From: Scott Cantor Date: Sat, 7 Apr 2007 02:07:05 +0000 (+0000) Subject: Tighten up SAML 1.0 processing. X-Git-Tag: 2.0-alpha1~58 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-opensaml.git;a=commitdiff_plain;h=e388b2c087cfa7876493493416ffce813ceb20da Tighten up SAML 1.0 processing. --- diff --git a/saml/saml1/core/impl/AssertionsImpl.cpp b/saml/saml1/core/impl/AssertionsImpl.cpp index 602890b..45661fb 100644 --- a/saml/saml1/core/impl/AssertionsImpl.cpp +++ b/saml/saml1/core/impl/AssertionsImpl.cpp @@ -1001,7 +1001,7 @@ namespace opensaml { prepareForAssignment(m_Signature,sig); *m_pos_Signature=m_Signature=sig; // Sync content reference back up. - if (m_Signature) + if (m_Signature && (!m_AssertionID || *m_AssertionID!=chDigit_0)) m_Signature->setContentReference(new opensaml::ContentReference(*this)); } @@ -1034,7 +1034,9 @@ namespace opensaml { MARSHALL_INTEGER_ATTRIB(MinorVersion,MINORVERSION,NULL); if (!m_AssertionID) const_cast(this)->m_AssertionID=SAMLConfig::getConfig().generateIdentifier(); - MARSHALL_ID_ATTRIB(AssertionID,ASSERTIONID,NULL); + domElement->setAttributeNS(NULL, ASSERTIONID_ATTRIB_NAME, m_AssertionID); + if (*m_MinorVersion!=chDigit_0) + domElement->setIdAttributeNS(NULL, ASSERTIONID_ATTRIB_NAME); MARSHALL_STRING_ATTRIB(Issuer,ISSUER,NULL); if (!m_IssueInstant) { const_cast(this)->m_IssueInstantEpoch=time(NULL); @@ -1055,6 +1057,13 @@ namespace opensaml { AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root); } + void unmarshallAttributes(const DOMElement* domElement) { + // Standard processing, but then we check IDness. + AbstractXMLObjectUnmarshaller::unmarshallAttributes(domElement); + if (m_AssertionID && (!m_MinorVersion || *m_MinorVersion!=chDigit_0)) + const_cast(domElement)->setIdAttributeNS(NULL, ASSERTIONID_ATTRIB_NAME); + } + void processAttribute(const DOMAttr* attribute) { static const XMLCh MAJORVERSION[] = UNICODE_LITERAL_12(M,a,j,o,r,V,e,r,s,i,o,n); if (XMLHelper::isNodeNamed(attribute,NULL,MAJORVERSION)) { @@ -1062,7 +1071,7 @@ namespace opensaml { throw UnmarshallingException("Assertion has invalid major version."); } PROC_INTEGER_ATTRIB(MinorVersion,MINORVERSION,NULL); - PROC_ID_ATTRIB(AssertionID,ASSERTIONID,NULL); + PROC_STRING_ATTRIB(AssertionID,ASSERTIONID,NULL); PROC_STRING_ATTRIB(Issuer,ISSUER,NULL); PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL); } diff --git a/saml/saml1/core/impl/ProtocolsImpl.cpp b/saml/saml1/core/impl/ProtocolsImpl.cpp index e3becd6..88afe20 100644 --- a/saml/saml1/core/impl/ProtocolsImpl.cpp +++ b/saml/saml1/core/impl/ProtocolsImpl.cpp @@ -349,7 +349,7 @@ namespace opensaml { prepareForAssignment(m_Signature,sig); *m_pos_Signature=m_Signature=sig; // Sync content reference back up. - if (m_Signature) + if (m_Signature && (!m_RequestID || *m_RequestID!=chDigit_0)) m_Signature->setContentReference(new opensaml::ContentReference(*this)); } @@ -374,7 +374,9 @@ namespace opensaml { MARSHALL_INTEGER_ATTRIB(MinorVersion,MINORVERSION,NULL); if (!m_RequestID) const_cast(this)->m_RequestID=SAMLConfig::getConfig().generateIdentifier(); - MARSHALL_ID_ATTRIB(RequestID,REQUESTID,NULL); + domElement->setAttributeNS(NULL, REQUESTID_ATTRIB_NAME, m_RequestID); + if (*m_MinorVersion!