2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * DynamicMetadataProvider.cpp
20 * Simple implementation of a dynamic caching MetadataProvider.
24 #include "binding/SAMLArtifact.h"
25 #include "saml2/metadata/Metadata.h"
26 #include "saml2/metadata/DynamicMetadataProvider.h"
28 #include <xercesc/framework/Wrapper4InputSource.hpp>
29 #include <xercesc/util/XMLUniDefs.hpp>
30 #include <xmltooling/logging.h>
31 #include <xmltooling/XMLToolingConfig.h>
32 #include <xmltooling/util/ParserPool.h>
33 #include <xmltooling/util/Threads.h>
34 #include <xmltooling/util/XMLHelper.h>
35 #include <xmltooling/validation/ValidatorSuite.h>
37 using namespace opensaml::saml2md;
38 using namespace xmltooling::logging;
39 using namespace xmltooling;
43 # define min(a,b) (((a) < (b)) ? (a) : (b))
46 static const XMLCh maxCacheDuration[] = UNICODE_LITERAL_16(m,a,x,C,a,c,h,e,D,u,r,a,t,i,o,n);
47 static const XMLCh minCacheDuration[] = UNICODE_LITERAL_16(m,i,n,C,a,c,h,e,D,u,r,a,t,i,o,n);
48 static const XMLCh refreshDelayFactor[] = UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
49 static const XMLCh validate[] = UNICODE_LITERAL_8(v,a,l,i,d,a,t,e);
53 MetadataProvider* SAML_DLLLOCAL DynamicMetadataProviderFactory(const DOMElement* const & e)
55 return new DynamicMetadataProvider(e);
60 DynamicMetadataProvider::DynamicMetadataProvider(const DOMElement* e)
61 : AbstractMetadataProvider(e), m_maxCacheDuration(28800), m_lock(RWLock::create()), m_refreshDelayFactor(0.75), m_minCacheDuration(600)
63 const XMLCh* flag=e ? e->getAttributeNS(nullptr, validate) : nullptr;
64 m_validate=(XMLString::equals(flag,xmlconstants::XML_TRUE) || XMLString::equals(flag,xmlconstants::XML_ONE));
66 flag = e ? e->getAttributeNS(nullptr, minCacheDuration) : nullptr;
68 m_minCacheDuration = XMLString::parseInt(flag);
69 if (m_minCacheDuration == 0) {
70 Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
71 "invalid minCacheDuration setting, using default"
73 m_minCacheDuration = 600;
77 flag = e ? e->getAttributeNS(nullptr, maxCacheDuration) : nullptr;
79 m_maxCacheDuration = XMLString::parseInt(flag);
80 if (m_maxCacheDuration == 0) {
81 Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
82 "invalid maxCacheDuration setting, using default"
84 m_maxCacheDuration = 28800;
88 if (m_minCacheDuration > m_maxCacheDuration) {
89 Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
90 "minCacheDuration setting exceeds maxCacheDuration setting, lowering to match it"
92 m_minCacheDuration = m_maxCacheDuration;
95 flag = e ? e->getAttributeNS(nullptr, refreshDelayFactor) : NULL;
97 auto_ptr_char delay(flag);
98 m_refreshDelayFactor = atof(delay.get());
99 if (m_refreshDelayFactor <= 0.0 || m_refreshDelayFactor >= 1.0) {
100 Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
101 "invalid refreshDelayFactor setting, using default"
103 m_refreshDelayFactor = 0.75;
108 DynamicMetadataProvider::~DynamicMetadataProvider()
110 // Each entity in the map is unique (no multimap semantics), so this is safe.
111 clearDescriptorIndex(true);
115 const XMLObject* DynamicMetadataProvider::getMetadata() const
117 throw MetadataException("getMetadata operation not implemented on this provider.");
120 Lockable* DynamicMetadataProvider::lock()
126 void DynamicMetadataProvider::unlock()
131 void DynamicMetadataProvider::init()
135 pair<const EntityDescriptor*,const RoleDescriptor*> DynamicMetadataProvider::getEntityDescriptor(const Criteria& criteria) const
137 Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic");
139 // First we check the underlying cache.
140 pair<const EntityDescriptor*,const RoleDescriptor*> entity = AbstractMetadataProvider::getEntityDescriptor(criteria);
142 // Check to see if we're within the caching interval for a lookup of this entity.
143 // This applies *even if we didn't get a hit* because the cache map tracks failed
144 // lookups also, to prevent constant reload attempts.
145 cachemap_t::iterator cit;
147 cit = m_cacheMap.find(entity.first->getEntityID());
149 else if (criteria.entityID_ascii) {
150 auto_ptr_XMLCh widetemp(criteria.entityID_ascii);
151 cit = m_cacheMap.find(widetemp.get());
153 else if (criteria.entityID_unicode) {
154 cit = m_cacheMap.find(criteria.entityID_unicode);
156 else if (criteria.artifact) {
157 auto_ptr_XMLCh widetemp(criteria.artifact->getSource().c_str());
158 cit = m_cacheMap.find(widetemp.get());
161 cit = m_cacheMap.end();
163 if (cit != m_cacheMap.end()) {
164 if (time(nullptr) <= cit->second)
166 m_cacheMap.erase(cit);
170 if (criteria.entityID_ascii) {
171 name = criteria.entityID_ascii;
173 else if (criteria.entityID_unicode) {
174 auto_ptr_char temp(criteria.entityID_unicode);
177 else if (criteria.artifact) {
178 name = criteria.artifact->getSource();
185 log.info("metadata for (%s) is beyond caching interval, attempting to refresh", name.c_str());
187 log.info("resolving metadata for (%s)", name.c_str());
191 auto_ptr<EntityDescriptor> entity2(resolve(criteria));
193 // Verify the entityID.
