#include "internal.h"
+#include <algorithm>
#include <sys/types.h>
#include <sys/stat.h>
#include <xsec/framework/XSECException.hpp>
#include <xsec/framework/XSECProvider.hpp>
+#include <shibsp/SPConstants.h>
+
using namespace shibboleth;
using namespace saml;
using namespace log4cpp;
vector<const XMLCh*> m_formats;
};
- class ScopedRole : public virtual IScopedRoleDescriptor
- {
- public:
- ScopedRole(const DOMElement* e);
- saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const {return m_scopes;}
-
- private:
- vector<pair<const XMLCh*,bool> > m_scopes;
- };
-
- class IDPRole : public SSORole, public ScopedRole, public virtual IIDPSSODescriptor
+ class IDPRole : public SSORole, public virtual IIDPSSODescriptor
{
public:
IDPRole(const EntityDescriptor* provider, time_t validUntil, const DOMElement* e);
friend class EntityDescriptor;
};
- class AARole : public Role, public ScopedRole, public virtual IAttributeAuthorityDescriptor
+ class AARole : public Role, public virtual IAttributeAuthorityDescriptor
{
public:
AARole(const EntityDescriptor* provider, time_t validUntil, const DOMElement* e);
Iterator<pair<const XMLCh*,const XMLCh*> > getAdditionalMetadataLocations() const {return m_locs;}
const IEntitiesDescriptor* getEntitiesDescriptor() const {return m_parent;}
Iterator<const IKeyAuthority*> getKeyAuthorities() const {return m_keyauths;}
+ saml::Iterator<std::pair<const XMLCh*,bool> > getScopes() const {return m_scopes;}
const DOMElement* getElement() const {return m_root;}
// Used internally
vector<const IRoleDescriptor*> m_roles;
vector<pair<const XMLCh*,const XMLCh*> > m_locs;
vector<const IKeyAuthority*> m_keyauths;
+ vector<pair<const XMLCh*,bool> > m_scopes;
time_t m_validUntil;
};
// Old metadata or new?
if (saml::XML::isElementNamed(e,::XML::SHIB_NS,SHIB_L(Contact))) {
type=e->getAttributeNS(NULL,SHIB_L(Type));
- m_surName=auto_ptr<char>(toUTF8(e->getAttributeNS(NULL,SHIB_L(Name))));
+ auto_ptr<char> wrapper(toUTF8(e->getAttributeNS(NULL,SHIB_L(Name))));
+ m_surName=wrapper;
if (e->hasAttributeNS(NULL,SHIB_L(Email))) {
auto_ptr<char> temp(toUTF8(e->getAttributeNS(NULL,SHIB_L(Email))));
if (temp.get())
}
else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(ContactPerson))) {
type=e->getAttributeNS(NULL,SHIB_L(contactType));
- DOMNode* n=NULL;
e=saml::XML::getFirstChildElement(e);
while (e) {
- if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(Company))) {
- n=e->getFirstChild();
- if (n) m_company=auto_ptr<char>(toUTF8(n->getNodeValue()));
+ if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(Company)) && e->hasChildNodes()) {
+ auto_ptr<char> wrapper(toUTF8(e->getFirstChild()->getNodeValue()));
+ m_company=wrapper;
}
- else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(GivenName))) {
- n=e->getFirstChild();
- if (n) m_givenName=auto_ptr<char>(toUTF8(n->getNodeValue()));
+ else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(GivenName)) && e->hasChildNodes()) {
+ auto_ptr<char> wrapper(toUTF8(e->getFirstChild()->getNodeValue()));
+ m_givenName=wrapper;
}
- else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(SurName))) {
- n=e->getFirstChild();
