X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=6508e58a7410b9f98b8be6e3c01c880e86081d04;hb=c089f03a9b08dc947a815be624654ca401c6b369;hp=4440fb409da3d79cedf7e5ce5479bcb8e796d689;hpb=1eb17d04ca664e8c7a22954d011c9b85534b26c7;p=shibboleth%2Fopensaml2.git diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index 4440fb4..6508e58 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -24,6 +24,7 @@ #include "binding/SAMLArtifact.h" #include "saml2/metadata/Metadata.h" #include "saml2/metadata/AbstractMetadataProvider.h" +#include "saml2/metadata/MetadataCredentialContext.h" #include "saml2/metadata/MetadataCredentialCriteria.h" #include @@ -55,27 +56,40 @@ AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e) AbstractMetadataProvider::~AbstractMetadataProvider() { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) - for_each(c->second.begin(), c->second.end(), cleanup_pair()); + for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); delete m_credentialLock; delete m_resolver; } -void AbstractMetadataProvider::emitChangeEvent() +void AbstractMetadataProvider::emitChangeEvent() const { for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c) - for_each(c->second.begin(), c->second.end(), cleanup_pair()); + for_each(c->second.begin(), c->second.end(), xmltooling::cleanup()); m_credentialMap.clear(); ObservableMetadataProvider::emitChangeEvent(); } -void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) +void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const { if (validUntil < site->getValidUntilEpoch()) site->setValidUntil(validUntil); auto_ptr_char id(site->getEntityID()); if (id.get()) { - m_sites.insert(make_pair(id.get(),site)); + if (replace) { + m_sites.erase(id.get()); + for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) { + if (s->second == site) { + sitemap_t::iterator temp = s; + ++s; + m_sources.erase(temp); + } + else { + ++s; + } + } + } + m_sites.insert(sitemap_t::value_type(id.get(),site)); } // Process each IdP role. @@ -92,7 +106,7 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) if (sid) { auto_ptr_char sourceid(sid->getID()); if (sourceid.get()) { - m_sources.insert(pair(sourceid.get(),site)); + m_sources.insert(sitemap_t::value_type(sourceid.get(),site)); break; } } @@ -100,37 +114,33 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil) } // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); + m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); // Load endpoints for type 0x0002 artifacts. const vector& locs=const_cast(*i)->getArtifactResolutionServices(); for (vector::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) { auto_ptr_char location((*loc)->getLocation()); if (location.get()) - m_sources.insert(pair(location.get(),site)); + m_sources.insert(sitemap_t::value_type(location.get(),site)); } } // SAML 2.0? if ((*i)->hasSupport(samlconstants::SAML20P_NS)) { // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); + m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)); } } } -void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) +void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const { if (validUntil < group->getValidUntilEpoch()) group->setValidUntil(validUntil); auto_ptr_char name(group->getName()); if (name.get()) { - m_groups.insert(make_pair(name.get(),group)); + m_groups.insert(groupmap_t::value_type(name.get(),group)); } const vector& groups=const_cast(group)->getEntitiesDescriptors(); @@ -142,11 +152,13 @@ void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUnti index(*j,group->getValidUntilEpoch()); } -void AbstractMetadataProvider::clearDescriptorIndex() +void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites) { - m_sources.clear(); + if (freeSites) + for_each(m_sites.begin(), m_sites.end(), cleanup_const_pair()); m_sites.clear(); m_groups.clear(); + m_sources.clear(); } const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const @@ -201,8 +213,8 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (matches(*c,criteria)) - return c->second; + if (metacrit->matches(*(*c))) + return *c; return NULL; } @@ -218,8 +230,8 @@ vector::size_type AbstractMetadataProvider::resolve( const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole()); for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) - if (matches(*c,criteria)) - results.push_back(c->second); + if (metacrit->matches(*(*c))) + results.push_back(*c); return results.size(); } @@ -234,45 +246,11 @@ const AbstractMetadataProvider::credmap_t::mapped_type& AbstractMetadataProvider AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role]; for (vector::const_iterator k = keys.begin(); k!=keys.end(); ++k) { if ((*k)->getKeyInfo()) { - Credential* c = resolver->resolve((*k)->getKeyInfo()); - resolved.push_back(make_pair((*k)->getUse(), c)); + auto_ptr mcc(new MetadataCredentialContext(*(*k))); + Credential* c = resolver->resolve(mcc.get()); + mcc.release(); + resolved.push_back(c); } } return resolved; } - -bool AbstractMetadataProvider::matches(const pair& cred, const CredentialCriteria* criteria) const -{ - if (criteria) { - // Check for a usage mismatch. - if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) && - XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION)) - return false; - else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING)) - return false; - - const char* alg = criteria->getKeyAlgorithm(); - if (alg && *alg) { - const char* alg2 = cred.second->getAlgorithm(); - if (alg2 && *alg2) { - if (!XMLString::equals(alg,alg2)) - return false; - } - } - if (criteria->getKeySize()>0 && cred.second->getKeySize()>0) { - if (criteria->getKeySize() != cred.second->getKeySize()) - return false; - } - - if (cred.second->getPublicKey()) { - // See if we have to match a specific key. - auto_ptr critcred( - XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS) - ); - if (critcred.get()) - if (!critcred->isEqual(*(cred.second->getPublicKey()))) - return false; - } - } - return true; -}