X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fopensaml2.git;a=blobdiff_plain;f=saml%2Fsaml2%2Fbinding%2Fimpl%2FSAML2SOAPEncoder.cpp;h=64acb647470a9f8bdb77efcf19339ddf2879afa6;hp=7b56dee74875c9b57c1a603f6b937a321c27bf19;hb=5614d09808af42eb625cc8f5605dd5ebaefe9457;hpb=7d83446b7f7784cc3729e825e5467cc3cc52d159 diff --git a/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp b/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp index 7b56dee..64acb64 100644 --- a/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp +++ b/saml/saml2/binding/impl/SAML2SOAPEncoder.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2006 Internet2 + * Copyright 2001-2007 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,48 +22,73 @@ #include "internal.h" #include "exceptions.h" -#include "binding/HTTPResponse.h" -#include "saml2/binding/SAML2SOAPEncoder.h" +#include "binding/MessageEncoder.h" +#include "signature/ContentReference.h" #include "saml2/core/Protocols.h" #include -#include +#include +#include #include #include using namespace opensaml::saml2p; +using namespace opensaml::saml2md; using namespace opensaml; using namespace xmlsignature; using namespace soap11; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { namespace saml2p { - MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const DOMElement* const & e) + class SAML_DLLLOCAL SAML2SOAPEncoder : public MessageEncoder { - return new SAML2SOAPEncoder(e); + public: + SAML2SOAPEncoder() {} + virtual ~SAML2SOAPEncoder() {} + + bool isUserAgentPresent() const { + return false; + } + + long encode( + GenericResponse& genericResponse, + XMLObject* xmlObject, + const char* destination, + const EntityDescriptor* recipient=NULL, + const char* relayState=NULL, + const ArtifactGenerator* artifactGenerator=NULL, + const Credential* credential=NULL, + const XMLCh* signatureAlg=NULL, + const XMLCh* digestAlg=NULL + ) const; + }; + + MessageEncoder* SAML_DLLLOCAL SAML2SOAPEncoderFactory(const pair& p) + { + return new SAML2SOAPEncoder(); } }; }; -SAML2SOAPEncoder::SAML2SOAPEncoder(const DOMElement* e) {} - long SAML2SOAPEncoder::encode( GenericResponse& genericResponse, XMLObject* xmlObject, const char* destination, - const char* recipientID, + const EntityDescriptor* recipient, const char* relayState, - const CredentialResolver* credResolver, - const XMLCh* sigAlgorithm + const ArtifactGenerator* artifactGenerator, + const Credential* credential, + const XMLCh* signatureAlg, + const XMLCh* digestAlg ) const { #ifdef _DEBUG xmltooling::NDC ndc("encode"); #endif - Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML1SOAP"); + Category& log = Category::getInstance(SAML_LOGCAT".MessageEncoder.SAML2SOAP"); log.debug("validating input"); if (xmlObject->getParent()) @@ -72,56 +97,81 @@ long SAML2SOAPEncoder::encode( genericResponse.setContentType("text/xml"); HTTPResponse* httpResponse = dynamic_cast(&genericResponse); if (httpResponse) { - httpResponse->setHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); - httpResponse->setHeader("Pragma", "no-cache"); + httpResponse->setResponseHeader("Cache-Control", "no-cache, no-store, must-revalidate, private"); + httpResponse->setResponseHeader("Pragma", "no-cache"); } + bool detachOnFailure = false; DOMElement* rootElement = NULL; - StatusResponseType* response = dynamic_cast(xmlObject); - if (response) { + + // Check for a naked message. + SignableObject* msg = dynamic_cast(xmlObject); + if (msg) { + // Wrap it in a SOAP envelope and point xmlObject at that. + detachOnFailure = true; + Envelope* env = EnvelopeBuilder::buildEnvelope(); + Body* body = BodyBuilder::buildBody(); + env->setBody(body); + body->getUnknownXMLObjects().push_back(msg); + xmlObject = env; + } + + Envelope* env = dynamic_cast(xmlObject); + if (env) { + if (!msg) { + msg = (env->getBody() && env->getBody()->hasChildren()) ? + dynamic_cast(env->getBody()->getUnknownXMLObjects().front()) : NULL; + } try { - Envelope* env = EnvelopeBuilder::buildEnvelope(); - Body* body = BodyBuilder::buildBody(); - env->setBody(body); - body->getXMLObjects().push_back(response); - if (credResolver ) { - if (response->getSignature()) { - log.debug("response already signed, skipping signature operation"); + if (msg && credential) { + if (msg->getSignature()) { + log.debug("message already signed, skipping signature operation"); rootElement = env->marshall(); } else { - log.debug("signing and marshalling the response"); + log.debug("signing the message and marshalling the envelope"); // Build a Signature. - Signature* sig = buildSignature(credResolver, sigAlgorithm); - response->setSignature(sig); + Signature* sig = SignatureBuilder::buildSignature(); + msg->setSignature(sig); + if (signatureAlg) + sig->setSignatureAlgorithm(signatureAlg); + if (digestAlg) { + opensaml::ContentReference* cr = dynamic_cast(sig->getContentReference()); + if (cr) + cr->setDigestAlgorithm(digestAlg); + } - // Sign response while marshalling. + // Sign message while marshalling. vector sigs(1,sig); - rootElement = env->marshall((DOMDocument*)NULL,&sigs); + rootElement = env->marshall((DOMDocument*)NULL,&sigs,credential); } } else { - log.debug("marshalling the response"); + log.debug("marshalling the envelope"); rootElement = env->marshall(); } - + string xmlbuf; XMLHelper::serialize(rootElement, xmlbuf); istringstream s(xmlbuf); - log.debug("sending serialized response"); - long ret = genericResponse.sendResponse(s); + log.debug("sending serialized envelope"); + bool error = (!msg && env->getBody() && env->getBody()->hasChildren() && + dynamic_cast(env->getBody()->getUnknownXMLObjects().front())); + long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); // Cleanup by destroying XML. delete env; return ret; } catch (XMLToolingException&) { - // A bit weird...we have to "revert" things so that the response is isolated - // so the caller can free it. - if (response->getParent()) { - response->getParent()->detach(); - response->detach(); + if (msg && detachOnFailure) { + // A bit weird...we have to "revert" things so that the message is isolated + // so the caller can free it. + if (msg->getParent()) { + msg->getParent()->detach(); + msg->detach(); + } } throw; } @@ -130,11 +180,11 @@ long SAML2SOAPEncoder::encode( Fault* fault = dynamic_cast(xmlObject); if (fault) { try { - log.debug("building Envelope and marshalling Fault"); + log.debug("building envelope and marshalling fault"); Envelope* env = EnvelopeBuilder::buildEnvelope(); Body* body = BodyBuilder::buildBody(); env->setBody(body); - body->getXMLObjects().push_back(fault); + body->getUnknownXMLObjects().push_back(fault); rootElement = env->marshall(); string xmlbuf; @@ -158,26 +208,5 @@ long SAML2SOAPEncoder::encode( } } - Envelope* env = dynamic_cast(xmlObject); - if (env) { - log.debug("marshalling envelope"); - rootElement = env->marshall(); - - bool error = - (env->getBody() && - env->getBody()->hasChildren() && - dynamic_cast(env->getBody()->getXMLObjects().front())); - - string xmlbuf; - XMLHelper::serialize(rootElement, xmlbuf); - istringstream s(xmlbuf); - log.debug("sending serialized envelope"); - long ret = error ? genericResponse.sendError(s) : genericResponse.sendResponse(s); - - // Cleanup by destroying XML. - delete env; - return ret; - } - - throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 response or SOAP Fault/Envelope."); + throw BindingException("XML content for SAML 2.0 SOAP Encoder must be a SAML 2.0 message or SOAP Fault/Envelope."); }