X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2FMetadata.h;h=4ea5a5b496f745767dd9ac9486f10c89e7bb2513;hb=d553b4e66d3e96f8b18032abcda06ee3dfb2eb59;hp=ae28ce6dff72544d34fda328520c2b0f3ed4427c;hpb=c7af1d07251d4d10a8acd8949cb31ca490130125;p=shibboleth%2Fopensaml2.git diff --git a/saml/saml2/metadata/Metadata.h b/saml/saml2/metadata/Metadata.h index ae28ce6..4ea5a5b 100644 --- a/saml/saml2/metadata/Metadata.h +++ b/saml/saml2/metadata/Metadata.h @@ -24,6 +24,7 @@ #define __saml2_metadata_h__ #include +#include #include @@ -64,6 +65,10 @@ namespace opensaml { bool isValid() const { return time(NULL) <= getValidUntilEpoch(); } + /** Returns true iff the object is valid at the supplied time. */ + bool isValid(time_t t) const { + return t <= getValidUntilEpoch(); + } }; DECL_XMLOBJECT_SIMPLE(SAML_API,AffiliateMember,ID,SAML 2.0 AffiliateMember element); @@ -223,6 +228,7 @@ namespace opensaml { DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); /** IDPSSODescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,ServiceName,localizedNameType,SAML 2.0 ServiceName element); @@ -259,6 +265,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(AttributeConsumingService); /** SPSSODescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthnQueryService,EndpointType,SAML 2.0 AuthnQueryService element); @@ -270,6 +277,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(NameIDFormat); /** AuthnAuthorityDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthzService,EndpointType,SAML 2.0 AuthzService element); @@ -281,6 +289,7 @@ namespace opensaml { DECL_TYPED_CHILDREN(NameIDFormat); /** PDPDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeService,EndpointType,SAML 2.0 AttributeService element); @@ -294,6 +303,7 @@ namespace opensaml { DECL_TYPED_FOREIGN_CHILDREN(Attribute,saml2); /** AttributeAuthorityDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_ELEMENT_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,QueryDescriptorType,RoleDescriptor,SAML 2.0 QueryDescriptorType abstract type); @@ -306,18 +316,21 @@ namespace opensaml { BEGIN_XMLOBJECT(SAML_API,AuthnQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthnQueryDescriptorType extension type); /** AuthnQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AttributeQueryDescriptorType,QueryDescriptorType,SAML 2.0 AttributeQueryDescriptorType extension type); DECL_TYPED_CHILDREN(AttributeConsumingService); /** AttributeQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT(SAML_API,AuthzDecisionQueryDescriptorType,QueryDescriptorType,SAML 2.0 AuthzDecisionQueryDescriptorType extension type); DECL_TYPED_CHILDREN(ActionNamespace); /** AuthzDecisionQueryDescriptorType local name */ static const XMLCh TYPE_NAME[]; + DECL_TYPE_QNAME; END_XMLOBJECT; BEGIN_XMLOBJECT4(SAML_API,AffiliationDescriptor,xmltooling::AttributeExtensibleXMLObject,SignableObject, @@ -349,23 +362,7 @@ namespace opensaml { DECL_TYPED_CHILD(Organization); DECL_TYPED_CHILDREN(ContactPerson); DECL_TYPED_CHILDREN(AdditionalMetadataLocation); - /** Finds an IDP role supporting a given protocol. */ - virtual const IDPSSODescriptor* getIDPSSODescriptor(const XMLCh* protocol) const=0; - /** Finds an SP role supporting a given protocol. */ - virtual const SPSSODescriptor* getSPSSODescriptor(const XMLCh* protocol) const=0; - /** Finds an Authn Authority role supporting a given protocol. */ - virtual const AuthnAuthorityDescriptor* getAuthnAuthorityDescriptor(const XMLCh* protocol) const=0; - /** Finds an Attribute Authority role supporting a given protocol. */ - virtual const AttributeAuthorityDescriptor* getAttributeAuthorityDescriptor(const XMLCh* protocol) const=0; - /** Finds a PDP role supporting a given protocol. */ - virtual const PDPDescriptor* getPDPDescriptor(const XMLCh* protocol) const=0; - /** Finds an AuthnQuery role supporting a given protocol. */ - virtual const AuthnQueryDescriptorType* getAuthnQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an AttributeQuery role supporting a given protocol. */ - virtual const AttributeQueryDescriptorType* getAttributeQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an AuthzDecisionQuery role supporting a given protocol. */ - virtual const AuthzDecisionQueryDescriptorType* getAuthzDecisionQueryDescriptorType(const