- if (n) m_surName=auto_ptr<char>(toUTF8(n->getNodeValue()));
+ else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(SurName)) && e->hasChildNodes()) {
+ auto_ptr<char> wrapper(toUTF8(e->getFirstChild()->getNodeValue()));
+ m_surName=wrapper;
}
- else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(EmailAddress))) {
- n=e->getFirstChild();
- if (n) {
- auto_ptr<char> temp(toUTF8(n->getNodeValue()));
- if (temp.get()) m_emails.push_back(temp.get());
- }
+ else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(EmailAddress)) && e->hasChildNodes()) {
+ auto_ptr<char> temp(toUTF8(e->getFirstChild()->getNodeValue()));
+ if (temp.get()) m_emails.push_back(temp.get());
}
- else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(TelephoneNumber))) {
- n=e->getFirstChild();
- if (n) {
- auto_ptr<char> temp(toUTF8(n->getNodeValue()));
- if (temp.get()) m_phones.push_back(temp.get());
- }
+ else if (saml::XML::isElementNamed(e,::XML::SAML2META_NS,SHIB_L(TelephoneNumber)) && e->hasChildNodes()) {
+ auto_ptr<char> temp(toUTF8(e->getFirstChild()->getNodeValue()));
+ if (temp.get()) m_phones.push_back(temp.get());
}
e=saml::XML::getNextSiblingElement(e);
}
XMLMetadataImpl::KeyDescriptor::~KeyDescriptor()
{
- for (vector<const XENCEncryptionMethod*>::iterator i=m_methods.begin(); i!=m_methods.end(); i++)
- delete const_cast<XENCEncryptionMethod*>(*i);
+ for_each(m_methods.begin(),m_methods.end(),xmltooling::cleanup<XENCEncryptionMethod>());
delete m_klist;
}
XMLMetadataImpl::KeyAuthority::~KeyAuthority()
{
- for (vector<DSIGKeyInfoList*>::iterator i=m_klists.begin(); i!=m_klists.end(); i++)
- delete (*i);
+ for_each(m_klists.begin(),m_klists.end(),xmltooling::cleanup<DSIGKeyInfoList>());
}
XMLMetadataImpl::Role::Role(const EntityDescriptor* provider, time_t validUntil, const DOMElement* e)
delete m_org;
delete m_errorURL;
if (m_protocolEnumCopy) XMLString::release(&m_protocolEnumCopy);
- for (vector<const IKeyDescriptor*>::iterator i=m_keys.begin(); i!=m_keys.end(); i++)
- delete const_cast<IKeyDescriptor*>(*i);
- for (vector<const IContactPerson*>::iterator j=m_contacts.begin(); j!=m_contacts.end(); j++)
- delete const_cast<IContactPerson*>(*j);
+ for_each(m_keys.begin(),m_keys.end(),xmltooling::cleanup<IKeyDescriptor>());
+ for_each(m_contacts.begin(),m_contacts.end(),xmltooling::cleanup<IContactPerson>());
}
bool XMLMetadataImpl::Role::hasSupport(const XMLCh* protocol) const
{
// Check the root element namespace. If SAML2, assume it's the std schema.
if (!XMLString::compareString(e->getNamespaceURI(),::XML::SAML2META_NS)) {
- int i;
+ unsigned int i;
DOMNodeList* nlist=e->getElementsByTagNameNS(::XML::SAML2META_NS,SHIB_L(ArtifactResolutionService));
for (i=0; nlist && i<nlist->getLength(); i++)
m_artifact.add(new IndexedEndpoint(static_cast<DOMElement*>(nlist->item(i))));
else {
// For old style, we just do SAML 1.1 compatibility with Shib handles.
m_protocolEnum.push_back(saml::XML::SAML11_PROTOCOL_ENUM);
- m_formats.push_back(shibboleth::Constants::SHIB_NAMEID_FORMAT_URI);
- }
-}
-
-XMLMetadataImpl::ScopedRole::ScopedRole(const DOMElement* e)
-{
- // Check the root element namespace. If SAML2, assume it's the std schema.
