2 * Copyright 2001-2007 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * ChainingMetadataProvider.cpp
20 * MetadataProvider that uses multiple providers in sequence.
24 #include "exceptions.h"
25 #include "saml/binding/SAMLArtifact.h"
26 #include "saml2/metadata/ChainingMetadataProvider.h"
29 #include <xercesc/util/XMLUniDefs.hpp>
30 #include <xmltooling/logging.h>
31 #include <xmltooling/util/XMLHelper.h>
34 using namespace opensaml::saml2md;
35 using namespace opensaml;
36 using namespace xmlsignature;
37 using namespace xmltooling::logging;
38 using namespace xmltooling;
43 MetadataProvider* SAML_DLLLOCAL ChainingMetadataProviderFactory(const DOMElement* const & e)
45 return new ChainingMetadataProvider(e);
50 static const XMLCh _MetadataProvider[] = UNICODE_LITERAL_16(M,e,t,a,d,a,t,a,P,r,o,v,i,d,e,r);
51 static const XMLCh precedence[] = UNICODE_LITERAL_10(p,r,e,c,e,d,e,n,c,e);
52 static const XMLCh last[] = UNICODE_LITERAL_4(l,a,s,t);
53 static const XMLCh type[] = UNICODE_LITERAL_4(t,y,p,e);
55 ChainingMetadataProvider::ChainingMetadataProvider(const DOMElement* e)
56 : ObservableMetadataProvider(e), m_firstMatch(true), m_tlsKey(NULL), m_log(Category::getInstance(SAML_LOGCAT".Metadata.Chaining"))
58 if (XMLString::equals(e ? e->getAttributeNS(NULL, precedence) : NULL, last))
61 e = e ? XMLHelper::getFirstChildElement(e, _MetadataProvider) : NULL;
63 auto_ptr_char temp(e->getAttributeNS(NULL,type));
64 if (temp.get() && *temp.get()) {
66 m_log.info("building MetadataProvider of type %s", temp.get());
67 auto_ptr<MetadataProvider> provider(
68 SAMLConfig::getConfig().MetadataProviderManager.newPlugin(temp.get(), e)
70 ObservableMetadataProvider* obs = dynamic_cast<ObservableMetadataProvider*>(provider.get());
72 obs->addObserver(this);
73 m_providers.push_back(provider.get());
76 catch (exception& ex) {
77 m_log.error("error building MetadataProvider: %s", ex.what());
80 e = XMLHelper::getNextSiblingElement(e, _MetadataProvider);
82 m_tlsKey = ThreadKey::create(NULL);
85 ChainingMetadataProvider::~ChainingMetadataProvider()
88 for_each(m_providers.begin(), m_providers.end(), xmltooling::cleanup<MetadataProvider>());
91 void ChainingMetadataProvider::onEvent(const ObservableMetadataProvider& provider) const
96 void ChainingMetadataProvider::init()
98 for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
102 catch (exception& ex) {
103 m_log.error("failure initializing MetadataProvider: %s", ex.what());
108 Lockable* ChainingMetadataProvider::lock()
110 return this; // we're not lockable ourselves...
113 void ChainingMetadataProvider::unlock()
115 // Check for a locked provider.
116 void* ptr=m_tlsKey->getData();
118 m_tlsKey->setData(NULL);
119 reinterpret_cast<MetadataProvider*>(ptr)->unlock();
123 const XMLObject* ChainingMetadataProvider::getMetadata() const
125 throw MetadataException("getMetadata operation not implemented on this provider.");
128 const EntitiesDescriptor* ChainingMetadataProvider::getEntitiesDescriptor(const char* name, bool requireValidMetadata) const
130 // Clear any existing lock.
131 const_cast<ChainingMetadataProvider*>(this)->unlock();
134 MetadataProvider* held = NULL;
135 const EntitiesDescriptor* ret=NULL;
136 const EntitiesDescriptor* cur=NULL;
137 for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
139 if (cur=(*i)->getEntitiesDescriptor(name,requireValidMetadata)) {
140 // Are we using a first match policy?
