X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=6508e58a7410b9f98b8be6e3c01c880e86081d04;hb=a0f7ddfb1954304a01b6a49580ce8d2603a60446;hp=d59e8e2c43ee4f16f0e23a99c16b7fa8cb47a116;hpb=b1614d3c1fc1f4230ab2a123f43994127c25462c;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index d59e8e2..6508e58 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -24,6 +24,7 @@ #include "binding/SAMLArtifact.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/AbstractMetadataProvider.h" +#include "saml2/metadata/MetadataCredentialContext.h" #include "saml2/metadata/MetadataCredentialCriteria.h" #include @@ -55,27 +56,40 @@ AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e) AbstractMetadataProvider::~AbstractMetadataProvider() { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) - for_each(c->second.begin(), c->second.end(), cleanup_pair()); + for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); delete m_credentialLock; delete m_resolver; } -void AbstractMetadataProvider::emitChangeEvent() +void AbstractMetadataProvider::emitChangeEvent() const { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) - for_each(c->second.begin(), c->second.end(), cleanup_pair()); + for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); m_credentialMap.clear(); ObservableMetadataProvider::emitChangeEvent(); } -void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) +void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const { if (validUntil < site->getValidUntilEpoch()) site->setValidUntil(validUntil); auto_ptr_char id(site->getEntityID()); if (id.get()) { - m_sites.insert(make_pair(id.get(),site)); + if (replace) { + m_sites.erase(id.get()); + for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) { + if (s->second == site) { + sitemap_t::iterator temp = s; + ++s; + m_sources.erase(temp); + } + else { + ++s; + } + } + } + m_sites.insert(sitemap_t::value_type(id.get(),site)); } // Process each IdP role. @@ -92,7 +106,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) if (sid) { auto_ptr_char sourceid(sid->getID()); if (sourceid.get()) { - m_sources.insert(pair(sourceid.get(),site)); + m_sources.insert(sitemap_t::value_type(sourceid.get(),site)); break; } } @@ -100,37 +114,33 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) } // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); + m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); // Load endpoints for type 0x0002 artifacts. const vector& locs=const_cast(*i)->getArtifactResolutionServices(); for (vector::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) { auto_ptr_char location((*loc)->getLocation()); if (location.get()) - m_sources.insert(pair(location.get(),site)); + m_sources.insert(sitemap_t::value_type(location.get(),site)); } } // SAML 2.0? if ((*i)->hasSupport(samlconstants::SAML20P_NS)) { // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); + m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); } } } -void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) +void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const { if (validUntil < group->getValidUntilEpoch()) group->setValidUntil(validUntil); auto_ptr_char name(group->getName()); if (name.get()) { - m_groups.insert(make_pair(name.get(),group)); + m_groups.insert(groupmap_t::value_type(name.get(),group)); } const vector& groups=const_cast(group)->getEntitiesDescriptors(); @@ -142,11 +152,13 @@ void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUnti index(*j,group->getValidUntilEpoch()); } -void AbstractMetadataProvider::clearDescriptorIndex() +void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites) { - m_sources.clear(); + if (freeSites) + for_each(m_sites.begin(), m_sites.end(), cleanup_const_pair()); m_sites.clear(); m_groups.clear(); + m_sources.clear(); } const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const @@ -201,8 +213,8 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (matches(*c,criteria)) - return c->second; + if (metacrit->matches(*(*c))) + return *c; return NULL; } @@ -218,8 +230,8 @@ vector::size_type AbstractMetadataProvider::resolve( const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (matches(*c,criteria)) - results.push_back(c->second); + if (metacrit->matches(*(*c))) + results.push_back(*c); return results.size(); } @@ -234,32 +246,11 @@ const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role]; for (vector::const_iterator k = keys.begin(); k!=keys.end(); ++k) { if ((*k)->getKeyInfo()) { - Credential* c = resolver->resolve((*k)->getKeyInfo()); - resolved.push_back(make_pair((*k)->getUse(), c)); + auto_ptr mcc(new MetadataCredentialContext(*(*k))); + Credential* c = resolver->resolve(mcc.get()); + mcc.release(); + resolved.push_back(c); } } return resolved; } - -bool AbstractMetadataProvider::matches(const pair& cred, const CredentialCriteria* criteria) const -{ - if (criteria) { - // Check for a usage mismatch. - if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) && - XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION)) - return false; - else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING)) - return false; - - if (cred.second->getPublicKey()) { - // See if we have to match a specific key. - auto_ptr critcred( - XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS) - ); - if (critcred.get()) - if (!critcred->isEqual(*(cred.second->getPublicKey()))) - return false; - } - } - return true; -}