=chDigit_0) + domElement->setIdAttributeNS(NULL, REQUESTID_ATTRIB_NAME); if (!m_IssueInstant) { const_cast(this)->m_IssueInstantEpoch=time(NULL); const_cast(this)->m_IssueInstant=new DateTime(m_IssueInstantEpoch); @@ -388,6 +390,13 @@ namespace opensaml { AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root); } + void unmarshallAttributes(const DOMElement* domElement) { + // Standard processing, but then we check IDness. + AbstractXMLObjectUnmarshaller::unmarshallAttributes(domElement); + if (m_RequestID && (!m_MinorVersion || *m_MinorVersion!=chDigit_0)) + const_cast(domElement)->setIdAttributeNS(NULL, REQUESTID_ATTRIB_NAME); + } + void processAttribute(const DOMAttr* attribute) { static const XMLCh MAJORVERSION[] = UNICODE_LITERAL_12(M,a,j,o,r,V,e,r,s,i,o,n); if (XMLHelper::isNodeNamed(attribute,NULL,MAJORVERSION)) { @@ -395,7 +404,7 @@ namespace opensaml { throw UnmarshallingException("Request has invalid major version."); } PROC_INTEGER_ATTRIB(MinorVersion,MINORVERSION,NULL); - PROC_ID_ATTRIB(RequestID,REQUESTID,NULL); + PROC_STRING_ATTRIB(RequestID,REQUESTID,NULL); PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL); } }; @@ -668,7 +677,7 @@ namespace opensaml { prepareForAssignment(m_Signature,sig); *m_pos_Signature=m_Signature=sig; // Sync content reference back up. - if (m_Signature) + if (m_Signature && (!m_ResponseID || *m_ResponseID!=chDigit_0)) m_Signature->setContentReference(new opensaml::ContentReference(*this)); } @@ -694,7 +703,9 @@ namespace opensaml { MARSHALL_INTEGER_ATTRIB(MinorVersion,MINORVERSION,NULL); if (!m_ResponseID) const_cast(this)->m_ResponseID=SAMLConfig::getConfig().generateIdentifier(); - MARSHALL_ID_ATTRIB(ResponseID,RESPONSEID,NULL); + domElement->setAttributeNS(NULL, RESPONSEID_ATTRIB_NAME, m_ResponseID); + if (*m_MinorVersion!=chDigit_0) + domElement->setIdAttributeNS(NULL, RESPONSEID_ATTRIB_NAME); MARSHALL_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL); if (!m_IssueInstant) { const_cast(this)->m_IssueInstantEpoch=time(NULL); @@ -709,6 +720,13 @@ namespace opensaml { AbstractXMLObjectUnmarshaller::processChildElement(childXMLObject,root); } + void unmarshallAttributes(const DOMElement* domElement) { + // Standard processing, but then we check IDness. + AbstractXMLObjectUnmarshaller::unmarshallAttributes(domElement); + if (m_ResponseID && (!m_MinorVersion || *m_MinorVersion!=chDigit_0)) + const_cast(domElement)->setIdAttributeNS(NULL, RESPONSEID_ATTRIB_NAME); + } + void processAttribute(const DOMAttr* attribute) { static const XMLCh MAJORVERSION[] = UNICODE_LITERAL_12(M,a,j,o,r,V,e,r,s,i,o,n); if (XMLHelper::isNodeNamed(attribute,NULL,MAJORVERSION)) { @@ -716,7 +734,7 @@ namespace opensaml { throw UnmarshallingException("Response has invalid major version."); } PROC_INTEGER_ATTRIB(MinorVersion,MINORVERSION,NULL); - PROC_ID_ATTRIB(ResponseID,RESPONSEID,NULL); + PROC_STRING_ATTRIB(ResponseID,RESPONSEID,NULL); PROC_STRING_ATTRIB(InResponseTo,INRESPONSETO,NULL); PROC_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT,NULL); PROC_STRING_ATTRIB(Recipient,RECIPIENT,NULL);