projects / shibboleth / cpp-opensaml.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
SSPCPP-616 - clean up concatenated string literals
[shibboleth/cpp-opensaml.git] / saml / saml2 / metadata / impl / EntityAttributesEntityMatcher.cpp
1 /**
2  * Licensed to the University Corporation for Advanced Internet
3  * Development, Inc. (UCAID) under one or more contributor license
4  * agreements. See the NOTICE file distributed with this work for
5  * additional information regarding copyright ownership.
6  *
7  * UCAID licenses this file to you under the Apache License,
8  * Version 2.0 (the "License"); you may not use this file except
9  * in compliance with the License. You may obtain a copy of the
10  * License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17  * either express or implied. See the License for the specific
18  * language governing permissions and limitations under the License.
19  */
20
21 /**
22  * EntityAttributesEntityMatcher.cpp
23  *
24  * EntityMatcher that applies a set of input attributes.
25  */
26
27 #include "internal.h"
28 #include "saml2/metadata/EntityMatcher.h"
29 #include "saml2/metadata/Metadata.h"
30
31 #include <boost/scoped_ptr.hpp>
32 #include <boost/shared_ptr.hpp>
33 #include <boost/iterator/indirect_iterator.hpp>
34 #include <boost/lambda/bind.hpp>
35 #include <boost/lambda/casts.hpp>
36 #include <boost/lambda/lambda.hpp>
37 #include <xercesc/util/XMLUniDefs.hpp>
38 #include <xercesc/util/regx/RegularExpression.hpp>
39 #include <xmltooling/logging.h>
40 #include <xmltooling/util/XMLHelper.h>
41
42 using namespace opensaml::saml2md;
43 using namespace opensaml::saml2;
44 using namespace opensaml;
45 using namespace xmltooling::logging;
46 using namespace xmltooling;
47 using namespace boost::lambda;
48 using namespace boost;
49 using namespace std;
50
51 namespace opensaml {
52     namespace saml2md {
53         class SAML_DLLLOCAL EntityAttributesEntityMatcher : public EntityMatcher
54         {
55         public:
56             EntityAttributesEntityMatcher(const DOMElement* e);
57             ~EntityAttributesEntityMatcher() {}
58
59             bool matches(const EntityDescriptor& entity) const;
60
61         private:
62             bool _matches(const EntityAttributes*, const Attribute*) const;
63
64             bool m_trimTags;
65             vector< boost::shared_ptr<Attribute> > m_tags;
66             Category& m_log;
67         };
68
69         EntityMatcher* SAML_DLLLOCAL EntityAttributesEntityMatcherFactory(const DOMElement* const & e)
70         {
71             return new EntityAttributesEntityMatcher(e);
72         }
73
74         static const XMLCh attributeName[] =        UNICODE_LITERAL_13(a,t,t,r,i,b,u,t,e,N,a,m,e);
75         static const XMLCh attributeNameFormat[] =  UNICODE_LITERAL_19(a,t,t,r,i,b,u,t,e,N,a,m,e,F,o,r,m,a,t);
76         static const XMLCh attributeValue[] =       UNICODE_LITERAL_14(a,t,t,r,i,b,u,t,e,V,a,l,u,e);
77         static const XMLCh attributeValueRegex[] =  UNICODE_LITERAL_19(a,t,t,r,i,b,u,t,e,V,a,l,u,e,R,e,g,e,x);
78         static const XMLCh regex[] =                UNICODE_LITERAL_5(r,e,g,e,x);
79         static const XMLCh trimTags[] =             UNICODE_LITERAL_8(t,r,i,m,T,a,g,s);
80     };
81 };
82
83
84 EntityAttributesEntityMatcher::EntityAttributesEntityMatcher(const DOMElement* e)
85     : m_trimTags(XMLHelper::getAttrBool(e, false, trimTags)),
86         m_log(Category::getInstance(SAML_LOGCAT ".EntityMatcher.EntityAttributes"))
87 {
88     // Check for shorthand syntax.
89     if (e && e->hasAttributeNS(nullptr, attributeName) && (e->hasAttributeNS(nullptr, attributeValue) || e->hasAttributeNS(nullptr, attributeValueRegex))) {
90         boost::shared_ptr<Attribute> np(AttributeBuilder::buildAttribute());
91         np->setName(e->getAttributeNS(nullptr, attributeName));
92         np->setNameFormat(e->getAttributeNS(nullptr, attributeNameFormat));
93         auto_ptr<AttributeValue> nval(AttributeValueBuilder::buildAttributeValue());
94         if (e->hasAttributeNS(nullptr, attributeValue)) {
95             nval->setTextContent(e->getAttributeNS(nullptr, attributeValue));
96         }
97         else {
98             nval->setTextContent(e->getAttributeNS(nullptr, attributeValueRegex));
99             // Use as a signal later that the value is a regex.
100             nval->setAttribute(xmltooling::QName(nullptr, regex), xmlconstants::XML_ONE);
101         }
102         np->getAttributeValues().push_back(nval.get());
103         nval.release();
104         m_tags.push_back(np);
105     }
106
107     DOMElement* child = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_NS, Attribute::LOCAL_NAME);
108     while (child) {
109         boost::shared_ptr<XMLObject> obj(AttributeBuilder::buildOneFromElement(child));
110         m_tags.push_back(boost::dynamic_pointer_cast<Attribute>(obj));
111         child = XMLHelper::getNextSiblingElement(child, samlconstants::SAML20_NS, Attribute::LOCAL_NAME);
112     }
113
114     if (m_tags.empty())
115         throw XMLToolingException("EntityAttributes EntityMatcher requires at least one saml2:Attribute to match.");
116 }
117
118 bool EntityAttributesEntityMatcher::matches(const EntityDescriptor& entity) const
119 {
120     bool extFound = false;
121
122     // Check for a tag match in the EntityAttributes extension of the entity and its parent(s).
