From f3cb21f7cce6f7cd489657223b1ae29c84acf5e8 Mon Sep 17 00:00:00 2001
From: cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Date: Wed, 28 Nov 2007 00:52:21 +0000
Subject: [PATCH] Propagate specific errors out when no assertion is processed.

git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@2646 cb58f699-b61c-0410-a6fe-9272a202ed29
---
 shibsp/handler/impl/SAML1Consumer.cpp | 20 +++++------
 shibsp/handler/impl/SAML2Consumer.cpp | 64 +++++++++++------------------------
 2 files changed, 28 insertions(+), 56 deletions(-)

diff --git a/shibsp/handler/impl/SAML1Consumer.cpp b/shibsp/handler/impl/SAML1Consumer.cpp
index 367b687..4bcc88c 100644
--- a/shibsp/handler/impl/SAML1Consumer.cpp
+++ b/shibsp/handler/impl/SAML1Consumer.cpp
@@ -162,14 +162,11 @@ void SAML1Consumer::implementProtocol(
     string contextualError;
 
     for (vector<saml1::Assertion*>::const_iterator a = assertions.begin(); a!=assertions.end(); ++a) {
-        // Skip unsigned assertion?
-        if (!(*a)->getSignature() && flag.first && flag.second) {
-            m_log.warn("found unsigned assertion in SAML response, ignoring it per signedAssertions policy");
-            badtokens.push_back(*a);
-            continue;
-        }
-
         try {
+            // Skip unsigned assertion?
+            if (!(*a)->getSignature() && flag.first && flag.second)
+                throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy.");
+
             // We clear the security flag, so we can tell whether the token was secured on its own.
             policy.setAuthenticated(false);
             policy.reset(true);
@@ -184,11 +181,8 @@ void SAML1Consumer::implementProtocol(
             policy.evaluate(*(*a));
             
             // If no security is in place now, we kick it.
-            if (!alreadySecured && !policy.isAuthenticated()) {
-                m_log.warn("unable to establish security of assertion");
-                badtokens.push_back(*a);
-                continue;
-            }
+            if (!alreadySecured && !policy.isAuthenticated())
+                throw SecurityPolicyException("Unable to establish security of incoming assertion.");
 
             // Now do profile and core semantic validation to ensure we can use it for SSO.
             ssoValidator.validateAssertion(*(*a));
@@ -210,6 +204,8 @@ void SAML1Consumer::implementProtocol(
         }
         catch (exception& ex) {
             m_log.warn("detected a problem with assertion: %s", ex.what());
+            if (!ssoStatement)
+                contextualError = ex.what();
             badtokens.push_back(*a);
         }
     }
diff --git a/shibsp/handler/impl/SAML2Consumer.cpp b/shibsp/handler/impl/SAML2Consumer.cpp
index e171ad4..302fe0d 100644
--- a/shibsp/handler/impl/SAML2Consumer.cpp
+++ b/shibsp/handler/impl/SAML2Consumer.cpp
@@ -148,14 +148,11 @@ void SAML2Consumer::implementProtocol(
     string contextualError;
 
     for (vector<saml2::Assertion*>::const_iterator a = assertions.begin(); a!=assertions.end(); ++a) {
-        // Skip unsigned assertion?
-        if (!(*a)->getSignature() && flag.first && flag.second) {
-            m_log.warn("found unsigned assertion in SAML response, ignoring it per signedAssertions policy");
-            badtokens.push_back(*a);
-            continue;
-        }
-
         try {
+            // Skip unsigned assertion?
+            if (!(*a)->getSignature() && flag.first && flag.second)
+                throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy.");
+
             // We clear the security flag, so we can tell whether the token was secured on its own.
             policy.setAuthenticated(false);
             policy.reset(true);
@@ -168,26 +165,15 @@ void SAML2Consumer::implementProtocol(
             policy.evaluate(*(*a));
             
             // If no security is in place now, we kick it.
-            if (!alreadySecured && !policy.isAuthenticated()) {
-                m_log.warn("unable to establish security of assertion");
-                badtokens.push_back(*a);
-                continue;
-            }
+            if (!alreadySecured && !policy.isAuthenticated())
+                throw SecurityPolicyException("Unable to establish security of incoming assertion.");
 
             // Now do profile and core semantic validation to ensure we can use it for SSO.
             ssoValidator.validateAssertion(*(*a));
 
             // Address checking.
-            try {
-                if (ssoValidator.getAddress())
-                    checkAddress(application, httpRequest, ssoValidator.getAddress());
-            }
-            catch (exception& ex) {
-                // We save off the message if there's no SSO statement yet.
-                if (!ssoStatement)
-                    contextualError = ex.what();
-                throw;
-            }
+            if (ssoValidator.getAddress())
+                checkAddress(application, httpRequest, ssoValidator.getAddress());
 
             // Track it as a valid token.
             tokens.push_back(*a);
@@ -207,6 +193,8 @@ void SAML2Consumer::implementProtocol(
         }
         catch (exception& ex) {
             m_log.warn("detected a problem with assertion: %s", ex.what());
+            if (!ssoStatement)
+                contextualError = ex.what();
             badtokens.push_back(*a);
         }
     }
@@ -237,14 +225,11 @@ void SAML2Consumer::implementProtocol(
         if (!decrypted)
             continue;
 
-        // Skip unsigned assertion?
-        if (!decrypted->getSignature() && flag.first && flag.second) {
-            m_log.warn("found unsigned assertion in SAML response, ignoring it per signedAssertions policy");
-            badtokens.push_back(decrypted);
-            continue;
-        }
-
         try {
+            // Skip unsigned assertion?
+            if (!decrypted->getSignature() && flag.first && flag.second)
+                throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy.");
+
             // We clear the security flag, so we can tell whether the token was secured on its own.
             policy.setAuthenticated(false);
             policy.reset(true);
@@ -260,26 +245,15 @@ void SAML2Consumer::implementProtocol(
             policy.evaluate(*decrypted);
             
             // If no security is in place now, we kick it.
-            if (!alreadySecured && !policy.isAuthenticated()) {
-                m_log.warn("unable to establish security of assertion");
-                badtokens.push_back(decrypted);
-                continue;
-            }
+            if (!alreadySecured && !policy.isAuthenticated())
+                throw SecurityPolicyException("Unable to establish security of incoming assertion.");
 
             // Now do profile and core semantic validation to ensure we can use it for SSO.
             ssoValidator.validateAssertion(*decrypted);
 
             // Address checking.
-            try {
-                if (ssoValidator.getAddress())
-                    checkAddress(application, httpRequest, ssoValidator.getAddress());
-            }
-            catch (exception& ex) {
-                // We save off the message if there's no SSO statement yet.
-                if (!ssoStatement)
-                    contextualError = ex.what();
-                throw;
-            }
+            if (ssoValidator.getAddress())
+                checkAddress(application, httpRequest, ssoValidator.getAddress());
 
             // Track it as a valid token.
             tokens.push_back(decrypted);
@@ -299,6 +273,8 @@ void SAML2Consumer::implementProtocol(
         }
         catch (exception& ex) {
             m_log.warn("detected a problem with assertion: %s", ex.what());
+            if (!ssoStatement)
+                contextualError = ex.what();
             badtokens.push_back(decrypted);
         }
     }
-- 
2.1.4