2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * ChainingMetadataProvider.cpp
20 * MetadataProvider that uses multiple providers in sequence.
24 #include "exceptions.h"
25 #include "saml/binding/SAMLArtifact.h"
26 #include "saml2/metadata/ChainingMetadataProvider.h"
28 #include <xercesc/util/XMLUniDefs.hpp>
29 #include <xmltooling/logging.h>
30 #include <xmltooling/util/XMLHelper.h>
33 using namespace opensaml::saml2md;
34 using namespace opensaml;
35 using namespace xmlsignature;
36 using namespace xmltooling::logging;
37 using namespace xmltooling;
42 MetadataProvider* SAML_DLLLOCAL ChainingMetadataProviderFactory(const DOMElement* const & e)
44 return new ChainingMetadataProvider(e);
49 static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);
50 static const XMLCh precedence[] = UNICODE_LITERAL_10(p,r,e,c,e,d,e,n,c,e);
51 static const XMLCh last[] = UNICODE_LITERAL_4(l,a,s,t);
52 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
54 ChainingMetadataProvider::ChainingMetadataProvider(const DOMElement* e)
55 : ObservableMetadataProvider(e), m_firstMatch(true), m_tlsKey(NULL), m_log(Category::getInstance(SAML_LOGCAT".Metadata.Chaining"))
57 if (XMLString::equals(e ? e->getAttributeNS(NULL, precedence) : NULL, last))
60 e = e ? XMLHelper::getFirstChildElement(e, _MetadataProvider) : NULL;
62 auto_ptr_char temp(e->getAttributeNS(NULL,type));
63 if (temp.get() && *temp.get()) {
65 m_log.info("building MetadataProvider of type %s", temp.get());
66 auto_ptr<MetadataProvider> provider(
67 SAMLConfig::getConfig().MetadataProviderManager.newPlugin(temp.get(), e)
69 ObservableMetadataProvider* obs = dynamic_cast<ObservableMetadataProvider*>(provider.get());
71 obs->addObserver(this);
72 m_providers.push_back(provider.get());
75 catch (exception& ex) {
76 m_log.error("error building MetadataProvider: %s", ex.what());
79 e = XMLHelper::getNextSiblingElement(e, _MetadataProvider);
81 m_tlsKey = ThreadKey::create(NULL);
84 ChainingMetadataProvider::~ChainingMetadataProvider()
87 for_each(m_providers.begin(), m_providers.end(), xmltooling::cleanup<MetadataProvider>());
90 void ChainingMetadataProvider::onEvent(const ObservableMetadataProvider& provider) const
95 void ChainingMetadataProvider::init()
97 for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
101 catch (exception& ex) {
102 m_log.error("failure initializing MetadataProvider: %s", ex.what());
107 Lockable* ChainingMetadataProvider::lock()
109 m_log.debug("locked metadata chain (no-op)");
110 return this; // we're not lockable ourselves...
113 void ChainingMetadataProvider::unlock()
115 // Check for a locked provider.
116 void* ptr=m_tlsKey->getData();
118 m_tlsKey->setData(NULL);
119 reinterpret_cast<MetadataProvider*>(ptr)->unlock();
120 m_log.debug("unlocked embedded metadata provider (%p)", ptr);
123 m_log.debug("unlocked metadata chain (no-op)");
127 const XMLObject* ChainingMetadataProvider::getMetadata() const
129 throw MetadataException("getMetadata operation not implemented on this provider.");
132 const EntitiesDescriptor* ChainingMetadataProvider::getEntitiesDescriptor(const char* name, bool requireValidMetadata) const
134 // Clear any existing lock.
135 const_cast<ChainingMetadataProvider*>(this)->unlock();
138 MetadataProvider* held = NULL;
139 const EntitiesDescriptor* ret=NULL;
140 const EntitiesDescriptor* cur=NULL;
141 for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
143 if (cur=(*i)->getEntitiesDescriptor(name,requireValidMetadata)) {
144 // Are we using a first match policy?
146 // Save locked provider.
147 m_tlsKey->setData(*i);
151 // Using last match wins. Did we already have one?