XMLCh* protocol) const=0; - /** Finds an extension role supporting a given protocol. */ + /** Finds an arbitrary role type supporting a given protocol. */ virtual const RoleDescriptor* getRoleDescriptor(const xmltooling::QName& qname, const XMLCh* protocol) const=0; /** EntityDescriptorType local name */ static const XMLCh TYPE_NAME[]; @@ -382,6 +379,62 @@ namespace opensaml { static const XMLCh TYPE_NAME[]; END_XMLOBJECT; + /** + * Predicate to test a role for validity and protocol support. + */ + class isValidForProtocol + { + public: + /** + * Constructor. + * + * @param protocol support constant to test for + */ + isValidForProtocol(const XMLCh* protocol) : m_time(time(NULL)), m_protocol(protocol) { + } + + /** + * Returns true iff the supplied role is valid now and supports the right protocol. + * + * @param role role to test + * @return result of predicate + */ + bool operator()(const RoleDescriptor* role) const { + return role ? (role->isValid(m_time) && role->hasSupport(m_protocol)) : false; + } + + private: + time_t m_time; + const XMLCh* m_protocol; + }; + + /** + * Predicate to test a role for type equivalence, validity, and protocol support. + */ + class ofTypeValidForProtocol : public isValidForProtocol, public xmltooling::hasSchemaType + { + public: + /** + * Constructor. + * + * @param q schema type to test for + * @param protocol support constant to test for + */ + ofTypeValidForProtocol(const xmltooling::QName& q, const XMLCh* protocol) + : isValidForProtocol(protocol), xmltooling::hasSchemaType(q) { + } + + /** + * Returns true iff the supplied role is of the right type, valid now, and supports the right protocol. + * + * @param role role to test + * @return result of predicate + */ + bool operator()(const RoleDescriptor* role) const { + return xmltooling::hasSchemaType::operator()(role) && isValidForProtocol::operator()(role); + } + }; + DECL_SAML2MDOBJECTBUILDER(AdditionalMetadataLocation); DECL_SAML2MDOBJECTBUILDER(AffiliateMember); DECL_SAML2MDOBJECTBUILDER(AffiliationDescriptor); @@ -566,7 +619,7 @@ namespace opensaml { * This is customized to return a RoleDescriptor element with an * xsi:type of AuthnQueryDescriptorType. */ - class SAML_API AuthnQueryDescriptorTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API AuthnQueryDescriptorTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~AuthnQueryDescriptorTypeBuilder() {} /** Default builder. */ @@ -576,10 +629,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AuthnQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AuthnQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -613,7 +666,7 @@ namespace opensaml { * This is customized to return a RoleDescriptor element with an * xsi:type of AttributeQueryDescriptorType. */ - class SAML_API AttributeQueryDescriptorTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API AttributeQueryDescriptorTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~AttributeQueryDescriptorTypeBuilder() {} /** Default builder. */ @@ -623,10 +676,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AttributeQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AttributeQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */ @@ -660,7 +713,7 @@ namespace opensaml { * This is customized to return a RoleDescriptor element with an * xsi:type of AuthzDecisionQueryDescriptorType. */ - class SAML_API AuthzDecisionQueryDescriptorTypeBuilder : public xmltooling::XMLObjectBuilder { + class SAML_API AuthzDecisionQueryDescriptorTypeBuilder : public xmltooling::ConcreteXMLObjectBuilder { public: virtual ~AuthzDecisionQueryDescriptorTypeBuilder() {} /** Default builder. */ @@ -670,10 +723,10 @@ namespace opensaml { virtual xmltooling::XMLObject* buildObject() const { #endif xmltooling::QName schemaType( - samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX + samlconstants::SAML20MD_QUERY_EXT_NS,AuthzDecisionQueryDescriptorType::TYPE_NAME,samlconstants::SAML20MD_QUERY_EXT_PREFIX ); return buildObject( - samlconstants::SAML20_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20_PREFIX,&schemaType + samlconstants::SAML20MD_NS,AuthzDecisionQueryDescriptorType::LOCAL_NAME,samlconstants::SAML20MD_PREFIX,&schemaType ); } /** Builder that allows element/type override. */