123     const Extensions* exts = entity.getExtensions();
124     if (exts) {
125         const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
126         const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
127         if (xo) {
128             extFound = true;
129             // If we find a matching tag, we win. Each tag is treated in OR fashion.
130             if (find_if(m_tags.begin(), m_tags.end(),
131                 lambda::bind(&EntityAttributesEntityMatcher::_matches, this, dynamic_cast<const EntityAttributes*>(xo),
132                     lambda::bind(&boost::shared_ptr<Attribute>::get, _1))) != m_tags.end()) {
133                 return true;
134             }
135         }
136     }
137
138     const EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(entity.getParent());
139     while (group) {
140         exts = group->getExtensions();
141         if (exts) {
142             const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
143             const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
144             if (xo) {
145                 extFound = true;
146                 // If we find a matching tag, we win. Each tag is treated in OR fashion.
147                 if (find_if(m_tags.begin(), m_tags.end(),
148                     lambda::bind(&EntityAttributesEntityMatcher::_matches, this, dynamic_cast<const EntityAttributes*>(xo),
149                         lambda::bind(&boost::shared_ptr<Attribute>::get, _1))) != m_tags.end()) {
150                     return true;
151                 }
152             }
153         }
154         group = dynamic_cast<EntitiesDescriptor*>(group->getParent());
155     }
156
157     if (!extFound && m_log.isDebugEnabled()) {
158         auto_ptr_char id (entity.getEntityID());
159         m_log.debug("no EntityAttributes extension found for (%s)", id.get());
160     }
161
162     return false;
163 }
164
165 bool EntityAttributesEntityMatcher::_matches(const EntityAttributes* ea, const Attribute* tag) const
166 {
167     const vector<Attribute*>& attrs = ea->getAttributes();
168     const vector<XMLObject*>& tagvals = tag->getAttributeValues();
169     if (!attrs.empty() && !tagvals.empty()) {
170         // Track whether we've found every tag value.
171         vector<bool> flags(tagvals.size());
172
173         // Holds the active regex, if any.
174         scoped_ptr<RegularExpression> re;
175         xmltooling::QName regexQName(nullptr, regex);
176
177         // Check each attribute/tag in the candidate.
178         for (indirect_iterator<vector<Attribute*>::const_iterator> a = make_indirect_iterator(attrs.begin());
179                 a != make_indirect_iterator(attrs.end()); ++a) {
180             // Compare Name and NameFormat for a matching tag.
181             if (XMLString::equals(a->getName(), tag->getName()) &&
182                 (!tag->getNameFormat() || XMLString::equals(tag->getNameFormat(), Attribute::UNSPECIFIED) ||
183                     XMLString::equals(tag->getNameFormat(), a->getNameFormat()))) {
184
185                 // Check each tag value's simple content for a match.
186                 for (vector<XMLObject*>::size_type tagindex = 0; tagindex < tagvals.size(); ++tagindex) {
187                     const XMLObject* tagval = tagvals[tagindex];
188                     const XMLCh* tagvalstr = (tagval->getDOM()) ? tagval->getDOM()->getTextContent() : tagval->getTextContent();
189                     re.reset();
190
191                     // Check for a regex flag.
192                     if (dynamic_cast<const AttributeExtensibleXMLObject*>(tagval)) {
193                         const XMLCh* reflag = dynamic_cast<const AttributeExtensibleXMLObject*>(tagval)->getAttribute(regexQName);
194                         if (reflag && (*reflag == chDigit_1 || *reflag == chLatin_t)) {
195                             try {
196                                 re.reset(new RegularExpression(tagvalstr));
197                             }
198                             catch (XMLException& ex) {
199                                 auto_ptr_char msg(ex.getMessage());
200                                 m_log.error(msg.get());
201                             }
202                         }
203                     }
204                     
205                     const vector<XMLObject*>& cvals = const_cast<const Attribute&>(*a).getAttributeValues();
206                     for (indirect_iterator<vector<XMLObject*>::const_iterator> cval = make_indirect_iterator(cvals.begin());
207                             cval != make_indirect_iterator(cvals.end()); ++cval) {
208                         const XMLCh* cvalstr = cval->getDOM() ? cval->getDOM()->getTextContent() : cval->getTextContent();
209                         if (tagvalstr && cvalstr) {
210                             if (re) {
211                                 try {
212                                     if (re->matches(cvalstr)) {
213                                         flags[tagindex] = true;
214                                         break;
215                                     }
216                                 }
217                                 catch (XMLException& ex) {
218                                     auto_ptr_char msg(ex.getMessage());
219                                     m_log.error(msg.get());
220                                 }
221                             }
222                             else if (XMLString::equals(tagvalstr, cvalstr)) {
223                                 flags[tagindex] = true;
224                                 break;
225                             }
226                             else if (m_trimTags) {
227                                 XMLCh* dup = XMLString::replicate(cvalstr);
228                                 XMLString::trim(dup);
229                                 if (XMLString::equals(tagvalstr, dup)) {
230                                     XMLString::release(&dup);
231                                     flags[tagindex] = true;
232                                     break;
233                                 }
234                                 XMLString::release(&dup);
235                             }
236                         }
237                     }
238                 }
239             }
240         }
241
242         if (find(flags.begin(), flags.end(), false) == flags.end())
243             return true;
244     }
245     return false;
246 }
Unnamed repository; edit this file 'description' to name the repository.