2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * TransformAttributeResolver.cpp
24 * Attribute Resolver plugin for transforming input values.
30 #include <boost/shared_ptr.hpp>
31 #include <boost/tuple/tuple.hpp>
32 #include <shibsp/exceptions.h>
33 #include <shibsp/SessionCache.h>
34 #include <shibsp/attribute/SimpleAttribute.h>
35 #include <shibsp/attribute/resolver/AttributeResolver.h>
36 #include <shibsp/attribute/resolver/ResolutionContext.h>
37 #include <xmltooling/XMLToolingConfig.h>
38 #include <xmltooling/util/XMLHelper.h>
39 #include <xercesc/util/XMLUniDefs.hpp>
40 #include <xercesc/util/regx/RegularExpression.hpp>
42 using namespace shibsp;
43 using namespace xmltooling;
44 using namespace xercesc;
45 using namespace boost;
50 class SHIBSP_DLLLOCAL TransformContext : public ResolutionContext
53 TransformContext(const vector<Attribute*>* attributes) : m_inputAttributes(attributes) {
57 for_each(m_attributes.begin(), m_attributes.end(), xmltooling::cleanup<Attribute>());
60 const vector<Attribute*>* getInputAttributes() const {
61 return m_inputAttributes;
63 vector<Attribute*>& getResolvedAttributes() {
66 vector<opensaml::Assertion*>& getResolvedAssertions() {
71 const vector<Attribute*>* m_inputAttributes;
72 vector<Attribute*> m_attributes;
73 static vector<opensaml::Assertion*> m_assertions; // empty dummy
77 class SHIBSP_DLLLOCAL TransformAttributeResolver : public AttributeResolver
80 TransformAttributeResolver(const DOMElement* e);
81 virtual ~TransformAttributeResolver() {}
89 ResolutionContext* createResolutionContext(
90 const Application& application,
91 const opensaml::saml2md::EntityDescriptor* issuer,
92 const XMLCh* protocol,
93 const opensaml::saml2::NameID* nameid=nullptr,
94 const XMLCh* authncontext_class=nullptr,
95 const XMLCh* authncontext_decl=nullptr,
96 const vector<const opensaml::Assertion*>* tokens=nullptr,
97 const vector<Attribute*>* attributes=nullptr
99 // Make sure new method gets run.
100 return createResolutionContext(application, nullptr, issuer, protocol, nameid, authncontext_class, authncontext_decl, tokens, attributes);
103 ResolutionContext* createResolutionContext(
104 const Application& application,
105 const GenericRequest* request,
106 const opensaml::saml2md::EntityDescriptor* issuer,
107 const XMLCh* protocol,
108 const opensaml::saml2::NameID* nameid=nullptr,
109 const XMLCh* authncontext_class=nullptr,
110 const XMLCh* authncontext_decl=nullptr,
111 const vector<const opensaml::Assertion*>* tokens=nullptr,
112 const vector<Attribute*>* attributes=nullptr
114 return new TransformContext(attributes);
117 ResolutionContext* createResolutionContext(const Application& application, const Session& session) const {
118 return new TransformContext(&session.getAttributes());
121 void resolveAttributes(ResolutionContext& ctx) const;
123 void getAttributeIds(vector<string>& attributes) const {
124 for (vector<regex_t>::const_iterator r = m_regex.begin(); r != m_regex.end(); ++r) {
125 if (!r->get<0>().empty())
126 attributes.push_back(r->get<0>());
133 // dest id, regex to apply, replacement string
134 typedef tuple<string,boost::shared_ptr<RegularExpression>,const XMLCh*> regex_t;
135 vector<regex_t> m_regex;
138 static const XMLCh dest[] = UNICODE_LITERAL_4(d,e,s,t);
139 static const XMLCh match[] = UNICODE_LITERAL_5(m,a,t,c,h);
140 static const XMLCh caseSensitive[] = UNICODE_LITERAL_13(c,a,s,e,S,e,n,s,i,t,i,v,e);
141 static const XMLCh source[] = UNICODE_LITERAL_6(s,o,u,r,c,e);
142 static const XMLCh Regex[] = UNICODE_LITERAL_5(R,e,g,e,x);
