDecoderFactory; SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair >::Factory SAML1SOAPDecoderFactory; - }; + }; namespace saml2p { SAML_DLLLOCAL PluginManager< MessageDecoder,string,pair >::Factory SAML2ArtifactDecoderFactory; @@ -57,3 +60,18 @@ void SAML_API opensaml::registerMessageDecoders() conf.MessageDecoderManager.registerFactory(samlconstants::SAML20_BINDING_SOAP, saml2p::SAML2SOAPDecoderFactory); conf.MessageDecoderManager.registerFactory(samlconstants::SAML20_BINDING_PAOS, saml2p::SAML2ECPDecoderFactory); } + +bool MessageDecoder::ArtifactResolver::isSupported(const SSODescriptorType& ssoDescriptor) const +{ + EndpointManager mgr(ssoDescriptor.getArtifactResolutionServices()); + if (ssoDescriptor.hasSupport(samlconstants::SAML20P_NS)) { + auto_ptr_XMLCh binding(samlconstants::SAML20_BINDING_SOAP); + return (mgr.getByBinding(binding.get()) != NULL); + } + else if (ssoDescriptor.hasSupport(samlconstants::SAML11_PROTOCOL_ENUM) || ssoDescriptor.hasSupport(samlconstants::SAML10_PROTOCOL_ENUM)) { + auto_ptr_XMLCh binding(samlconstants::SAML1_BINDING_SOAP); + return (mgr.getByBinding(binding.get()) != NULL); + } + + return false; +}