X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=saml%2Fsaml2%2Fmetadata%2Fimpl%2FMetadataProvider.cpp;h=7942e01185e8ff0bbfb169a85a1a4dc05567b644;hb=16d5976c9821b70d95675983702e0032d8769467;hp=2a7052eee32cba49c25814e160189719249d763b;hpb=0b9c2825fb2fad1b6eadde350c799c10e31ace78;p=shibboleth%2Fcpp-opensaml.git diff --git a/saml/saml2/metadata/impl/MetadataProvider.cpp b/saml/saml2/metadata/impl/MetadataProvider.cpp index 2a7052e..7942e01 100644 --- a/saml/saml2/metadata/impl/MetadataProvider.cpp +++ b/saml/saml2/metadata/impl/MetadataProvider.cpp @@ -1,6 +1,6 @@ /* - * Copyright 2001-2006 Internet2 - * + * Copyright 2001-2010 Internet2 + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,85 +16,113 @@ /** * MetadataProvider.cpp - * - * Registration of factories for built-in providers + * + * Supplies an individual source of metadata. */ #include "internal.h" -#include "SAMLArtifact.h" +#include "saml2/metadata/MetadataFilter.h" #include "saml2/metadata/MetadataProvider.h" -#include +#include +#include +#include +#include #include +#include using namespace opensaml::saml2md; using namespace opensaml; +using namespace xmltooling::logging; using namespace xmltooling; -using namespace log4cpp; using namespace std; namespace opensaml { namespace saml2md { - SAML_DLLLOCAL PluginManager::Factory FilesystemMetadataProviderFactory; - SAML_DLLLOCAL PluginManager::Factory BlacklistMetadataFilterFactory; - SAML_DLLLOCAL PluginManager::Factory WhitelistMetadataFilterFactory; + SAML_DLLLOCAL PluginManager::Factory XMLMetadataProviderFactory; + SAML_DLLLOCAL PluginManager::Factory DynamicMetadataProviderFactory; + SAML_DLLLOCAL PluginManager::Factory ChainingMetadataProviderFactory; + SAML_DLLLOCAL PluginManager::Factory NullMetadataProviderFactory; + SAML_DLLLOCAL PluginManager::Factory BlacklistMetadataFilterFactory; + SAML_DLLLOCAL PluginManager::Factory WhitelistMetadataFilterFactory; + SAML_DLLLOCAL PluginManager::Factory SignatureMetadataFilterFactory; + SAML_DLLLOCAL PluginManager::Factory RequireValidUntilMetadataFilterFactory; + SAML_DLLLOCAL PluginManager::Factory EntityRoleMetadataFilterFactory; }; }; void SAML_API opensaml::saml2md::registerMetadataProviders() { SAMLConfig& conf=SAMLConfig::getConfig(); - conf.MetadataProviderManager.registerFactory(FILESYSTEM_METADATA_PROVIDER, FilesystemMetadataProviderFactory); - conf.MetadataProviderManager.registerFactory("edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata", FilesystemMetadataProviderFactory); - conf.MetadataProviderManager.registerFactory("edu.internet2.middleware.shibboleth.common.provider.XMLMetadata", FilesystemMetadataProviderFactory); + conf.MetadataProviderManager.registerFactory(XML_METADATA_PROVIDER, XMLMetadataProviderFactory); + conf.MetadataProviderManager.registerFactory(DYNAMIC_METADATA_PROVIDER, DynamicMetadataProviderFactory); + conf.MetadataProviderManager.registerFactory(CHAINING_METADATA_PROVIDER, ChainingMetadataProviderFactory); + conf.MetadataProviderManager.registerFactory(NULL_METADATA_PROVIDER, NullMetadataProviderFactory); } void SAML_API opensaml::saml2md::registerMetadataFilters() { SAMLConfig::getConfig().MetadataFilterManager.registerFactory(BLACKLIST_METADATA_FILTER, BlacklistMetadataFilterFactory); SAMLConfig::getConfig().MetadataFilterManager.registerFactory(WHITELIST_METADATA_FILTER, WhitelistMetadataFilterFactory); + SAMLConfig::getConfig().MetadataFilterManager.registerFactory(SIGNATURE_METADATA_FILTER, SignatureMetadataFilterFactory); + SAMLConfig::getConfig().MetadataFilterManager.registerFactory(REQUIREVALIDUNTIL_METADATA_FILTER, RequireValidUntilMetadataFilterFactory); + // additional