X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=4c89489f61250333510a42a4ba174e39d3d7c3ec;hb=e9554c255ad3c91c7c4976e7a1a54905903e66a2;hp=6508e58a7410b9f98b8be6e3c01c880e86081d04;hpb=a0f7ddfb1954304a01b6a49580ce8d2603a60446;p=shibboleth%2Fcpp-opensaml.git

diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
index 6508e58..4c89489 100644
--- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright 2001-2007 Internet2
+ *  Copyright 2001-2010 Internet2
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,10 +28,16 @@
 #include "saml2/metadata/MetadataCredentialCriteria.h"
 
 #include <xercesc/util/XMLUniDefs.hpp>
+#include <xmltooling/logging.h>
+#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
 #include <xmltooling/security/KeyInfoResolver.h>
+#include <xmltooling/security/SecurityHelper.h>
+#include <xmltooling/util/Threads.h>
 #include <xmltooling/util/XMLHelper.h>
 
 using namespace opensaml::saml2md;
+using namespace xmltooling::logging;
 using namespace xmltooling;
 using namespace std;
 using opensaml::SAMLArtifact;
@@ -40,11 +46,11 @@ static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o
 static const XMLCh type[] =             UNICODE_LITERAL_4(t,y,p,e);
 
 AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e)
-    : ObservableMetadataProvider(e), m_resolver(NULL), m_credentialLock(NULL)
+    : ObservableMetadataProvider(e), m_resolver(nullptr), m_credentialLock(nullptr)
 {
-    e = e ? XMLHelper::getFirstChildElement(e, _KeyInfoResolver) : NULL;
+    e = e ? XMLHelper::getFirstChildElement(e, _KeyInfoResolver) : nullptr;
     if (e) {
-        auto_ptr_char t(e->getAttributeNS(NULL,type));
+        auto_ptr_char t(e->getAttributeNS(nullptr,type));
         if (t.get())
             m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.get(),e);
         else
@@ -114,7 +120,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil,
             }
             
             // Hash the ID.
-            m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
+            m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site));
                 
             // Load endpoints for type 0x0002 artifacts.
             const vector<ArtifactResolutionService*>& locs=const_cast<const IDPSSODescriptor*>(*i)->getArtifactResolutionServices();
@@ -128,7 +134,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil,
         // SAML 2.0?
         if ((*i)->hasSupport(samlconstants::SAML20P_NS)) {
             // Hash the ID.
-            m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
+            m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site));
         }
     }
 }
@@ -163,44 +169,71 @@ void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites)
 
 const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const
 {
-    pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=m_groups.equal_range(name);
+    pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=const_cast<const groupmap_t&>(m_groups).equal_range(name);
 
-    time_t now=time(NULL);
+    time_t now=time(nullptr);
     for (groupmap_t::const_iterator i=range.first; i!=range.second; i++)
         if (now < i->second->getValidUntilEpoch())
             return i->second;
     
-    if (!strict && range.first!=range.second)
-        return range.first->second;
-        
-    return NULL;
-}
-
-const EntityDescriptor* AbstractMetadataProvider::getEntityDescriptor(const char* name, bool strict) const
-{
-    pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range=m_sites.equal_range(name);
+    if (range.first != range.second) {
+        Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider");
+        if (strict) {
+            log.warn("ignored expired metadata group (%s)", range.first->first.c_str());
+        }
+        else {
+            log.info("no valid metadata found, returning expired metadata group (%s)", range.first->first.c_str());
+            return range.first->second;
+        }
+    }
 
-    time_t now=time(NULL);
-    for (sitemap_t::const_iterator i=range.first; i!=range.second; i++)
-        if (now < i->second->getValidUntilEpoch())
-            return i->second;
-    
-    if (!strict && range.first!=range.second)
-        return range.first->second;
-        
-    return NULL;
+    return nullptr;
 }
 
-const EntityDescriptor* AbstractMetadataProvider::getEntityDescriptor(const SAMLArtifact* artifact) const
+pair<const EntityDescriptor*,const RoleDescriptor*> AbstractMetadataProvider::getEntityDescriptor(const Criteria& criteria) const
 {
-    pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range=m_sources.equal_range(artifact->getSource());
-
-    time_t now=time(NULL);
-    for (sitemap_t::const_iterator i=range.first; i!=range.second; i++)
-        if (now < i->second->getValidUntilEpoch())
-            return i->second;
+    pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range;
+    if (criteria.entityID_ascii)
+        range = const_cast<const sitemap_t&>(m_sites).equal_range(criteria.entityID_ascii);
+    else if (criteria.entityID_unicode) {
+        auto_ptr_char id(criteria.entityID_unicode);
+        range = const_cast<const sitemap_t&>(m_sites).equal_range(id.get());
+    }
+    else if (criteria.artifact)
+        range = const_cast<const sitemap_t&>(m_sources).equal_range(criteria.artifact->getSource());
+    else
+        return pair<const EntityDescriptor*,const RoleDescriptor*>(nullptr,nullptr);
+    
+    pair<const EntityDescriptor*,const RoleDescriptor*> result;
+    result.first = nullptr;
+    result.second = nullptr;
+    
+    time_t now=time(nullptr);
+    for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) {
+        if (now < i->second->getValidUntilEpoch()) {
+            result.first = i->second;
+            break;
+        }
+    }
+    
+    if (!result.first && range.first!=range.second) {
+        Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider");
+        if (criteria.validOnly) {
+            log.warn("ignored expired metadata instance for (%s)", range.first->first.c_str());
+        }
+        else {
+            log.info("no valid metadata found, returning expired instance for (%s)", range.first->first.c_str());
+            result.first = range.first->second;
+        }
+    }
 
-    return NULL;
+    if (result.first && criteria.role) {
+        result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol);
+        if (!result.second && criteria.protocol2)
+            result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol2);
+    }
+    
+    return result;
 }
 
 const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* criteria) const
@@ -215,7 +248,7 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr
     for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
         if (metacrit->matches(*(*c)))
             return *c;
-    return NULL;
+    return nullptr;
 }
 
 vector<const Credential*>::size_type AbstractMetadataProvider::resolve(