- DOMNodeList* nlist=NULL;
- if (!XMLString::compareString(e->getNamespaceURI(),::XML::SAML2META_NS)) {
- e=saml::XML::getFirstChildElement(e,::XML::SAML2META_NS,SHIB_L(Extensions));
- if (e) nlist=e->getElementsByTagNameNS(::XML::SHIBMETA_NS,SHIB_L(Scope));
- }
- else {
- nlist=e->getElementsByTagNameNS(::XML::SHIB_NS,SHIB_L(Domain));
- }
-
- for (int i=0; nlist && i < nlist->getLength(); i++) {
- const XMLCh* dom=(nlist->item(i)->hasChildNodes()) ? nlist->item(i)->getFirstChild()->getNodeValue() : NULL;
- if (dom && *dom) {
- const XMLCh* regexp=static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,SHIB_L(regexp));
- m_scopes.push_back(
- pair<const XMLCh*,bool>(dom,(regexp && (*regexp==chLatin_t || *regexp==chDigit_1)))
- );
- }
+ m_formats.push_back(shibspconstants::SHIB1_NAMEID_FORMAT_URI);
}
}
XMLMetadataImpl::IDPRole::IDPRole(const EntityDescriptor* provider, time_t validUntil, const DOMElement* e)
- : SSORole(provider,validUntil,e), ScopedRole(e), m_wantAuthnRequestsSigned(false), m_sourceId(NULL)
+ : SSORole(provider,validUntil,e), m_wantAuthnRequestsSigned(false), m_sourceId(NULL)
{
// Check the root element namespace. If SAML2, assume it's the std schema.
if (!XMLString::compareString(e->getNamespaceURI(),::XML::SAML2META_NS)) {
m_sourceId=ext->getFirstChild()->getNodeValue();
}
- int i;
+ unsigned int i;
DOMNodeList* nlist=e->getElementsByTagNameNS(::XML::SAML2META_NS,SHIB_L(SingleSignOnService));
for (i=0; nlist && i<nlist->getLength(); i++)
m_sso.add(new Endpoint(static_cast<DOMElement*>(nlist->item(i))));
src=saml::XML::getNextSiblingElement(src,::XML::SAML2ASSERT_NS,L(AttributeValue));
DOMElement* val=e->getOwnerDocument()->createElementNS(saml::XML::SAML_NS,L(AttributeValue));
DOMNamedNodeMap* attrs = src->getAttributes();
- for (int j=0; j<attrs->getLength(); j++)
+ for (
unsigned int j=0; j<attrs->getLength(); j++)
val->setAttributeNodeNS(static_cast<DOMAttr*>(e->getOwnerDocument()->importNode(attrs->item(j),true)));
while (src->hasChildNodes())
val->appendChild(src->getFirstChild());
}
}
else {
- m_protocolEnum.push_back(Constants::SHIB_NS);
- m_attrprofs.push_back(Constants::SHIB_ATTRIBUTE_NAMESPACE_URI);
- int i;
+ m_protocolEnum.push_back(::XML::SHIB_NS);
+ m_attrprofs.push_back(shibspconstants::SHIB1_ATTRIBUTE_NAMESPACE_URI);
+ unsigned int i;
DOMNodeList* nlist=e->getElementsByTagNameNS(::XML::SHIB_NS,SHIB_L(HandleService));
for (i=0; nlist && i<nlist->getLength(); i++) {
// Manufacture an endpoint for the "Shib" binding.
m_sso.add(
- new Endpoint(Constants::SHIB_AUTHNREQUEST_PROFILE_URI,static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,L(Location)))
+ new Endpoint(shibspconstants::SHIB1_AUTHNREQUEST_PROFILE_URI,static_cast<DOMElement*>(nlist->item(i))->getAttributeNS(NULL,L(Location)))
);
// We're going to "mock up" a KeyDescriptor that contains the specified Name as a ds:KeyName.
XMLMetadataImpl::IDPRole::~IDPRole()
{
- for (vector<const SAMLAttribute*>::iterator i=m_attrs.begin(); i!=m_attrs.end(); i++)
- delete const_cast<SAMLAttribute*>(*i);
+ for_each(m_attrs.begin(),m_attrs.end(),xmltooling::cleanup<SAMLAttribute>());
}
XMLMetadataImpl::AARole::AARole(const EntityDescriptor* provider, time_t validUntil, const DOMElement* e)
- : Role(provider,validUntil,e), ScopedRole(e)
+ : Role(provider,validUntil,e)
{
// Check the root element namespace. If SAML2, assume it's the std schema.