name matching Java code + SAMLConfig::getConfig().MetadataFilterManager.registerFactory("RequiredValidUntil", RequireValidUntilMetadataFilterFactory); + SAMLConfig::getConfig().MetadataFilterManager.registerFactory(ENTITYROLE_METADATA_FILTER, EntityRoleMetadataFilterFactory); } -static const XMLCh Blacklist[] = UNICODE_LITERAL_23(B,l,a,c,k,l,i,s,t,M,e,t,a,d,a,t,a,F,i,l,t,e,r); -static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e); -static const XMLCh Include[] = UNICODE_LITERAL_7(I,n,c,l,u,d,e); -static const XMLCh GenericMetadataFilter[] = UNICODE_LITERAL_14(M,e,t,a,d,a,t,a,F,i,l,t,e,r); -static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); -static const XMLCh Whitelist[] = UNICODE_LITERAL_23(W,h,i,t,e,l,i,s,t,M,e,t,a,d,a,t,a,F,i,l,t,e,r); +static const XMLCh _MetadataFilter[] = UNICODE_LITERAL_14(M,e,t,a,d,a,t,a,F,i,l,t,e,r); +static const XMLCh Blacklist[] = UNICODE_LITERAL_23(B,l,a,c,k,l,i,s,t,M,e,t,a,d,a,t,a,F,i,l,t,e,r); +static const XMLCh Whitelist[] = UNICODE_LITERAL_23(W,h,i,t,e,l,i,s,t,M,e,t,a,d,a,t,a,F,i,l,t,e,r); +static const XMLCh SigFilter[] = UNICODE_LITERAL_23(S,i,g,n,a,t,u,r,e,M,e,t,a,d,a,t,a,F,i,l,t,e,r); +static const XMLCh Exclude[] = UNICODE_LITERAL_7(E,x,c,l,u,d,e); +static const XMLCh Include[] = UNICODE_LITERAL_7(I,n,c,l,u,d,e); +static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e); MetadataProvider::MetadataProvider(const DOMElement* e) { #ifdef _DEBUG NDC ndc("MetadataProvider"); #endif - SAMLConfig& conf=SAMLConfig::getConfig(); - - // Locate any default recognized filters. + Category& log = Category::getInstance(SAML_LOGCAT".Metadata"); + SAMLConfig& conf = SAMLConfig::getConfig(); + + // Locate any default recognized filters and plugins. try { - DOMElement* child = e ? XMLHelper::getFirstChildElement(e) : NULL; + DOMElement* child = XMLHelper::getFirstChildElement(e); while (child) { - if (XMLString::equals(child->getLocalName(),GenericMetadataFilter)) { - auto_ptr_char t(child->getAttributeNS(NULL,type)); - if (t.get()) - m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.get(),child)); + if (XMLString::equals(child->getLocalName(), _MetadataFilter)) { + string t = XMLHelper::getAttrString(child, nullptr, type); + if (!t.empty()) { + log.info("building MetadataFilter of type %s", t.c_str()); + m_filters.push_back(conf.MetadataFilterManager.newPlugin(t.c_str(), child)); + } } - else if (XMLString::equals(child->getLocalName(),Whitelist)) { - m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER,child)); + else if (XMLString::equals(child->getLocalName(), SigFilter)) { + log.info("building MetadataFilter of type %s", SIGNATURE_METADATA_FILTER); + m_filters.push_back(conf.MetadataFilterManager.newPlugin(SIGNATURE_METADATA_FILTER, child)); } - else if (XMLString::equals(child->getLocalName(),Blacklist)) { - m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER,child)); + else if (XMLString::equals(child->getLocalName(), Whitelist)) { + log.info("building MetadataFilter of type %s", WHITELIST_METADATA_FILTER); + m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER, child)); } - else if (XMLString::equals(child->getLocalName(),Include)) { - m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER,e)); + else if (XMLString::equals(child->getLocalName(), Blacklist)) { + log.info("building MetadataFilter of type %s", BLACKLIST_METADATA_FILTER); + m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER, child)); } - else if (XMLString::equals(child->getLocalName(),Exclude)) { - m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER,e)); + else if (XMLString::equals(child->getLocalName(), Include)) { + log.info("building MetadataFilter of type %s", WHITELIST_METADATA_FILTER); + m_filters.push_back(conf.MetadataFilterManager.newPlugin(WHITELIST_METADATA_FILTER, e)); + } + else if (XMLString::equals(child->getLocalName(), Exclude)) { + log.info("building MetadataFilter of type %s", BLACKLIST_METADATA_FILTER); + m_filters.push_back(conf.MetadataFilterManager.newPlugin(BLACKLIST_METADATA_FILTER, e)); } child = XMLHelper::getNextSiblingElement(child); } } catch (XMLToolingException& ex) { - Category::getInstance(SAML_LOGCAT".Metadata").error("caught exception while installing filters: %s", ex.what()); + log.error("caught exception while installing filters: %s", ex.what()); for_each(m_filters.begin(),m_filters.end(),xmltooling::cleanup()); throw; } @@ -102,7 +130,23 @@ MetadataProvider::MetadataProvider(const DOMElement* e) MetadataProvider::~MetadataProvider() { - for_each(m_filters.begin(),m_filters.end(),xmltooling::cleanup()); + for_each(m_filters.begin(), m_filters.end(), xmltooling::cleanup()); +} + +void MetadataProvider::addMetadataFilter(MetadataFilter* newFilter) +{ + m_filters.push_back(newFilter); +} + +MetadataFilter* MetadataProvider::removeMetadataFilter(MetadataFilter* oldFilter) +{ + for (vector::iterator i=m_filters.begin(); i!=m_filters.end(); i++) { + if (oldFilter==(*i)) { + m_filters.erase(i); + return oldFilter; + } + } + return nullptr; } void MetadataProvider::doFilters(XMLObject& xmlObject) const @@ -117,137 +161,51 @@ void MetadataProvider::doFilters(XMLObject& xmlObject) const } } -void MetadataProvider::index(EntityDescriptor* site, time_t validUntil) +const EntitiesDescriptor* MetadataProvider::getEntitiesDescriptor(const XMLCh* name, bool strict) const { - if (validUntil < site->getValidUntilEpoch()) - site->setValidUntil(validUntil); - - auto_ptr_char id(site->getEntityID()); - if (id.get()) { - m_sites.insert(make_pair(id.get(),site)); - } - - // Process each IdP role. - const vector& roles=const_cast(site)->getIDPSSODescriptors(); - for (vector::const_iterator i=roles.begin(); i!=roles.end(); i++) { - // SAML 1.x? - if ((*i)->hasSupport(SAMLConstants::SAML10_PROTOCOL_ENUM) || (*i)->hasSupport(SAMLConstants::SAML11_PROTOCOL_ENUM)) { - // Check for SourceID extension element. - const Extensions* exts=(*i)->getExtensions(); - if (exts) { - const list& children=exts->getXMLObjects(); - for (list::const_iterator ext=children.begin(); ext!=children.end(); ext++) { - SourceID* sid=dynamic_cast(*ext); - if (sid) { - auto_ptr_char sourceid(sid->getID()); - if (sourceid.get()) { - m_sources.insert(pair(sourceid.get(),site)); - break; - } - } - } - } - - // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); - - // Load endpoints for type 0x0002 artifacts. - const vector& locs=const_cast(*i)->getArtifactResolutionServices(); - for (vector::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) { - auto_ptr_char location((*loc)->getLocation()); - if (location.get()) - m_sources.insert(pair(location.get(),site)); - } - } - - // SAML 2.0? - if ((*i)->hasSupport(SAMLConstants::SAML20P_NS)) { - // Hash the ID. - m_sources.insert( - pair(SAMLConfig::getConfig().hashSHA1(id.get(), true),site) - ); - } - } + auto_ptr_char