/*
- * Copyright 2001-2009 Internet2
+ * Copyright 2001-2010 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
using namespace std;
SOAPClient::SOAPClient(SecurityPolicy& policy)
- : opensaml::SOAPClient(policy), m_app(policy.getApplication()), m_relyingParty(NULL), m_credResolver(NULL)
+ : opensaml::SOAPClient(policy), m_app(policy.getApplication()), m_relyingParty(nullptr), m_credResolver(nullptr)
{
}
m_credResolver=m_app.getCredentialResolver();
if (m_credResolver) {
m_credResolver->lock();
+ const Credential* cred = nullptr;
+
// Fill in criteria to use.
to.setUsage(Credential::SIGNING_CREDENTIAL);
pair<bool,const char*> keyName = m_relyingParty->getString("keyName");
if (keyName.first)
to.getKeyNames().insert(keyName.second);
+
+ // Check for an explicit algorithm, in which case resolve a credential directly.
pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signingAlg");
- if (sigalg.first)
+ if (sigalg.first) {
to.setXMLAlgorithm(sigalg.second);
- const Credential* cred = m_credResolver->resolve(&to);
+ cred = m_credResolver->resolve(&to);
+ }
+ else {
+ // Prefer credential based on peer's requirements.
+ pair<const SigningMethod*,const Credential*> p = to.getRole().getSigningMethod(*m_credResolver, to);
+ if (p.first)
+ sigalg = make_pair(true, p.first->getAlgorithm());
+ if (p.second)
+ cred = p.second;
+ }
+
// Reset criteria back.
- to.setKeyAlgorithm(NULL);
- to.setKeySize(0);
- to.getKeyNames().clear();
+ to.reset();
if (cred) {
// Check for message.
if (sigalg.first)
sig->setSignatureAlgorithm(sigalg.second);
sigalg = m_relyingParty->getXMLString("digestAlg");
+ if (!sigalg.first) {
+ const DigestMethod* dm = to.getRole().getDigestMethod();
+ if (dm)
+ sigalg = make_pair(true, dm->getAlgorithm());
+ }
if (sigalg.first)
dynamic_cast<opensaml::ContentReference*>(sig->getContentReference())->setDigestAlgorithm(sigalg.second);
// Sign it. The marshalling step in the base class should be a no-op.
vector<Signature*> sigs(1,sig);
- env.marshall((DOMDocument*)NULL,&sigs,cred);
+ env.marshall((DOMDocument*)nullptr,&sigs,cred);
}
}
}
else {
- Category::getInstance(SHIBSP_LOGCAT".SOAPClient").error("no signing credential supplied, leaving unsigned.");
+ Category::getInstance(SHIBSP_LOGCAT".SOAPClient").warn("no signing credential resolved, leaving message unsigned");
}
}
else {
- Category::getInstance(SHIBSP_LOGCAT".SOAPClient").error("no CredentialResolver available, leaving unsigned.");
+ Category::getInstance(SHIBSP_LOGCAT".SOAPClient").warn("no CredentialResolver available, leaving unsigned");
}
}
if (http) {
flag = m_relyingParty->getBool("chunkedEncoding");
http->useChunkedEncoding(flag.first && flag.second);
- http->setRequestHeader("User-Agent", PACKAGE_NAME);
http->setRequestHeader(PACKAGE_NAME, PACKAGE_VERSION);
}
}
void SOAPClient::reset()
{
- m_relyingParty = NULL;
+ m_relyingParty = nullptr;
if (m_credResolver)
m_credResolver->unlock();
- m_credResolver = NULL;
+ m_credResolver = nullptr;
opensaml::SOAPClient::reset();
}