if (!XMLString::compareString(e->getNamespaceURI(),::XML::SAML2META_NS)) {
- int i;
+ unsigned int i;
DOMNodeList* nlist=e->getElementsByTagNameNS(::XML::SAML2META_NS,SHIB_L(AttributeService));
for (i=0; nlist && i<nlist->getLength(); i++)
m_query.add(new Endpoint(static_cast<DOMElement*>(nlist->item(i))));
src=saml::XML::getNextSiblingElement(src,::XML::SAML2ASSERT_NS,L(AttributeValue));
DOMElement* val=e->getOwnerDocument()->createElementNS(saml::XML::SAML_NS,L(AttributeValue));
DOMNamedNodeMap* attrs = src->getAttributes();
- for (int j=0; j<attrs->getLength(); j++)
+ for (
unsigned int j=0; j<attrs->getLength(); j++)
val->setAttributeNodeNS(static_cast<DOMAttr*>(e->getOwnerDocument()->importNode(attrs->item(j),true)));
while (src->hasChildNodes())
val->appendChild(src->getFirstChild());
else {
// For old style, we just do SAML 1.1 compatibility with Shib handles.
m_protocolEnum.push_back(saml::XML::SAML11_PROTOCOL_ENUM);
- m_formats.push_back(Constants::SHIB_NAMEID_FORMAT_URI);
- m_attrprofs.push_back(Constants::SHIB_ATTRIBUTE_NAMESPACE_URI);
- int i;
+ m_formats.push_back(shibspconstants::SHIB1_NAMEID_FORMAT_URI);
+ m_attrprofs.push_back(shibspconstants::SHIB1_ATTRIBUTE_NAMESPACE_URI);
+ unsigned int i;
DOMNodeList* nlist=e->getElementsByTagNameNS(::XML::SHIB_NS,SHIB_L(AttributeAuthority));
for (i=0; nlist && i<nlist->getLength(); i++) {
// Manufacture an endpoint for the SOAP binding.
XMLMetadataImpl::AARole::~AARole()
{
- for (vector<const SAMLAttribute*>::iterator i=m_attrs.begin(); i!=m_attrs.end(); i++)
- delete const_cast<SAMLAttribute*>(*i);
+ for_each(m_attrs.begin(),m_attrs.end(),xmltooling::cleanup<SAMLAttribute>());
}
XMLMetadataImpl::EntityDescriptor::EntityDescriptor(
) : m_root(e), m_parent(parent), m_org(NULL), m_validUntil(validUntil)
{
// Check the root element namespace. If SAML2, assume it's the std schema.
+ DOMNodeList* scopes=NULL;
if (!XMLString::compareString(e->getNamespaceURI(),::XML::SAML2META_NS)) {
m_id=e->getAttributeNS(NULL,SHIB_L(entityID));
}
child = saml::XML::getNextSiblingElement(child);
}
+
+ // Grab all the shibmd:Scope elements here and at the role level.
+ scopes=e->getElementsByTagNameNS(::XML::SHIBMETA_NS,SHIB_L(Scope));
}
else {
m_id=e->getAttributeNS(NULL,SHIB_L(Name));
- m_errorURL=auto_ptr<char>(toUTF8(e->getAttributeNS(NULL,SHIB_L(ErrorURL))));
+ auto_ptr<char> wrapper(toUTF8(e->getAttributeNS(NULL,SHIB_L(ErrorURL))));
+ m_errorURL=wrapper;
bool idp=false,aa=false; // only want to build a role once
DOMElement* child=saml::XML::getFirstChildElement(e);
}
child = saml::XML::getNextSiblingElement(child);
}
+
+ // Grab all the shib:Domain elements.
+ scopes=e->getElementsByTagNameNS(::XML::SHIB_NS,SHIB_L(Domain));
+ }
+
+ // Process scopes.
