Annotate exceptions with status information.

[shibboleth/opensaml2.git] / saml / saml1 / binding / impl / SAML1SOAPClient.cpp

diff --git a/saml/saml1/binding/impl/SAML1SOAPClient.cpp b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
index 97114a0..bcd76c1 100644 (file)
--- a/saml/saml1/binding/impl/SAML1SOAPClient.cpp
+++ b/saml/saml1/binding/impl/SAML1SOAPClient.cpp
@@ -37,7 +37,7 @@ using namespace xmltooling;
 using namespace log4cpp;
 using namespace std;
 
-void SAML1SOAPClient::sendSAML(Request* request, const RoleDescriptor& peer, const char* endpoint)
+void SAML1SOAPClient::sendSAML(Request* request, MetadataCredentialCriteria& peer, const char* endpoint)
 {
     auto_ptr<Envelope> env(EnvelopeBuilder::buildEnvelope());
     Body* body = BodyBuilder::buildBody();
@@ -56,20 +56,34 @@ Response* SAML1SOAPClient::receiveSAML()
             // Check for SAML Response.
             Response* response = dynamic_cast<Response*>(body->getUnknownXMLObjects().front());
             if (response) {
-                
+
                 // Check InResponseTo.
                 if (m_correlate && response->getInResponseTo() && !XMLString::equals(m_correlate, response->getInResponseTo()))
-                    throw BindingException("InResponseTo attribute did not correlate with the Request ID.");
+                    throw SecurityPolicyException("InResponseTo attribute did not correlate with the Request ID.");
+                
+                m_soaper.getPolicy().evaluate(*response);
+                
+                if (!m_soaper.getPolicy().isSecure()) {
+                    SecurityPolicyException ex("Security policy could not authenticate the message.");
+                    if (m_soaper.getPolicy().getIssuerMetadata())
+                        annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
+                    else
+                        ex.raise();
+                }
                 
                 // Check Status.
                 Status* status = response->getStatus();
                 if (status) {
                     const QName* code = status->getStatusCode() ? status->getStatusCode()->getValue() : NULL;
-                    if (code && *code != StatusCode::SUCCESS && handleError(*status))
-                        throw BindingException("SAML Response contained an error.");
+                    if (code && *code != StatusCode::SUCCESS && handleError(*status)) {
+                        BindingException ex("SAML Response contained an error.");
+                        if (m_soaper.getPolicy().getIssuerMetadata())
+                            annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
+                        else
+                            ex.raise();
+                    }
                 }
                 
-                m_soaper.getPolicy().evaluate(*response);
                 env.release();
                 body->detach(); // frees Envelope
                 response->detach();   // frees Body
@@ -77,7 +91,11 @@ Response* SAML1SOAPClient::receiveSAML()
             }
         }
         
-        throw BindingException("SOAP Envelope did not contain a SAML Response or a Fault.");
+        BindingException ex("SOAP Envelope did not contain a SAML Response or a Fault.");
+        if (m_soaper.getPolicy().getIssuerMetadata())
+            annotateException(&ex, m_soaper.getPolicy().getIssuerMetadata());   // throws it
+        else
+            ex.raise();
     }
     return NULL;
 }
@@ -91,5 +109,5 @@ bool SAML1SOAPClient::handleError(const Status& status)
         (code ? code->toString().c_str() : "no code"),
         (str.get() ? str.get() : "no message")
         );
-    return true;
+    return m_fatal;
 }