153 m_log.warn("found duplicate EntitiesDescriptor (%s), using last matching copy", name);
157 // Save off the latest match.
162 // No match, so just unlock this one and move on.
167 // Preserve any lock we're holding.
169 m_tlsKey->setData(held);
173 pair<const EntityDescriptor*,const RoleDescriptor*> ChainingMetadataProvider::getEntityDescriptor(const Criteria& criteria) const
175 bool bRole = (criteria.role && criteria.protocol); // searching for role also?
177 // Clear any existing lock.
178 const_cast<ChainingMetadataProvider*>(this)->unlock();
181 MetadataProvider* held = NULL;
182 pair<const EntityDescriptor*,const RoleDescriptor*> ret = pair<const EntityDescriptor*,const RoleDescriptor*>(NULL,NULL);
183 pair<const EntityDescriptor*,const RoleDescriptor*> cur = ret;
184 for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
185 m_log.debug("locking embedded metadata provider (%p)", *i);
187 m_log.debug("locked embedded metadata provider (%p)", *i);
188 cur = (*i)->getEntityDescriptor(criteria);
191 // We want a role also. Did we find one?
193 // Are we using a first match policy?
195 // Save locked provider.
196 m_tlsKey->setData(*i);
197 m_log.debug("leaving embedded metadata provider locked (%p)", *i);
201 // Using last match wins. Did we already have one?
204 // We had a "complete" match, so log it.
205 if (criteria.entityID_ascii) {
206 m_log.warn("found duplicate EntityDescriptor (%s) with role (%s), using last matching copy",
207 criteria.entityID_ascii, criteria.role->toString().c_str());
209 else if (criteria.entityID_unicode) {
210 auto_ptr_char temp(criteria.entityID_unicode);
211 m_log.warn("found duplicate EntityDescriptor (%s) with role (%s), using last matching copy",
212 temp.get(), criteria.role->toString().c_str());
214 else if (criteria.artifact) {
215 m_log.warn("found duplicate EntityDescriptor for artifact source (%s) with role (%s), using last matching copy",
216 criteria.artifact->getSource().c_str(), criteria.role->toString().c_str());
222 // Save off the latest match.
227 // We didn't find the role, so we're going to keep looking,
228 // but save this one if we didn't have the role yet.
230 // We already had a role, so let's stick with that.
234 // This is at least as good, so toss anything we had and keep it.
243 // Are we using a first match policy?
245 // Save locked provider.
246 m_tlsKey->setData(*i);
250 // Using last match wins. Did we already have one?
252 if (criteria.entityID_ascii) {
253 m_log.warn("found duplicate EntityDescriptor (%s), using last matching copy", criteria.entityID_ascii);
255 else if (criteria.entityID_unicode) {
256 auto_ptr_char temp(criteria.entityID_unicode);
257 m_log.warn("found duplicate EntityDescriptor (%s), using last matching copy", temp.get());
259 else if (criteria.artifact) {
260 m_log.warn("found duplicate EntityDescriptor for artifact source (%s), using last matching copy",
261 criteria.artifact->getSource().c_str());
266 // Save off the latest match.
272 // No match, so just unlock this one and move on.
273 m_log.debug("unlocking embedded metadata provider (%p)", *i);
275 m_log.debug("unlocked embedded metadata provider (%p)", *i);
279 // Preserve any lock we're holding.
281 m_tlsKey->setData(held);
285 const Credential* ChainingMetadataProvider::resolve(const CredentialCriteria* criteria) const
287 // Check for a locked provider.
288 void* ptr=m_tlsKey->getData();
290 throw MetadataException("No locked MetadataProvider, where did the role object come from?");
292 return reinterpret_cast<MetadataProvider*>(ptr)->resolve(criteria);
295 vector<const Credential*>::size_type ChainingMetadataProvider::resolve(
296 vector<const Credential*>& results, const CredentialCriteria* criteria
299 // Check for a locked provider.
300 void* ptr=m_tlsKey->getData();
302 throw MetadataException("No locked MetadataProvider, where did the role object come from?");
304 return reinterpret_cast<MetadataProvider*>(ptr)->resolve(results, criteria);