From cfc4254ba5dd4fc8307baf3b562fe9011282551d Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Thu, 8 Nov 2007 02:55:19 +0000 Subject: [PATCH] Convert role lookups to find_if algorithm. --- adfs/adfs.cpp | 4 ++-- shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp | 6 ++++-- shibsp/handler/impl/AssertionConsumerService.cpp | 3 ++- shibsp/handler/impl/SAML2Logout.cpp | 2 +- shibsp/handler/impl/SAML2LogoutInitiator.cpp | 2 +- shibsp/handler/impl/SAML2SessionInitiator.cpp | 2 +- shibsp/handler/impl/Shib1SessionInitiator.cpp | 2 +- util/resolvertest.cpp | 8 ++++++-- 8 files changed, 18 insertions(+), 11 deletions(-) diff --git a/adfs/adfs.cpp b/adfs/adfs.cpp index 38359f8..9b4d452 100644 --- a/adfs/adfs.cpp +++ b/adfs/adfs.cpp @@ -443,7 +443,7 @@ pair ADFSSessionInitiator::doRequest( throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID)); } - const IDPSSODescriptor* role=entity->getIDPSSODescriptor(m_binding.get()); + const IDPSSODescriptor* role=find_if(entity->getIDPSSODescriptors(), isValidForProtocol(m_binding.get())); if (!role) { m_log.error("unable to locate ADFS-aware identity provider role for provider (%s)", entityID); return make_pair(false,0); @@ -735,7 +735,7 @@ pair ADFSLogoutInitiator::doRequest( namedparams(1, "entityID", entityID) ); } - const IDPSSODescriptor* role = entity->getIDPSSODescriptor(m_binding.get()); + const IDPSSODescriptor* role = find_if(entity->getIDPSSODescriptors(), isValidForProtocol(m_binding.get())); if (!role) { throw MetadataException( "Unable to locate ADFS IdP role for identity provider ($entityID).", diff --git a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp index 2cf113e..bf8df1b 100644 --- a/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp +++ b/shibsp/attribute/resolver/impl/QueryAttributeResolver.cpp @@ -261,7 +261,8 @@ bool QueryResolver::SAML1Query(QueryContext& ctx) const #endif int version = XMLString::equals(ctx.getProtocol(), samlconstants::SAML11_PROTOCOL_ENUM) ? 1 : 0; - const AttributeAuthorityDescriptor* AA = ctx.getEntityDescriptor()->getAttributeAuthorityDescriptor(ctx.getProtocol()); + const AttributeAuthorityDescriptor* AA = + find_if(ctx.getEntityDescriptor()->getAttributeAuthorityDescriptors(), isValidForProtocol(ctx.getProtocol())); if (!AA) { m_log.warn("no SAML 1.%d AttributeAuthority role found in metadata", version); return false; @@ -393,7 +394,8 @@ bool QueryResolver::SAML2Query(QueryContext& ctx) const xmltooling::NDC ndc("query"); #endif - const AttributeAuthorityDescriptor* AA = ctx.getEntityDescriptor()->getAttributeAuthorityDescriptor(samlconstants::SAML20P_NS); + const AttributeAuthorityDescriptor* AA = + find_if(ctx.getEntityDescriptor()->getAttributeAuthorityDescriptors(), isValidForProtocol(samlconstants::SAML20P_NS)); if (!AA) { m_log.warn("no SAML 2 AttributeAuthority role found in metadata"); return false; diff --git a/shibsp/handler/impl/AssertionConsumerService.cpp b/shibsp/handler/impl/AssertionConsumerService.cpp index 18ef907..169636d 100644 --- a/shibsp/handler/impl/AssertionConsumerService.cpp +++ b/shibsp/handler/impl/AssertionConsumerService.cpp @@ -43,6 +43,7 @@ using namespace samlconstants; using opensaml::saml2md::EntityDescriptor; using opensaml::saml2md::IDPSSODescriptor; using opensaml::saml2md::SPSSODescriptor; +using opensaml::saml2md::isValidForProtocol; #else # include "lite/CommonDomainCookie.h" #endif @@ -427,7 +428,7 @@ void AssertionConsumerService::extractMessageDetails(const Assertion& assertion, const EntityDescriptor* entity = policy.getMetadataProvider()->getEntityDescriptor(policy.getIssuer()->getName()); if (entity) { m_log.debug("matched assertion issuer against metadata, searching for applicable role..."); - const IDPSSODescriptor* idp=entity->getIDPSSODescriptor(protocol); + const IDPSSODescriptor* idp=find_if(entity->getIDPSSODescriptors(), isValidForProtocol(protocol)); if (idp) policy.setIssuerMetadata(idp); else if (m_log.isWarnEnabled()) diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp index 81ba862..9f4108a 100644 --- a/shibsp/handler/impl/SAML2Logout.cpp +++ b/shibsp/handler/impl/SAML2Logout.cpp @@ -300,7 +300,7 @@ pair SAML2Logout::doRequest( "Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", request.getParameter("entityID")) ); } - const IDPSSODescriptor* idp = entity->getIDPSSODescriptor(samlconstants::SAML20P_NS); + const IDPSSODescriptor* idp = find_if(entity->getIDPSSODescriptors(), isValidForProtocol(samlconstants::SAML20P_NS)); if (!idp) { throw MetadataException( "Unable to locate SAML 2.0 IdP role for identity provider ($entityID).", diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp index 9a13bea..eddd725 100644 --- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp +++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp @@ -295,7 +295,7 @@ pair SAML2LogoutInitiator::doRequest( namedparams(1, "entityID", session->getEntityID()) ); } - const IDPSSODescriptor* role = entity->getIDPSSODescriptor(samlconstants::SAML20P_NS); + const IDPSSODescriptor* role = find_if(entity->getIDPSSODescriptors(), isValidForProtocol(samlconstants::SAML20P_NS)); if (!role) { throw MetadataException( "Unable to locate SAML 2.0 IdP role for identity provider ($entityID).", diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp index 1acb4de..1e1e0e2 100644 --- a/shibsp/handler/impl/SAML2SessionInitiator.cpp +++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp @@ -409,7 +409,7 @@ pair SAML2SessionInitiator::doRequest( throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID)); } - const IDPSSODescriptor* role=entity->getIDPSSODescriptor(samlconstants::SAML20P_NS); + const IDPSSODescriptor* role=find_if(entity->getIDPSSODescriptors(), isValidForProtocol(samlconstants::SAML20P_NS)); if (!role) { m_log.error("unable to locate SAML 2.0 identity provider role for provider (%s)", entityID); return make_pair(false,0); diff --git a/shibsp/handler/impl/Shib1SessionInitiator.cpp b/shibsp/handler/impl/Shib1SessionInitiator.cpp index 6e122fb..a7155b8 100644 --- a/shibsp/handler/impl/Shib1SessionInitiator.cpp +++ b/shibsp/handler/impl/Shib1SessionInitiator.cpp @@ -230,7 +230,7 @@ pair Shib1SessionInitiator::doRequest( throw MetadataException("Unable to locate metadata for identity provider ($entityID)", namedparams(1, "entityID", entityID)); } - const IDPSSODescriptor* role=entity->getIDPSSODescriptor(shibspconstants::SHIB1_PROTOCOL_ENUM); + const IDPSSODescriptor* role=find_if(entity->getIDPSSODescriptors(), isValidForProtocol(shibspconstants::SHIB1_PROTOCOL_ENUM)); if (!role) { m_log.error("unable to locate Shibboleth-aware identity provider role for provider (%s)", entityID); return make_pair(false,0); diff --git a/util/resolvertest.cpp b/util/resolvertest.cpp index 4628d42..7430372 100644 --- a/util/resolvertest.cpp +++ b/util/resolvertest.cpp @@ -233,7 +233,9 @@ int main(int argc,char* argv[]) ResolverTest rt(NULL, a_param); try { - ctx = rt.resolveAttributes(*app, site->getIDPSSODescriptor(protocol), protocol, v1name, v2name.get(), NULL, NULL, NULL); + ctx = rt.resolveAttributes( + *app, find_if(site->getIDPSSODescriptors(), isValidForProtocol(protocol)), protocol, v1name, v2name.get(), NULL, NULL, NULL + ); } catch (...) { delete v1name; @@ -294,7 +296,9 @@ int main(int argc,char* argv[]) vector tokens(1, dynamic_cast(token.get())); ResolverTest rt(NULL, a_param); try { - ctx = rt.resolveAttributes(*app, site->getIDPSSODescriptor(protocol), protocol, v1name, v2name, NULL, NULL, &tokens); + ctx = rt.resolveAttributes( + *app, find_if(site->getIDPSSODescriptors(), isValidForProtocol(protocol)), protocol, v1name, v2name, NULL, NULL, &tokens + ); } catch (...) { if (v1name) -- 2.1.4