#include "saml2/metadata/MetadataProvider.h"
#include "util/SAMLConstants.h"
-#include <log4cpp/Category.hh>
+#include <xmltooling/logging.h>
using namespace opensaml::saml2md;
using namespace opensaml::saml1p;
using namespace opensaml;
+using namespace xmltooling::logging;
using namespace xmltooling;
-using namespace log4cpp;
using namespace std;
namespace opensaml {
SAML1MessageRule(const DOMElement* e) {}
virtual ~SAML1MessageRule() {}
- void evaluate(const xmltooling::XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const;
+ const char* getType() const {
+ return SAML1MESSAGE_POLICY_RULE;
+ }
+ void evaluate(const XMLObject& message, const GenericRequest* request, const XMLCh* protocol, SecurityPolicy& policy) const;
};
SecurityPolicyRule* SAML_DLLLOCAL SAML1MessageRuleFactory(const DOMElement* const & e)
}
};
-void SAML1MessageRule::evaluate(const XMLObject& message, const GenericRequest* request, SecurityPolicy& policy) const
+void SAML1MessageRule::evaluate(
+ const XMLObject& message, const GenericRequest* request, const XMLCh* protocol, SecurityPolicy& policy
+ ) const
{
- Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.SAML1Message");
-
- const QName& q = message.getElementQName();
- policy.setMessageQName(&q);
-
+ // Only handle SAML 1.x protocol and SAML 1.x messages.
+ if (!XMLString::equals(protocol, samlconstants::SAML11_PROTOCOL_ENUM) &&
+ !XMLString::equals(protocol, samlconstants::SAML10_PROTOCOL_ENUM))
+ return;
+ const QName& q = message.getElementQName();
if (!XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1P_NS) &&
- !XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1_NS)) {
- log.debug("not a SAML 1.x protocol message or assertion");
+ !XMLString::equals(q.getNamespaceURI(), samlconstants::SAML1_NS))
return;
- }
-
+
+ Category& log=Category::getInstance(SAML_LOGCAT".SecurityPolicyRule.SAML1Message");
try {
const RootObject& samlRoot = dynamic_cast<const RootObject&>(message);
log.debug("extracting issuer from message");
- const XMLCh* protocol = NULL;
const saml1::Assertion* a = NULL;
// Handle assertions directly.
a = assertions.front();
}
- if (a && a->getIssuer()) {
- if (!policy.getIssuer() || policy.getIssuer()->getFormat() ||
- !XMLString::equals(policy.getIssuer()->getName(), a->getIssuer())) {
- // We either have a conflict, or a first-time set of Issuer.
- auto_ptr<saml2::Issuer> issuer(saml2::IssuerBuilder::buildIssuer());
- issuer->setName(a->getIssuer());
- policy.setIssuer(issuer.get());
- issuer.release(); // owned by policy now
- }
- pair<bool,int> minor = a->getMinorVersion();
- protocol = (minor.first && minor.second==0) ?
- samlconstants::SAML10_PROTOCOL_ENUM : samlconstants::SAML11_PROTOCOL_ENUM;
+ if (a) {
+ policy.setIssuer(a->getIssuer());
}
-
- if (!protocol) {
+ else {
log.warn("issuer identity not extracted");
return;
}
if (log.isDebugEnabled()) {
- auto_ptr_char iname(policy.getIssuer()->getName());
+ auto_ptr_char iname(a->getIssuer());
log.debug("message from (%s)", iname.get());
}
if (policy.getMetadataProvider() && policy.getRole()) {
log.debug("searching metadata for message issuer...");
- const EntityDescriptor* entity = policy.getMetadataProvider()->getEntityDescriptor(policy.getIssuer()->getName());
+ const EntityDescriptor* entity = policy.getMetadataProvider()->getEntityDescriptor(a->getIssuer());
if (!entity) {
- auto_ptr_char temp(policy.getIssuer()->getName());
+ auto_ptr_char temp(a->getIssuer());
log.warn("no metadata found, can't establish identity of issuer (%s)", temp.get());
return;
}