X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FAbstractMetadataProvider.cpp;h=e7d0cd5858c3b1773d47c72886f8a6e742ce57ee;hb=16d5976c9821b70d95675983702e0032d8769467;hp=85f7afcf8baac08c579dcc1b8867eba025ad3643;hpb=20a9409171aae7d730229e48f1757fb1e6b42243;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp index 85f7afc..e7d0cd5 100644 --- a/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp +++ b/saml/saml2/metadata/impl/AbstractMetadataProvider.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2001-2009 Internet2 + * Copyright 2001-2010 Internet2 * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -46,13 +46,13 @@ static const XMLCh _KeyInfoResolver[] = UNICODE_LITERAL_15(K,e,y,I,n,f,o,R,e,s,o static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); AbstractMetadataProvider::AbstractMetadataProvider(const DOMElement* e) - : ObservableMetadataProvider(e), m_resolver(NULL), m_credentialLock(NULL) + : ObservableMetadataProvider(e), m_resolver(nullptr), m_credentialLock(nullptr) { - e = e ? XMLHelper::getFirstChildElement(e, _KeyInfoResolver) : NULL; + e = XMLHelper::getFirstChildElement(e, _KeyInfoResolver); if (e) { - auto_ptr_char t(e->getAttributeNS(NULL,type)); - if (t.get()) - m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.get(),e); + string t = XMLHelper::getAttrString(e, nullptr, type); + if (!t.empty()) + m_resolver = XMLToolingConfig::getConfig().KeyInfoResolverManager.newPlugin(t.c_str(), e); else throw UnknownExtensionException(" element found with no type attribute"); } @@ -75,10 +75,13 @@ void AbstractMetadataProvider::emitChangeEvent() const ObservableMetadataProvider::emitChangeEvent(); } -void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const +void AbstractMetadataProvider::indexEntity(EntityDescriptor* site, time_t& validUntil, bool replace) const { + // If child expires later than input, reset child, otherwise lower input to match. if (validUntil < site->getValidUntilEpoch()) site->setValidUntil(validUntil); + else + validUntil = site->getValidUntilEpoch(); auto_ptr_char id(site->getEntityID()); if (id.get()) { @@ -99,16 +102,16 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, } // Process each IdP role. - const vector& roles=const_cast(site)->getIDPSSODescriptors(); - for (vector::const_iterator i=roles.begin(); i!=roles.end(); i++) { + const vector& roles = const_cast(site)->getIDPSSODescriptors(); + for (vector::const_iterator i = roles.begin(); i != roles.end(); i++) { // SAML 1.x? if ((*i)->hasSupport(samlconstants::SAML10_PROTOCOL_ENUM) || (*i)->hasSupport(samlconstants::SAML11_PROTOCOL_ENUM)) { // Check for SourceID extension element. - const Extensions* exts=(*i)->getExtensions(); + const Extensions* exts = (*i)->getExtensions(); if (exts && exts->hasChildren()) { - const vector& children=exts->getUnknownXMLObjects(); - for (vector::const_iterator ext=children.begin(); ext!=children.end(); ++ext) { - SourceID* sid=dynamic_cast(*ext); + const vector& children = exts->getUnknownXMLObjects(); + for (vector::const_iterator ext = children.begin(); ext != children.end(); ++ext) { + SourceID* sid = dynamic_cast(*ext); if (sid) { auto_ptr_char sourceid(sid->getID()); if (sourceid.get()) { @@ -123,8 +126,8 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site)); // Load endpoints for type 0x0002 artifacts. - const vector& locs=const_cast(*i)->getArtifactResolutionServices(); - for (vector::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) { + const vector& locs = const_cast(*i)->getArtifactResolutionServices(); + for (vector::const_iterator loc = locs.begin(); loc != locs.end(); loc++) { auto_ptr_char location((*loc)->getLocation()); if (location.get()) m_sources.insert(sitemap_t::value_type(location.get(),site)); @@ -139,23 +142,53 @@ void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, } } -void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const +void AbstractMetadataProvider::indexGroup(EntitiesDescriptor* group, time_t& validUntil) const { + // If child expires later than input, reset child, otherwise lower input to match. if (validUntil < group->getValidUntilEpoch()) group->setValidUntil(validUntil); + else + validUntil = group->getValidUntilEpoch(); auto_ptr_char name(group->getName()); if (name.get()) { m_groups.insert(groupmap_t::value_type(name.get(),group)); } - const vector& groups=const_cast(group)->getEntitiesDescriptors(); - for (vector::const_iterator i=groups.begin(); i!=groups.end(); i++) - index(*i,group->getValidUntilEpoch()); + // Track the smallest validUntil amongst the children. + time_t minValidUntil = validUntil; + + const vector& groups = const_cast(group)->getEntitiesDescriptors(); + for (vector::const_iterator i = groups.begin(); i != groups.end(); i++) { + // Use the current validUntil fence for each child, but track the smallest we find. + time_t subValidUntil = validUntil; + indexGroup(*i, subValidUntil); + if (subValidUntil < minValidUntil) + minValidUntil = subValidUntil; + } + + const vector& sites = const_cast(group)->getEntityDescriptors(); + for (vector::const_iterator j = sites.begin(); j != sites.end(); j++) { + // Use the current validUntil fence for each child, but track the smallest we find. + time_t subValidUntil = validUntil; + indexEntity(*j, subValidUntil); + if (subValidUntil < minValidUntil) + minValidUntil = subValidUntil; + } - const vector& sites=const_cast(group)->getEntityDescriptors(); - for (vector::const_iterator j=sites.begin(); j!=sites.end(); j++) - index(*j,group->getValidUntilEpoch()); + // Pass back up the smallest child we found. + if (minValidUntil < validUntil) + validUntil = minValidUntil; +} + +void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const +{ + indexEntity(site, validUntil, replace); +} + +void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const +{ + indexGroup(group, validUntil); } void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites) @@ -171,7 +204,7 @@ const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const { pair range=const_cast(m_groups).equal_range(name); - time_t now=time(NULL); + time_t now=time(nullptr); for (groupmap_t::const_iterator i=range.first; i!=range.second; i++) if (now < i->second->getValidUntilEpoch()) return i->second; @@ -187,7 +220,7 @@ const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const } } - return NULL; + return nullptr; } pair AbstractMetadataProvider::getEntityDescriptor(const Criteria& criteria) const @@ -202,13 +235,13 @@ pair AbstractMetadataProvider::ge else if (criteria.artifact) range = const_cast(m_sources).equal_range(criteria.artifact->getSource()); else - return pair(NULL,NULL); + return pair(nullptr,nullptr); pair result; - result.first = NULL; - result.second = NULL; + result.first = nullptr; + result.second = nullptr; - time_t now=time(NULL); + time_t now=time(nullptr); for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) { if (now < i->second->getValidUntilEpoch()) { result.first = i->second; @@ -248,7 +281,7 @@ const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* cr for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c) if (metacrit->matches(*(*c))) return *c; - return NULL; + return nullptr; } vector::size_type AbstractMetadataProvider::resolve(