+ for (unsigned int i=0; scopes && i < scopes->getLength(); i++) {
+ const XMLCh* dom=(scopes->item(i)->hasChildNodes()) ? scopes->item(i)->getFirstChild()->getNodeValue() : NULL;
+ if (dom && *dom) {
+ const XMLCh* regexp=static_cast<DOMElement*>(scopes->item(i))->getAttributeNS(NULL,SHIB_L(regexp));
+ m_scopes.push_back(
+ pair<const XMLCh*,bool>(dom,(regexp && (*regexp==chLatin_t || *regexp==chDigit_1)))
+ );
+ }
}
auto_ptr_char id(m_id);
XMLMetadataImpl::EntityDescriptor::~EntityDescriptor()
{
delete m_org;
- for (vector<const IContactPerson*>::iterator i=m_contacts.begin(); i!=m_contacts.end(); i++)
- delete const_cast<IContactPerson*>(*i);
- for (vector<const IRoleDescriptor*>::iterator j=m_roles.begin(); j!=m_roles.end(); j++)
- delete const_cast<IRoleDescriptor*>(*j);
- for (vector<const IKeyAuthority*>::iterator k=m_keyauths.begin(); k!=m_keyauths.end(); k++)
- delete const_cast<IKeyAuthority*>(*k);
+ for_each(m_contacts.begin(),m_contacts.end(),xmltooling::cleanup<IContactPerson>());
+ for_each(m_roles.begin(),m_roles.end(),xmltooling::cleanup<IRoleDescriptor>());
+ for_each(m_keyauths.begin(),m_keyauths.end(),xmltooling::cleanup<IKeyAuthority>());
}
XMLMetadataImpl::EntitiesDescriptor::EntitiesDescriptor(
XMLMetadataImpl::EntitiesDescriptor::~EntitiesDescriptor()
{
- for (vector<const IEntityDescriptor*>::iterator i=m_providers.begin(); i!=m_providers.end(); i++)
- delete const_cast<IEntityDescriptor*>(*i);
- for (vector<const IEntitiesDescriptor*>::iterator j=m_groups.begin(); j!=m_groups.end(); j++)
- delete const_cast<IEntitiesDescriptor*>(*j);
- for (vector<const IKeyAuthority*>::iterator k=m_keyauths.begin(); k!=m_keyauths.end(); k++)
- delete const_cast<IKeyAuthority*>(*k);
+ for_each(m_providers.begin(),m_providers.end(),xmltooling::cleanup<IEntityDescriptor>());
+ for_each(m_groups.begin(),m_groups.end(),xmltooling::cleanup<IEntitiesDescriptor>());
+ for_each(m_keyauths.begin(),m_keyauths.end(),xmltooling::cleanup<IKeyAuthority>());
}
void XMLMetadataImpl::init()
if (e->hasAttributeNS(NULL,uri)) {
// First check for explicit enablement of entities.
DOMNodeList* nlist=e->getElementsByTagName(SHIB_L(Include));
- for (int i=0; nlist && i<nlist->getLength(); i++) {
+ for (unsigned int i=0; nlist && i<nlist->getLength(); i++) {
if (nlist->item(i)->hasChildNodes()) {
auto_ptr_char temp(nlist->item(i)->getFirstChild()->getNodeValue());
if (temp.get()) {
// If there was no explicit enablement, build a set of exclusions.
if (m_exclusions) {
nlist=e->getElementsByTagName(SHIB_L(Exclude));
- for (int j=0; nlist && j<nlist->getLength(); j++) {
+ for (unsigned int j=0; nlist && j<nlist->getLength(); j++) {
if (nlist->item(j)->hasChildNodes()) {
auto_ptr_char temp(nlist->item(j)->getFirstChild()->getNodeValue());
if (temp.get())
if (!URI || !*URI || (*URI==chPound &&
!XMLString::compareString(&URI[1],static_cast<DOMElement*>(sigNode->getParentNode())->getAttributeNS(NULL,ID)))) {
DSIGTransformList* tlist=ref->getTransforms();
- for (int i=0; tlist && i<tlist->getSize(); i++) {
+ for (unsigned int i=0; tlist && i<tlist->getSize(); i++) {
if (tlist->item(i)->getTransformType()==TRANSFORM_ENVELOPED_SIGNATURE)
valid=true;
else if (tlist->item(i)->getTransformType()!=TRANSFORM_EXC_C14N &&
projects / shibboleth / cpp-sp.git / blobdiff