144 AttributeResolver* SHIBSP_DLLLOCAL TransformAttributeResolverFactory(const DOMElement* const & e)
146 return new TransformAttributeResolver(e);
151 vector<opensaml::Assertion*> TransformContext::m_assertions;
153 TransformAttributeResolver::TransformAttributeResolver(const DOMElement* e)
154 : m_log(Category::getInstance(SHIBSP_LOGCAT".AttributeResolver.Transform")),
155 m_source(XMLHelper::getAttrString(e, nullptr, source))
157 if (m_source.empty())
158 throw ConfigurationException("Transform AttributeResolver requires source attribute.");
160 e = XMLHelper::getFirstChildElement(e, Regex);
162 if (e->hasChildNodes() && e->hasAttributeNS(nullptr, match)) {
163 const XMLCh* repl(e->getTextContent());
164 string destId(XMLHelper::getAttrString(e, nullptr, dest));
165 bool caseflag(XMLHelper::getAttrBool(e, true, caseSensitive));
168 static XMLCh options[] = { chLatin_i, chNull };
169 boost::shared_ptr<RegularExpression> re(new RegularExpression(e->getAttributeNS(nullptr, match), (caseflag ? &chNull : options)));
170 m_regex.push_back(make_tuple(destId, re, repl));
172 catch (XMLException& ex) {
173 auto_ptr_char msg(ex.getMessage());
174 auto_ptr_char m(e->getAttributeNS(nullptr, match));
175 m_log.error("exception parsing regular expression (%s): %s", m.get(), msg.get());
179 e = XMLHelper::getNextSiblingElement(e, Regex);
183 throw ConfigurationException("Transform AttributeResolver requires at least one Regex element.");
187 void TransformAttributeResolver::resolveAttributes(ResolutionContext& ctx) const
189 TransformContext& tctx = dynamic_cast<TransformContext&>(ctx);
190 if (!tctx.getInputAttributes())
193 for (vector<Attribute*>::const_iterator a = tctx.getInputAttributes()->begin(); a != tctx.getInputAttributes()->end(); ++a) {
194 if (m_source != (*a)->getId() || (*a)->valueCount() == 0) {
198 // We run each transform expression against each value of the input. Each transform either generates
199 // a new attribute from its dest property, or overwrites a SimpleAttribute's values in place.
201 for (vector<regex_t>::const_iterator r = m_regex.begin(); r != m_regex.end(); ++r) {
202 SimpleAttribute* dest = nullptr;
203 auto_ptr<SimpleAttribute> destwrapper;
205 // First tuple element is the destination attribute ID, if any.
206 if (r->get<0>().empty()) {
207 // Can we transform in-place?
208 dest = dynamic_cast<SimpleAttribute*>(*a);
210 m_log.warn("can't transform non-simple attribute (%s) 'in place'", m_source.c_str());
215 // Create a destination attribute.
216 vector<string> ids(1, r->get<0>());
217 destwrapper.reset(new SimpleAttribute(ids));
221 m_log.debug("applying in-place transform to source attribute (%s)", m_source.c_str());
223 m_log.debug("applying transform from source attribute (%s) to dest attribute (%s)", m_source.c_str(), r->get<0>().c_str());
225 for (size_t i = 0; i < (*a)->valueCount(); ++i) {
227 auto_arrayptr<XMLCh> srcval(fromUTF8((*a)->getSerializedValues()[i].c_str()));
228 XMLCh* destval = r->get<1>()->replace(srcval.get(), r->get<2>());
230 auto_arrayptr<char> narrow(toUTF8(destval));
231 XMLString::release(&destval);
234 dest->getValues()[i] = narrow.get();
237 // Add to new object.
238 destwrapper->getValues().push_back(narrow.get());
242 catch (XMLException& ex) {
243 auto_ptr_char msg(ex.getMessage());
244 m_log.error("caught error applying regular expression: %s", msg.get());
248 // Save off new object.
249 if (destwrapper.get()) {
250 ctx.getResolvedAttributes().push_back(destwrapper.get());
251 destwrapper.release();