142 // Save locked provider.
143 m_tlsKey->setData(*i);
147 // Using last match wins. Did we already have one?
149 m_log.warn("found duplicate EntitiesDescriptor (%s), using last matching copy", name);
153 // Save off the latest match.
158 // No match, so just unlock this one and move on.
163 // Preserve any lock we're holding.
165 m_tlsKey->setData(held);
169 pair<const EntityDescriptor*,const RoleDescriptor*> ChainingMetadataProvider::getEntityDescriptor(const Criteria& criteria) const
171 // Clear any existing lock.
172 const_cast<ChainingMetadataProvider*>(this)->unlock();
175 MetadataProvider* held = NULL;
176 pair<const EntityDescriptor*,const RoleDescriptor*> ret = pair<const EntityDescriptor*,const RoleDescriptor*>(NULL,NULL);
177 pair<const EntityDescriptor*,const RoleDescriptor*> cur = ret;
178 for (vector<MetadataProvider*>::const_iterator i=m_providers.begin(); i!=m_providers.end(); ++i) {
180 cur = (*i)->getEntityDescriptor(criteria);
183 // We want a role also. Did we find one?
185 // Are we using a first match policy?
187 // We could have an entity-only match from earlier, so unlock it.
190 // Save locked provider.
191 m_tlsKey->setData(*i);
195 // Using last match wins. Did we already have one?
198 // We had a "complete" match, so log it.
199 if (criteria.entityID_ascii) {
200 m_log.warn("found duplicate EntityDescriptor (%s) with role (%s), using last matching copy",
201 criteria.entityID_ascii, criteria.role->toString().c_str());
203 else if (criteria.entityID_unicode) {
204 auto_ptr_char temp(criteria.entityID_unicode);
205 m_log.warn("found duplicate EntityDescriptor (%s) with role (%s), using last matching copy",
206 temp.get(), criteria.role->toString().c_str());
208 else if (criteria.artifact) {
209 m_log.warn("found duplicate EntityDescriptor for artifact source (%s) with role (%s), using last matching copy",
210 criteria.artifact->getSource().c_str(), criteria.role->toString().c_str());
216 // Save off the latest match.
221 // We didn't find the role, so we're going to keep looking,
222 // but save this one if we didn't have the role yet.
224 // We already had a role, so let's stick with that.
228 // This is at least as good, so toss anything we had and keep it.
237 // Are we using a first match policy?
239 // I don't think this can happen, but who cares, check anyway.
243 // Save locked provider.
244 m_tlsKey->setData(*i);
248 // Using last match wins. Did we already have one?
250 if (criteria.entityID_ascii) {
251 m_log.warn("found duplicate EntityDescriptor (%s), using last matching copy", criteria.entityID_ascii);
253 else if (criteria.entityID_unicode) {
254 auto_ptr_char temp(criteria.entityID_unicode);
255 m_log.warn("found duplicate EntityDescriptor (%s), using last matching copy", temp.get());
257 else if (criteria.artifact) {
258 m_log.warn("found duplicate EntityDescriptor for artifact source (%s), using last matching copy",
259 criteria.artifact->getSource().c_str());
264 // Save off the latest match.
270 // No match, so just unlock this one and move on.
275 // Preserve any lock we're holding.
277 m_tlsKey->setData(held);
281 const Credential* ChainingMetadataProvider::resolve(const CredentialCriteria* criteria) const
283 // Check for a locked provider.
284 void* ptr=m_tlsKey->getData();
286 throw MetadataException("No locked MetadataProvider, where did the role object come from?");
288 return reinterpret_cast<MetadataProvider*>(ptr)->resolve(criteria);
291 vector<const Credential*>::size_type ChainingMetadataProvider::resolve(
292 vector<const Credential*>& results, const CredentialCriteria* criteria
295 // Check for a locked provider.
296 void* ptr=m_tlsKey->getData();
298 throw MetadataException("No locked MetadataProvider, where did the role object come from?");
300 return reinterpret_cast<MetadataProvider*>(ptr)->resolve(results, criteria);