194 if (criteria.entityID_unicode && !XMLString::equals(criteria.entityID_unicode, entity2->getEntityID())) {
195 log.error("metadata instance did not match expected entityID");
199 auto_ptr_XMLCh temp2(name.c_str());
200 if (!XMLString::equals(temp2.get(), entity2->getEntityID())) {
201 log.error("metadata instance did not match expected entityID");
206 // Preprocess the metadata (even if we schema-validated).
208 SchemaValidators.validate(entity2.get());
210 catch (exception& ex) {
211 log.error("metadata intance failed manual validation checking: %s", ex.what());
212 throw MetadataException("Metadata instance failed manual validation checking.");
215 // Filter it, which may throw.
216 doFilters(*entity2.get());
218 time_t now = time(nullptr);
219 if (entity2->getValidUntil() && entity2->getValidUntilEpoch() < now + 60)
220 throw MetadataException("Metadata was already invalid at the time of retrieval.");
222 log.info("caching resolved metadata for (%s)", name.c_str());
224 // Compute the smaller of the validUntil / cacheDuration constraints.
225 time_t cacheExp = (entity2->getValidUntil() ? entity2->getValidUntilEpoch() : SAMLTIME_MAX) - now;
226 if (entity2->getCacheDuration())
227 cacheExp = min(cacheExp, entity2->getCacheDurationEpoch());
229 // Adjust for the delay factor.
230 cacheExp *= m_refreshDelayFactor;
232 // Bound by max and min.
233 if (cacheExp > m_maxCacheDuration)
234 cacheExp = m_maxCacheDuration;
235 else if (cacheExp < m_minCacheDuration)
236 cacheExp = m_minCacheDuration;
238 log.info("next refresh of metadata for (%s) no sooner than %u seconds", name.c_str(), cacheExp);
240 // Upgrade our lock so we can cache the new metadata.
247 // Record the proper refresh time.
248 m_cacheMap[entity2->getEntityID()] = now + cacheExp;
250 // Make sure we clear out any existing copies, including stale metadata or if somebody snuck in.
251 cacheExp = SAMLTIME_MAX;
252 indexEntity(entity2.release(), cacheExp, true);
254 // Downgrade back to a read lock.
258 catch (exception& e) {
259 log.error("error while resolving entityID (%s): %s", name.c_str(), e.what());
260 // This will return entries that are beyond their cache period,
261 // but not beyond their validity unless that criteria option was set.
262 // If it is a cache-expired entry, bump the cache period to prevent retries.
264 m_cacheMap[entity.first->getEntityID()] = time(nullptr) + m_minCacheDuration;
265 else if (criteria.entityID_unicode)
266 m_cacheMap[criteria.entityID_unicode] = time(nullptr) + m_minCacheDuration;
268 auto_ptr_XMLCh widetemp(name.c_str());
269 m_cacheMap[widetemp.get()] = time(nullptr) + m_minCacheDuration;
271 log.warn("next refresh of metadata for (%s) no sooner than %u seconds", name.c_str(), m_minCacheDuration);
276 return getEntityDescriptor(criteria);
279 EntityDescriptor* DynamicMetadataProvider::resolve(const Criteria& criteria) const
282 if (criteria.entityID_ascii) {
283 name = criteria.entityID_ascii;
285 else if (criteria.entityID_unicode) {
286 auto_ptr_char temp(criteria.entityID_unicode);
289 else if (criteria.artifact) {
290 throw MetadataException("Unable to resolve metadata dynamically from an artifact.");
294 DOMDocument* doc=nullptr;
295 auto_ptr_XMLCh widenit(name.c_str());
296 URLInputSource src(widenit.get());
297 Wrapper4InputSource dsrc(&src,false);
299 doc=XMLToolingConfig::getConfig().getValidatingParser().parse(dsrc);
301 doc=XMLToolingConfig::getConfig().getParser().parse(dsrc);
303 // Wrap the document for now.
304 XercesJanitor<DOMDocument> docjanitor(doc);
306 // Unmarshall objects, binding the document.
307 auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(doc->getDocumentElement(), true));
308 docjanitor.release();
310 // Make sure it's metadata.
311 EntityDescriptor* entity = dynamic_cast<EntityDescriptor*>(xmlObject.get());
313 throw MetadataException(
314 "Root of metadata instance not recognized: $1", params(1,xmlObject->getElementQName().toString().c_str())
320 catch (XMLException& e) {
321 auto_ptr_char msg(e.getMessage());
322 Category::getInstance(SAML_LOGCAT".MetadataProvider.Dynamic").error(
323 "Xerces error while resolving entityID (%s): %s", name.c_str(), msg.get()
325 throw MetadataException(msg.get());