X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=4c89489f61250333510a42a4ba174e39d3d7c3ec;hb=e9554c255ad3c91c7c4976e7a1a54905903e66a2;hp=dd9cc1418796d315b429e8f7f8afd9a15f3bd010;hpb=7656a0d5a5c701152f1f251c355def99367c2aea;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index dd9cc14..4c89489 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2007 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,10 +28,16 @@ #include "saml2/metadata/MetadataCredentialCriteria.h" #include +#include +#include +#include #include +#include +#include #include using namespace opensaml::saml2md; +using namespace xmltooling::logging; using namespace xmltooling; using namespace std; using opensaml::SAMLArtifact; @@ -40,11 +46,11 @@ static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e) - : ObservableMetadataProvider(e), m_resolver(NULL), m_credentialLock(NULL) + : ObservableMetadataProvider(e), m_resolver(nullptr), m_credentialLock(nullptr) { - e = e ? XMLHelper::getFirstChildElement(e, _KeyInfoResolver) : NULL; + e = e ? XMLHelper::getFirstChildElement(e, _KeyInfoResolver) : nullptr; if (e) { - auto_ptr_char t(e->getAttributeNS(NULL,type)); + auto_ptr_char t(e->getAttributeNS(nullptr,type)); if (t.get()) m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.get(),e); else @@ -114,7 +120,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, } // Hash the ID. - m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); + m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site)); // Load endpoints for type 0x0002 artifacts. const vector& locs=const_cast(*i)->getArtifactResolutionServices(); @@ -128,7 +134,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, // SAML 2.0? if ((*i)->hasSupport(samlconstants::SAML20P_NS)) { // Hash the ID. - m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); + m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site)); } } } @@ -165,15 +171,23 @@ const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const { pair range=const_cast(m_groups).equal_range(name); - time_t now=time(NULL); + time_t now=time(nullptr); for (groupmap_t::const_iterator i=range.first; i!=range.second; i++) if (now < i->second->getValidUntilEpoch()) return i->second; - if (!strict && range.first!=range.second) - return range.first->second; - - return NULL; + if (range.first != range.second) { + Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider"); + if (strict) { + log.warn("ignored expired metadata group (%s)", range.first->first.c_str()); + } + else { + log.info("no valid metadata found, returning expired metadata group (%s)", range.first->first.c_str()); + return range.first->second; + } + } + + return nullptr; } pair AbstractMetadataProvider::getEntityDescriptor(const Criteria& criteria) const @@ -188,13 +202,13 @@ pair AbstractMetadataProvider::ge else if (criteria.artifact) range = const_cast(m_sources).equal_range(criteria.artifact->getSource()); else - return pair(NULL,NULL); + return pair(nullptr,nullptr); pair result; - result.first = NULL; - result.second = NULL; + result.first = nullptr; + result.second = nullptr; - time_t now=time(NULL); + time_t now=time(nullptr); for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) { if (now < i->second->getValidUntilEpoch()) { result.first = i->second; @@ -202,10 +216,18 @@ pair AbstractMetadataProvider::ge } } - if (!result.first && !criteria.validOnly && range.first!=range.second) - result.first = range.first->second; - - if (result.first && criteria.role && criteria.protocol) { + if (!result.first && range.first!=range.second) { + Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider"); + if (criteria.validOnly) { + log.warn("ignored expired metadata instance for (%s)", range.first->first.c_str()); + } + else { + log.info("no valid metadata found, returning expired instance for (%s)", range.first->first.c_str()); + result.first = range.first->second; + } + } + + if (result.first && criteria.role) { result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol); if (!result.second && criteria.protocol2) result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol2); @@ -226,7 +248,7 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) if (metacrit->matches(*(*c))) return *c; - return NULL; + return nullptr; } vector::size_type AbstractMetadataProvider::resolve(