Imported Upstream version 2.4+dfsg

[shibboleth/sp.git] / shibsp / attribute / resolver / impl / KeyDescriptorAttributeExtractor.cpp

diff --git a/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp b/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp
index d730b35..3cdac01 100644 (file)
--- a/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp
+++ b/shibsp/attribute/resolver/impl/KeyDescriptorAttributeExtractor.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2009 Internet2
+ *  Copyright 2009-2010 Internet2
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,6 +21,7 @@
  */
 
 #include "internal.h"
+#include "exceptions.h"
 #include "Application.h"
 #include "attribute/AttributeDecoder.h"
 #include "attribute/SimpleAttribute.h"
@@ -28,6 +29,8 @@
 
 #include <saml/saml2/metadata/Metadata.h>
 #include <saml/saml2/metadata/MetadataCredentialCriteria.h>
+#include <saml/saml2/metadata/MetadataProvider.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/SecurityHelper.h>
 #include <xmltooling/util/XMLHelper.h>
 #include <xercesc/util/XMLUniDefs.hpp>
@@ -72,6 +75,7 @@ namespace shibsp {
         }
 
     private:
+        string m_hashAlg;
         vector<string> m_hashId;
         vector<string> m_signingId;
         vector<string> m_encryptionId;
@@ -88,27 +92,22 @@ namespace shibsp {
 
     static const XMLCh encryptionId[] = UNICODE_LITERAL_12(e,n,c,r,y,p,t,i,o,n,I,d);
     static const XMLCh hashId[] =       UNICODE_LITERAL_6(h,a,s,h,I,d);
+    static const XMLCh hashAlg[] =      UNICODE_LITERAL_7(h,a,s,h,A,l,g);
     static const XMLCh signingId[] =    UNICODE_LITERAL_9(s,i,g,n,i,n,g,I,d);
 };
 
-KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e)
+KeyDescriptorExtractor::KeyDescriptorExtractor(const DOMElement* e) : m_hashAlg(XMLHelper::getAttrString(e, "SHA1", hashAlg))
 {
     if (e) {
-        const XMLCh* a = e->getAttributeNS(NULL, hashId);
-        if (a && *a) {
-            auto_ptr_char temp(a);
-            m_hashId.push_back(temp.get());
-        }
-        a = e->getAttributeNS(NULL, signingId);
-        if (a && *a) {
-            auto_ptr_char temp(a);
-            m_signingId.push_back(temp.get());
-        }
-        a = e->getAttributeNS(NULL, encryptionId);
-        if (a && *a) {
-            auto_ptr_char temp(a);
-            m_encryptionId.push_back(temp.get());
-        }
+        string a(XMLHelper::getAttrString(e, nullptr, hashId));
+        if (!a.empty())
+            m_hashId.push_back(a);
+        a = XMLHelper::getAttrString(e, nullptr, signingId);
+        if (!a.empty())
+            m_signingId.push_back(a);
+        a = XMLHelper::getAttrString(e, nullptr, encryptionId);
+        if (!a.empty())
+            m_encryptionId.push_back(a);
     }
     if (m_hashId.empty() && m_signingId.empty() && m_encryptionId.empty())
         throw ConfigurationException("KeyDescriptor AttributeExtractor requires hashId, signingId, or encryptionId property.");
@@ -134,7 +133,7 @@ void KeyDescriptorExtractor::extractAttributes(
                 for (vector<const Credential*>::const_iterator c = creds.begin(); c != creds.end(); ++c) {
                     if (vals.empty() || !vals.back().empty())
                         vals.push_back(string());
-                    vals.back() = SecurityHelper::getDEREncoding(*(*c), true);
+                    vals.back() = SecurityHelper::getDEREncoding(*(*c), m_hashAlg.c_str());
                 }
                 if (vals.back().empty())
                     vals.pop_back();