cleanup, add checks to arguments and responses, add log statements
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / serviceprovider / ShibBinding.java
index 176dcff..f95ca89 100644 (file)
@@ -1,4 +1,20 @@
 /*
+ * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
  * ShibBinding.java
  * 
  * Corresponds to ShibBinding.cpp
  * that identify the target of the request from the Metadata, and
  * the caller passes an implementation of Trust so that signatures
  * can be validated.
- * 
- * --------------------
- * Copyright 2002, 2004 
- * University Corporation for Advanced Internet Development, Inc. 
- * All rights reserved
- * [Thats all we have to say to protect ourselves]
- * Your permission to use this code is governed by "The Shibboleth License".
- * A copy may be found at http://shibboleth.internet2.edu/license.html
- * [Nothing in copyright law requires license text in every file.]
  */
 package edu.internet2.middleware.shibboleth.serviceprovider;
 
@@ -30,11 +37,13 @@ import org.opensaml.SAMLAssertion;
 import org.opensaml.SAMLAuthorityBinding;
 import org.opensaml.SAMLBinding;
 import org.opensaml.SAMLBindingFactory;
+import org.opensaml.SAMLCondition;
 import org.opensaml.SAMLException;
 import org.opensaml.SAMLRequest;
 import org.opensaml.SAMLResponse;
+import org.opensaml.SAMLSOAPHTTPBinding;
 import org.opensaml.TrustException;
-
+import edu.internet2.middleware.shibboleth.common.Trust;
 import edu.internet2.middleware.shibboleth.metadata.AttributeAuthorityDescriptor;
 import edu.internet2.middleware.shibboleth.metadata.Endpoint;
 import edu.internet2.middleware.shibboleth.serviceprovider.ServiceProviderConfig.ApplicationInfo;
@@ -75,7 +84,7 @@ public class ShibBinding {
         */
        public 
        ShibBinding(
-                       String applicationId) throws NoSuchProviderException {
+                       String applicationId)  {
                this.applicationId=applicationId;
        }
 
@@ -100,7 +109,8 @@ public class ShibBinding {
                        SAMLRequest req,
                        AttributeAuthorityDescriptor role,
                        String[] audiences,
-                       SAMLAuthorityBinding[] bindings) 
+                       SAMLAuthorityBinding[] bindings,
+            Trust trust) 
        throws SAMLException {
                
                // For the duration of the request, get local references to
@@ -147,6 +157,10 @@ public class ShibBinding {
                     prevBinding = endpoint.getBinding();
                     sbinding = SAMLBindingFactory.getInstance(endpoint.getBinding());
                 }
+                if (sbinding instanceof SAMLSOAPHTTPBinding) {
+                    SAMLSOAPHTTPBinding httpbind = (SAMLSOAPHTTPBinding)sbinding;
+                    httpbind.addHook(new ShibHttpHook(role,trust));
+                }
                 resp=sbinding.send(endpoint.getLocation(),req);
                 validateResponseSignatures(role, appinfo, resp);
                 return resp;
@@ -184,7 +198,11 @@ public class ShibBinding {
                while (assertions.hasNext()) {
                        SAMLAssertion assertion = (SAMLAssertion) assertions.next();
                        
-                       // TODO Dropped some logic validating conditions
+                       Iterator conditions = assertion.getConditions();
+                       while (conditions.hasNext()) {
+                               SAMLCondition condition = (SAMLCondition) conditions.next();
+                               // TODO C++ only seems to validate that the audience string is present
+                       }
                        
                        if (assertion.isSigned() && 
                                !appinfo.validate(assertion,role)) {