2 * Copyright 2009-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * KeyInfoAttributeDecoder.cpp
20 * Decodes KeyInfo information into a SimpleAttribute.
24 #include "attribute/AttributeDecoder.h"
25 #include "attribute/SimpleAttribute.h"
27 #include <saml/saml1/core/Assertions.h>
28 #include <saml/saml2/core/Assertions.h>
29 #include <xmltooling/XMLToolingConfig.h>
30 #include <xmltooling/security/Credential.h>
31 #include <xmltooling/security/KeyInfoResolver.h>
32 #include <xmltooling/security/SecurityHelper.h>
33 #include <xmltooling/signature/KeyInfo.h>
35 using namespace shibsp;
36 using namespace opensaml;
37 using namespace xmlsignature;
38 using namespace xmltooling;
42 class SHIBSP_DLLLOCAL KeyInfoAttributeDecoder : virtual public AttributeDecoder
45 KeyInfoAttributeDecoder(const DOMElement* e);
46 ~KeyInfoAttributeDecoder() {
47 delete m_keyInfoResolver;
51 const vector<string>& ids, const XMLObject* xmlObject, const char* assertingParty=nullptr, const char* relyingParty=nullptr
55 void extract(const KeyInfo* k, vector<string>& dest) const {
56 auto_ptr<Credential> cred (getKeyInfoResolver()->resolve(k, Credential::RESOLVE_KEYS));
58 dest.push_back(string());
59 dest.back() = SecurityHelper::getDEREncoding(*cred.get(), m_hash ? m_keyInfoHashAlg.c_str() : nullptr);
60 if (dest.back().empty())
65 const KeyInfoResolver* getKeyInfoResolver() const {
66 return m_keyInfoResolver ? m_keyInfoResolver : XMLToolingConfig::getConfig().getKeyInfoResolver();
70 string m_keyInfoHashAlg;
71 KeyInfoResolver* m_keyInfoResolver;
74 AttributeDecoder* SHIBSP_DLLLOCAL KeyInfoAttributeDecoderFactory(const DOMElement* const & e)
76 return new KeyInfoAttributeDecoder(e);
79 static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o,l,v,e,r);
80 static const XMLCh _hash[] = UNICODE_LITERAL_4(h,a,s,h);
81 static const XMLCh keyInfoHashAlg[] = UNICODE_LITERAL_14(k,e,y,I,n,f,o,H,a,s,h,A,l,g);
82 static const XMLCh _type[] = UNICODE_LITERAL_4(t,y,p,e);
85 KeyInfoAttributeDecoder::KeyInfoAttributeDecoder(const DOMElement* e)
86 : AttributeDecoder(e),
87 m_hash(XMLHelper::getAttrBool(e, false, _hash)),
88 m_keyInfoHashAlg(XMLHelper::getAttrString(e, "SHA1", keyInfoHashAlg)),
89 m_keyInfoResolver(nullptr) {
90 e = XMLHelper::getFirstChildElement(e,_KeyInfoResolver);
92 string t(XMLHelper::getAttrString(e, nullptr, _type));
94 throw UnknownExtensionException("<KeyInfoResolver> element found with no type attribute");
95 m_keyInfoResolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e);
99 Attribute* KeyInfoAttributeDecoder::decode(
100 const vector<string>& ids, const XMLObject* xmlObject, const char* assertingParty, const char* relyingParty
103 Category& log = Category::getInstance(SHIBSP_LOGCAT".AttributeDecoder.KeyInfo");
105 if (!xmlObject || !XMLString::equals(saml1::Attribute::LOCAL_NAME, xmlObject->getElementQName().getLocalPart())) {
106 log.warn("XMLObject type not recognized by KeyInfoAttributeDecoder, no values returned");
110 auto_ptr<SimpleAttribute> attr(new SimpleAttribute(ids));
111 vector<string>& dest = attr->getValues();
112 vector<XMLObject*>::const_iterator v,stop;
114 const saml2::Attribute* saml2attr = dynamic_cast<const saml2::Attribute*>(xmlObject);
116 const vector<XMLObject*>& values = saml2attr->getAttributeValues();
119 if (log.isDebugEnabled()) {
120 auto_ptr_char n(saml2attr->getName());
122 "decoding KeyInfo information (%s) from SAML 2 Attribute (%s) with %lu value(s)",
123 ids.front().c_str(), n.get() ? n.get() : "unnamed", values.size()
128 const saml1::Attribute* saml1attr = dynamic_cast<const saml1::Attribute*>(xmlObject);
130 const vector<XMLObject*>& values = saml1attr->getAttributeValues();
133 if (log.isDebugEnabled()) {
134 auto_ptr_char n(saml1attr->getAttributeName());
136 "decoding KeyInfo information (%s) from SAML 1 Attribute (%s) with %lu value(s)",
137 ids.front().c_str(), n.get() ? n.get() : "unnamed", values.size()
142 log.warn("XMLObject type not recognized by KeyInfoAttributeDecoder, no values returned");
147 for (; v!=stop; ++v) {
148 const KeyInfo* k = dynamic_cast<const KeyInfo*>(*v);
151 else if ((*v)->hasChildren()) {
152 const list<XMLObject*>& children = (*v)->getOrderedChildren();
153 for (list<XMLObject*>::const_iterator vv = children.begin(); vv!=children.end(); ++vv) {
154 if (k=dynamic_cast<const KeyInfo*>(*vv))
157 log.warn("skipping AttributeValue without a recognizable KeyInfo");
162 return dest.empty() ? nullptr : _decode(attr.release());