SSPCPP-616 - clean up concatenated string literals

[shibboleth/cpp-sp.git] / shibsp / handler / impl / SAML2SessionInitiator.cpp

diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp
index a3377e8..d4265c3 100644 (file)
--- a/shibsp/handler/impl/SAML2SessionInitiator.cpp
+++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp
@@ -84,6 +84,12 @@ namespace shibsp {
             return samlconstants::SAML20P_NS;
         }
 
+#ifndef SHIBSP_LITE
+        void generateMetadata(saml2md::SPSSODescriptor& role, const char* handlerURL) const {
+            doGenerateMetadata(role, handlerURL);
+        }
+#endif
+
     private:
         pair<bool,long> doRequest(
             const Application& application,
@@ -120,6 +126,21 @@ namespace shibsp {
     #pragma warning( pop )
 #endif
 
+    class SHIBSP_DLLLOCAL SessionInitiatorNodeFilter : public DOMNodeFilter
+    {
+    public:
+#ifdef SHIBSP_XERCESC_SHORT_ACCEPTNODE
+        short
+#else
+        FilterAction
+#endif
+        acceptNode(const DOMNode* node) const {
+            return FILTER_REJECT;
+        }
+    };
+
+    static SHIBSP_DLLLOCAL SessionInitiatorNodeFilter g_SINFilter;
+
     SessionInitiator* SHIBSP_DLLLOCAL SAML2SessionInitiatorFactory(const pair<const DOMElement*,const char*>& p)
     {
         return new SAML2SessionInitiator(p.first, p.second);
@@ -128,7 +149,7 @@ namespace shibsp {
 };
 
 SAML2SessionInitiator::SAML2SessionInitiator(const DOMElement* e, const char* appId)
-    : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.SAML2"), nullptr, &m_remapper), m_appId(appId),
+    : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT ".SessionInitiator.SAML2"), &g_SINFilter, &m_remapper), m_appId(appId),
         m_paosNS(samlconstants::PAOS_NS), m_ecpNS(samlconstants::SAML20ECP_NS), m_paosBinding(samlconstants::SAML20_BINDING_PAOS)
 #ifdef SHIBSP_LITE
         ,m_ecp(false)
@@ -193,6 +214,7 @@ void SAML2SessionInitiator::init(const char* location)
         pair<bool,const char*> outgoing = getString("outgoingBindings");
         if (outgoing.first) {
             dupBindings = outgoing.second;
+            trim(dupBindings);
         }
         else {
             // No override, so we'll install a default binding precedence.
@@ -263,7 +285,7 @@ pair<bool,long> SAML2SessionInitiator::run(SPRequest& request, string& entityID,
 
         // Always need to recover target URL to compute handler below.
         recoverRelayState(app, request, request, target, false);
-        limitRelayState(m_log, app, request, target.c_str());
+        app.limitRedirect(request, target.c_str());
 
         pair<bool,bool> flag = getBool("isPassive", request);
         isPassive = (flag.first && flag.second);
@@ -643,6 +665,7 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
         if (authnContextClassRef) {
             reqContext->getAuthnContextDeclRefs().clear();
             string dup(authnContextClassRef);
+            trim(dup);
             vector<string> contexts;
             split(contexts, dup, is_space(), algorithm::token_compress_on);
             for (vector<string>::const_iterator ac = contexts.begin(); ac != contexts.end(); ++ac) {
@@ -664,21 +687,26 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
     }
 
     pair<bool,bool> requestDelegation = getBool("requestDelegation");
-    if (requestDelegation.first && requestDelegation.second && entity.first) {
-        // Request delegation by including the IdP as an Audience.
-        // Also specify the expected session lifetime as the bound on the assertion lifetime.
-        const PropertySet* sessionProps = app.getPropertySet("Sessions");
-        pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
-        if (!lifetime.first || lifetime.second == 0)
-            lifetime.second = 28800;
-        if (!req->getConditions())
-            req->setConditions(ConditionsBuilder::buildConditions());
-        req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
-        AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
-        req->getConditions()->getConditions().push_back(audrest);
-        Audience* aud = AudienceBuilder::buildAudience();
-        audrest->getAudiences().push_back(aud);
-        aud->setAudienceURI(entity.first->getEntityID());
+    if (requestDelegation.first && requestDelegation.second) {
+        if (entity.first) {
+            // Request delegation by including the IdP as an Audience.
+            // Also specify the expected session lifetime as the bound on the assertion lifetime.
+            const PropertySet* sessionProps = app.getPropertySet("Sessions");
+            pair<bool,unsigned int> lifetime = sessionProps ? sessionProps->getUnsignedInt("lifetime") : pair<bool,unsigned int>(true,28800);
+            if (!lifetime.first || lifetime.second == 0)
+                lifetime.second = 28800;
+            if (!req->getConditions())
+                req->setConditions(ConditionsBuilder::buildConditions());
+            req->getConditions()->setNotOnOrAfter(time(nullptr) + lifetime.second + 300);
+            AudienceRestriction* audrest = AudienceRestrictionBuilder::buildAudienceRestriction();
+            req->getConditions()->getConditions().push_back(audrest);
+            Audience* aud = AudienceBuilder::buildAudience();
+            audrest->getAudiences().push_back(aud);
+            aud->setAudienceURI(entity.first->getEntityID());
+        }
+        else {
+            m_log.warn("requestDelegation set, but IdP unknown at request time");
+        }
     }
 
     if (ECP && entityID) {
@@ -702,7 +730,9 @@ pair<bool,long> SAML2SessionInitiator::doRequest(
         }
     }
 
-    req->setID(SAMLConfig::getConfig().generateIdentifier());
+    XMLCh* genid = SAMLConfig::getConfig().generateIdentifier();
+    req->setID(genid);
+    XMLString::release(&genid);
     req->setIssueInstant(time(nullptr));
 
     scoped_ptr<AuthnRequestEvent> ar_event(newAuthnRequestEvent(app, httpRequest));