From 8131124adcd9927d04a563e3159914d8670ff306 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Wed, 14 Feb 2007 05:28:34 +0000 Subject: [PATCH] Promote setSignature method, refactor SOAP objects for better reuse of client subclasses. --- saml/binding/SOAPClient.h | 22 +++++++++++++--------- saml/binding/impl/SOAPClient.cpp | 6 +++--- saml/saml1/binding/SAML1SOAPClient.h | 24 ++++++++++++++++-------- saml/saml1/binding/impl/SAML1SOAPClient.cpp | 6 +++--- saml/saml1/core/Assertions.h | 1 - saml/saml1/core/Protocols.h | 2 -- saml/saml2/binding/SAML2SOAPClient.h | 20 ++++++++++++++------ saml/saml2/binding/impl/SAML2SOAPClient.cpp | 6 +++--- saml/saml2/core/Assertions.h | 1 - saml/saml2/core/Protocols.h | 2 -- saml/saml2/metadata/Metadata.h | 4 ---- saml/signature/SignableObject.h | 7 +++++++ 12 files changed, 59 insertions(+), 42 deletions(-) diff --git a/saml/binding/SOAPClient.h b/saml/binding/SOAPClient.h index e9fa25f..e2d741d 100644 --- a/saml/binding/SOAPClient.h +++ b/saml/binding/SOAPClient.h @@ -31,7 +31,7 @@ namespace opensaml { /** * Specialized SOAPClient for SAML SOAP bindings. */ - class SAML_API SOAPClient : public virtual soap11::SOAPClient + class SAML_API SOAPClient : public soap11::SOAPClient { public: /** @@ -41,11 +41,9 @@ namespace opensaml { * @param validating controls schema validation */ SOAPClient(SecurityPolicy& policy, bool validating=false) - : soap11::SOAPClient(validating), m_policy(policy), m_force(true), m_correlate(NULL) {} + : soap11::SOAPClient(validating), m_policy(policy), m_force(true), m_peer(NULL) {} - virtual ~SOAPClient() { - XMLString::release(&m_correlate); - } + virtual ~SOAPClient() {} /** * Controls whether to force transport/peer authentication via an X509TrustEngine. @@ -77,6 +75,15 @@ namespace opensaml { void reset(); + /** + * Returns the SecurityPolicy supplied to the client. + * + * @return the associated SecurityPolicy + */ + SecurityPolicy& getPolicy() const { + return m_policy; + } + protected: /** * Override prepares transport by assigning an X509TrustEngine to it, if one is @@ -92,10 +99,7 @@ namespace opensaml { /** Flag controlling whether transport/peer authn is mandatory. */ bool m_force; - /** Message correlation ID. */ - XMLCh* m_correlate; - - private: + /** Metadata-based peer identity. */ const saml2md::RoleDescriptor* m_peer; }; diff --git a/saml/binding/impl/SOAPClient.cpp b/saml/binding/impl/SOAPClient.cpp index 84fa0ee..5d15bca 100644 --- a/saml/binding/impl/SOAPClient.cpp +++ b/saml/binding/impl/SOAPClient.cpp @@ -42,7 +42,8 @@ void SOAPClient::send(const soap11::Envelope& env, const KeyInfoSource& peer, co // Clear policy. m_policy.reset(); - m_peer = dynamic_cast(&peer); + if (!m_peer) + m_peer = dynamic_cast(&peer); if (m_peer) { const QName& role = m_peer->getElementQName(); if (XMLString::equals(role.getLocalPart(),RoleDescriptor::LOCAL_NAME)) @@ -94,8 +95,7 @@ soap11::Envelope* SOAPClient::receive() void SOAPClient::reset() { + m_peer = NULL; soap11::SOAPClient::reset(); m_policy.reset(); - XMLString::release(&m_correlate); - m_correlate=NULL; } diff --git a/saml/saml1/binding/SAML1SOAPClient.h b/saml/saml1/binding/SAML1SOAPClient.h index d3e6ab9..ee41fbb 100644 --- a/saml/saml1/binding/SAML1SOAPClient.h +++ b/saml/saml1/binding/SAML1SOAPClient.h @@ -17,7 +17,7 @@ /** * @file saml/saml1/binding/SAML1SOAPClient.h * - * Specialized SOAPClient for SAML 1.x SOAP binding. + * Client class for SAML 1.x SOAP binding. */ #ifndef __saml1_soap11client_h__ @@ -33,20 +33,22 @@ namespace opensaml { class SAML_API Status; /** - * Specialized SOAPClient for SAML 1.x SOAP binding. + * Client class for SAML 1.x SOAP binding. */ - class SAML_API SAML1SOAPClient : public opensaml::SOAPClient + class SAML_API SAML1SOAPClient { public: /** - * Creates a SOAP client instance with a particular SecurityPolicy. + * Constructor * - * @param policy reference to SecurityPolicy to apply - * @param validating controls schema validation + * @param soaper reference to SOAPClient object to use for call */ - SAML1SOAPClient(SecurityPolicy& policy, bool validating=false) : opensaml::SOAPClient(policy, validating) {} + SAML1SOAPClient(SOAPClient& soaper) : m_soaper(soaper), m_correlate(NULL) { + } - virtual ~SAML1SOAPClient() {} + virtual ~SAML1SOAPClient() { + XMLString::release(&m_correlate); + } /** * Specialized method for sending SAML 1.x requests. The SOAP layer will be @@ -78,6 +80,12 @@ namespace opensaml { * @return true iff the error should be treated as a fatal error */ virtual bool handleError(const Status& status); + + /** SOAP client object */ + SOAPClient& m_soaper; + + private: + XMLCh* m_correlate; }; }; diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp index 3760a17..c684596 100644 --- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp +++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp @@ -43,13 +43,13 @@ void SAML1SOAPClient::sendSAML(Request* request, const RoleDescriptor& peer, con Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(request); - send(*env.get(), peer, endpoint); + m_soaper.send(*env.get(), peer, endpoint); m_correlate = XMLString::replicate(request->getRequestID()); } Response* SAML1SOAPClient::receiveSAML() { - auto_ptr env(receive()); + auto_ptr env(m_soaper.receive()); if (env.get()) { Body* body = env->getBody(); if (body && body->hasChildren()) { @@ -69,7 +69,7 @@ Response* SAML1SOAPClient::receiveSAML() throw BindingException("SAML Response contained an error."); } - m_policy.evaluate(*response); + m_soaper.getPolicy().evaluate(*response); env.release(); body->detach(); // frees Envelope response->detach(); // frees Body diff --git a/saml/saml1/core/Assertions.h b/saml/saml1/core/Assertions.h index 217a101..bd73fcb 100644 --- a/saml/saml1/core/Assertions.h +++ b/saml/saml1/core/Assertions.h @@ -230,7 +230,6 @@ namespace opensaml { DECL_TYPED_CHILDREN(AuthenticationStatement); DECL_TYPED_CHILDREN(AttributeStatement); DECL_TYPED_CHILDREN(AuthorizationDecisionStatement); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); /** AssertionType local name */ static const XMLCh TYPE_NAME[]; END_XMLOBJECT; diff --git a/saml/saml1/core/Protocols.h b/saml/saml1/core/Protocols.h index 407ed35..a63d209 100644 --- a/saml/saml1/core/Protocols.h +++ b/saml/saml1/core/Protocols.h @@ -94,7 +94,6 @@ namespace opensaml { DECL_STRING_ATTRIB(RequestID,REQUESTID); DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); DECL_TYPED_CHILDREN(RespondWith); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); /** RequestAbstractType local name */ static const XMLCh TYPE_NAME[]; END_XMLOBJECT; @@ -145,7 +144,6 @@ namespace opensaml { DECL_STRING_ATTRIB(InResponseTo,INRESPONSETO); DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); DECL_STRING_ATTRIB(Recipient,RECIPIENT); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); /** ResponseAbstractType local name */ static const XMLCh TYPE_NAME[]; END_XMLOBJECT; diff --git a/saml/saml2/binding/SAML2SOAPClient.h b/saml/saml2/binding/SAML2SOAPClient.h index a890f94..0fb8dfc 100644 --- a/saml/saml2/binding/SAML2SOAPClient.h +++ b/saml/saml2/binding/SAML2SOAPClient.h @@ -35,18 +35,20 @@ namespace opensaml { /** * Specialized SOAPClient for SAML 2.0 SOAP binding. */ - class SAML_API SAML2SOAPClient : public opensaml::SOAPClient + class SAML_API SAML2SOAPClient { public: /** - * Creates a SOAP client instance with a particular SecurityPolicy. + * Constructor * - * @param policy reference to SecurityPolicy to apply - * @param validating controls schema validation + * @param soaper reference to SOAPClient object to use for call */ - SAML2SOAPClient(SecurityPolicy& policy, bool validating=false) : opensaml::SOAPClient(policy, validating) {} + SAML2SOAPClient(SOAPClient& soaper) : m_soaper(soaper), m_correlate(NULL) { + } - virtual ~SAML2SOAPClient() {} + virtual ~SAML2SOAPClient() { + XMLString::release(&m_correlate); + } /** * Specialized method for sending SAML 2.0 requests. The SOAP layer will be @@ -78,6 +80,12 @@ namespace opensaml { * @return true iff the error should be treated as a fatal error */ virtual bool handleError(const Status& status); + + /** SOAP client object */ + SOAPClient& m_soaper; + + private: + XMLCh* m_correlate; }; }; diff --git a/saml/saml2/binding/impl/SAML2SOAPClient.cpp b/saml/saml2/binding/impl/SAML2SOAPClient.cpp index 084edbb..4a1fc04 100644 --- a/saml/saml2/binding/impl/SAML2SOAPClient.cpp +++ b/saml/saml2/binding/impl/SAML2SOAPClient.cpp @@ -43,13 +43,13 @@ void SAML2SOAPClient::sendSAML(RequestAbstractType* request, const RoleDescripto Body* body = BodyBuilder::buildBody(); env->setBody(body); body->getUnknownXMLObjects().push_back(request); - send(*env.get(), peer, endpoint); + m_soaper.send(*env.get(), peer, endpoint); m_correlate = XMLString::replicate(request->getID()); } StatusResponseType* SAML2SOAPClient::receiveSAML() { - auto_ptr env(receive()); + auto_ptr env(m_soaper.receive()); if (env.get()) { Body* body = env->getBody(); if (body && body->hasChildren()) { @@ -69,7 +69,7 @@ StatusResponseType* SAML2SOAPClient::receiveSAML() throw BindingException("SAML Response contained an error."); } - m_policy.evaluate(*response); + m_soaper.getPolicy().evaluate(*response); env.release(); body->detach(); // frees Envelope response->detach(); // frees Body diff --git a/saml/saml2/core/Assertions.h b/saml/saml2/core/Assertions.h index cfded95..b77efa1 100644 --- a/saml/saml2/core/Assertions.h +++ b/saml/saml2/core/Assertions.h @@ -328,7 +328,6 @@ namespace opensaml { DECL_INHERITED_STRING_ATTRIB(ID,ID); DECL_INHERITED_DATETIME_ATTRIB(IssueInstant,ISSUEINSTANT); DECL_INHERITED_TYPED_CHILD(Issuer); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Subject); DECL_TYPED_CHILD(Conditions); DECL_TYPED_CHILD(Advice); diff --git a/saml/saml2/core/Protocols.h b/saml/saml2/core/Protocols.h index 749414b..3b5e68a 100644 --- a/saml/saml2/core/Protocols.h +++ b/saml/saml2/core/Protocols.h @@ -57,7 +57,6 @@ namespace opensaml { DECL_STRING_ATTRIB(Destination,DESTINATION); DECL_STRING_ATTRIB(Consent,CONSENT); DECL_INHERITED_TYPED_FOREIGN_CHILD(Issuer,saml2); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Extensions); /** RequestAbstractType local name */ static const XMLCh TYPE_NAME[]; @@ -147,7 +146,6 @@ namespace opensaml { DECL_STRING_ATTRIB(Destination,DESTINATION); DECL_STRING_ATTRIB(Consent,CONSENT); DECL_INHERITED_TYPED_FOREIGN_CHILD(Issuer,saml2); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Extensions); DECL_TYPED_CHILD(Status); /** StatusResponseType local name */ diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h index cd60842..cdb06b4 100644 --- a/saml/saml2/metadata/Metadata.h +++ b/saml/saml2/metadata/Metadata.h @@ -166,7 +166,6 @@ namespace opensaml { /** Searches the ProtocolSupportEnumeration attribute for the indicated protocol. */ virtual bool hasSupport(const XMLCh* protocol) const=0; DECL_STRING_ATTRIB(ErrorURL,ERRORURL); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Extensions); DECL_TYPED_CHILDREN(KeyDescriptor); DECL_TYPED_CHILD(Organization); @@ -325,7 +324,6 @@ namespace opensaml { CacheableSAMLObject,TimeBoundSAMLObject,SAML 2.0 AffiliationDescriptor element); DECL_STRING_ATTRIB(ID,ID); DECL_STRING_ATTRIB(AffiliationOwnerID,AFFILIATIONOWNERID); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Extensions); DECL_TYPED_CHILDREN(AffiliateMember); DECL_TYPED_CHILDREN(KeyDescriptor); @@ -337,7 +335,6 @@ namespace opensaml { CacheableSAMLObject,TimeBoundSAMLObject,SAML 2.0 EntityDescriptor element); DECL_STRING_ATTRIB(ID,ID); DECL_STRING_ATTRIB(EntityID,ENTITYID); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Extensions); DECL_TYPED_CHILD(AffiliationDescriptor); DECL_TYPED_CHILDREN(RoleDescriptor); @@ -378,7 +375,6 @@ namespace opensaml { TimeBoundSAMLObject,SAML 2.0 EntitiesDescriptor element); DECL_STRING_ATTRIB(ID,ID); DECL_STRING_ATTRIB(Name,NAME); - DECL_INHERITED_TYPED_FOREIGN_CHILD(Signature,xmlsignature); DECL_TYPED_CHILD(Extensions); DECL_TYPED_CHILDREN(EntityDescriptor); DECL_TYPED_CHILDREN(EntitiesDescriptor); diff --git a/saml/signature/SignableObject.h b/saml/signature/SignableObject.h index 9f0e992..8c10e77 100644 --- a/saml/signature/SignableObject.h +++ b/saml/signature/SignableObject.h @@ -55,6 +55,13 @@ namespace opensaml { */ virtual xmlsignature::Signature* getSignature() const=0; + /** + * Sets an enveloped Signature in the object. + * + * @param sig the enveloped Signature, or NULL + */ + virtual void setSignature(xmlsignature::Signature* sig)=0; + protected: SignableObject() {} }; -- 2.1.4