temp(name); + return getEntitiesDescriptor(temp.get(),strict); } -void MetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) +MetadataProvider::Criteria::Criteria() + : entityID_unicode(nullptr), entityID_ascii(nullptr), artifact(nullptr), role(nullptr), protocol(nullptr), protocol2(nullptr), validOnly(true) { - if (validUntil < group->getValidUntilEpoch()) - group->setValidUntil(validUntil); - - auto_ptr_char name(group->getName()); - if (name.get()) { - m_groups.insert(make_pair(name.get(),group)); - } - - const vector& groups=const_cast(group)->getEntitiesDescriptors(); - for (vector::const_iterator i=groups.begin(); i!=groups.end(); i++) - index(*i,group->getValidUntilEpoch()); - - const vector& sites=const_cast(group)->getEntityDescriptors(); - for (vector::const_iterator j=sites.begin(); j!=sites.end(); j++) - index(*j,group->getValidUntilEpoch()); } -void MetadataProvider::clearIndex() +MetadataProvider::Criteria::Criteria(const XMLCh* id, const xmltooling::QName* q, const XMLCh* prot, bool valid) + : entityID_unicode(id), entityID_ascii(nullptr), artifact(nullptr), role(q), protocol(prot), protocol2(nullptr), validOnly(valid) { - m_sources.clear(); - m_sites.clear(); - m_groups.clear(); } -const EntitiesDescriptor* MetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const +MetadataProvider::Criteria::Criteria(const char* id, const xmltooling::QName* q, const XMLCh* prot, bool valid) + : entityID_unicode(nullptr), entityID_ascii(id), artifact(nullptr), role(q), protocol(prot), protocol2(nullptr), validOnly(valid) { - pair range=m_groups.equal_range(name); - - time_t now=time(NULL); - for (groupmap_t::const_iterator i=range.first; i!=range.second; i++) - if (now < i->second->getValidUntilEpoch()) - return i->second; - - if (!strict && range.first!=range.second) - return range.first->second; - - return NULL; } -const EntitiesDescriptor* MetadataProvider::getEntitiesDescriptor(const XMLCh* name, bool strict) const +MetadataProvider::Criteria::Criteria(const SAMLArtifact* a, const xmltooling::QName* q, const XMLCh* prot, bool valid) + : entityID_unicode(nullptr), entityID_ascii(nullptr), artifact(a), role(q), protocol(prot), protocol2(nullptr), validOnly(valid) { - auto_ptr_char temp(name); - return getEntitiesDescriptor(temp.get(),strict); } -const EntityDescriptor* MetadataProvider::getEntityDescriptor(const char* name, bool strict) const +MetadataProvider::Criteria::~Criteria() { - pair range=m_sites.equal_range(name); - - time_t now=time(NULL); - for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) - if (now < i->second->getValidUntilEpoch()) - return i->second; - - if (!strict && range.first!=range.second) - return range.first->second; - - return NULL; } -const EntityDescriptor* MetadataProvider::getEntityDescriptor(const XMLCh* name, bool strict) const +void MetadataProvider::Criteria::reset() { - auto_ptr_char temp(name); - return getEntityDescriptor(temp.get(),strict); + entityID_unicode=nullptr; + entityID_ascii=nullptr; + artifact=nullptr; + role=nullptr; + protocol=nullptr; + protocol2=nullptr; + validOnly=true; } -const EntityDescriptor* MetadataProvider::getEntityDescriptor(const SAMLArtifact* artifact) const +MetadataFilter::MetadataFilter() { - pair range=m_sources.equal_range(artifact->getSource()); - - time_t now=time(NULL); - for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) - if (now < i->second->getValidUntilEpoch()) - return i->second; +} - return NULL; +MetadataFilter::~MetadataFilter() +{ }