2 * Licensed to the University Corporation for Advanced Internet
3 * Development, Inc. (UCAID) under one or more contributor license
4 * agreements. See the NOTICE file distributed with this work for
5 * additional information regarding copyright ownership.
7 * UCAID licenses this file to you under the Apache License,
8 * Version 2.0 (the "License"); you may not use this file except
9 * in compliance with the License. You may obtain a copy of the
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
17 * either express or implied. See the License for the specific
18 * language governing permissions and limitations under the License.
22 * EntityAttributesEntityMatcher.cpp
24 * EntityMatcher that applies a set of input attributes.
28 #include "saml2/metadata/EntityMatcher.h"
29 #include "saml2/metadata/Metadata.h"
31 #include <boost/scoped_ptr.hpp>
32 #include <boost/shared_ptr.hpp>
33 #include <boost/iterator/indirect_iterator.hpp>
34 #include <boost/lambda/bind.hpp>
35 #include <boost/lambda/casts.hpp>
36 #include <boost/lambda/lambda.hpp>
37 #include <xercesc/util/XMLUniDefs.hpp>
38 #include <xercesc/util/regx/RegularExpression.hpp>
39 #include <xmltooling/logging.h>
40 #include <xmltooling/util/XMLHelper.h>
42 using namespace opensaml::saml2md;
43 using namespace opensaml::saml2;
44 using namespace opensaml;
45 using namespace xmltooling::logging;
46 using namespace xmltooling;
47 using namespace boost::lambda;
48 using namespace boost;
53 class SAML_DLLLOCAL EntityAttributesEntityMatcher : public EntityMatcher
56 EntityAttributesEntityMatcher(const DOMElement* e);
57 ~EntityAttributesEntityMatcher() {}
59 bool matches(const EntityDescriptor& entity) const;
62 bool _matches(const EntityAttributes*, const Attribute*) const;
65 vector< boost::shared_ptr<Attribute> > m_tags;
68 EntityMatcher* SAML_DLLLOCAL EntityAttributesEntityMatcherFactory(const DOMElement* const & e)
70 return new EntityAttributesEntityMatcher(e);
73 static const XMLCh attributeName[] = UNICODE_LITERAL_13(a,t,t,r,i,b,u,t,e,N,a,m,e);
74 static const XMLCh attributeNameFormat[] = UNICODE_LITERAL_19(a,t,t,r,i,b,u,t,e,N,a,m,e,F,o,r,m,a,t);
75 static const XMLCh attributeValue[] = UNICODE_LITERAL_14(a,t,t,r,i,b,u,t,e,V,a,l,u,e);
76 static const XMLCh attributeValueRegex[] = UNICODE_LITERAL_19(a,t,t,r,i,b,u,t,e,V,a,l,u,e,R,e,g,e,x);
77 static const XMLCh regex[] = UNICODE_LITERAL_5(r,e,g,e,x);
78 static const XMLCh trimTags[] = UNICODE_LITERAL_8(t,r,i,m,T,a,g,s);
83 EntityAttributesEntityMatcher::EntityAttributesEntityMatcher(const DOMElement* e)
84 : m_trimTags(XMLHelper::getAttrBool(e, false, trimTags))
86 // Check for shorthand syntax.
87 if (e && e->hasAttributeNS(nullptr, attributeName) && (e->hasAttributeNS(nullptr, attributeValue) || e->hasAttributeNS(nullptr, attributeValueRegex))) {
88 boost::shared_ptr<Attribute> np(AttributeBuilder::buildAttribute());
89 np->setName(e->getAttributeNS(nullptr, attributeName));
90 np->setNameFormat(e->getAttributeNS(nullptr, attributeNameFormat));
91 auto_ptr<AttributeValue> nval(AttributeValueBuilder::buildAttributeValue());
92 if (e->hasAttributeNS(nullptr, attributeValue)) {
93 nval->setTextContent(e->getAttributeNS(nullptr, attributeValue));
96 nval->setTextContent(e->getAttributeNS(nullptr, attributeValueRegex));
97 // Use as a signal later that the value is a regex.
98 nval->setAttribute(xmltooling::QName(nullptr, regex), xmlconstants::XML_ONE);
100 np->getAttributeValues().push_back(nval.get());
102 m_tags.push_back(np);
105 DOMElement* child = XMLHelper::getFirstChildElement(e, samlconstants::SAML20_NS, Attribute::LOCAL_NAME);
107 boost::shared_ptr<XMLObject> obj(AttributeBuilder::buildOneFromElement(child));
108 m_tags.push_back(boost::shared_dynamic_cast<Attribute>(obj));
109 child = XMLHelper::getNextSiblingElement(child, samlconstants::SAML20_NS, Attribute::LOCAL_NAME);
113 throw XMLToolingException("EntityAttributes EntityMatcher requires at least one saml2:Attribute to match.");
116 bool EntityAttributesEntityMatcher::matches(const EntityDescriptor& entity) const
118 // Check for a tag match in the EntityAttributes extension of the entity and its parent(s).
119 const Extensions* exts = entity.getExtensions();
121 const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
122 const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
124 // If we find a matching tag, we win. Each tag is treated in OR fashion.
125 if (find_if(m_tags.begin(), m_tags.end(),
126 lambda::bind(&EntityAttributesEntityMatcher::_matches, this, dynamic_cast<const EntityAttributes*>(xo),
127 lambda::bind(&boost::shared_ptr<Attribute>::get, _1))) != m_tags.end()) {
133 const EntitiesDescriptor* group = dynamic_cast<EntitiesDescriptor*>(entity.getParent());
135 exts = group->getExtensions();
137 const vector<XMLObject*>& children = exts->getUnknownXMLObjects();
138 const XMLObject* xo = find_if(children, ll_dynamic_cast<EntityAttributes*>(_1) != ((EntityAttributes*)nullptr));
140 // If we find a matching tag, we win. Each tag is treated in OR fashion.
141 if (find_if(m_tags.begin(), m_tags.end(),
142 lambda::bind(&EntityAttributesEntityMatcher::_matches, this, dynamic_cast<const EntityAttributes*>(xo),
143 lambda::bind(&boost::shared_ptr<Attribute>::get, _1))) != m_tags.end()) {
148 group = dynamic_cast<EntitiesDescriptor*>(group->getParent());
154 bool EntityAttributesEntityMatcher::_matches(const EntityAttributes* ea, const Attribute* tag) const
156 const vector<Attribute*>& attrs = ea->getAttributes();
157 const vector<XMLObject*>& tagvals = tag->getAttributeValues();
158 if (!attrs.empty() && !tagvals.empty()) {
159 // Track whether we've found every tag value.
160 vector<bool> flags(tagvals.size());
162 // Holds the active regex, if any.
163 scoped_ptr<RegularExpression> re;
164 xmltooling::QName regexQName(nullptr, regex);
166 // Check each attribute/tag in the candidate.
167 for (indirect_iterator<vector<Attribute*>::const_iterator> a = make_indirect_iterator(attrs.begin());
168 a != make_indirect_iterator(attrs.end()); ++a) {
169 // Compare Name and NameFormat for a matching tag.
170 if (XMLString::equals(a->getName(), tag->getName()) &&
171 (!tag->getNameFormat() || XMLString::equals(tag->getNameFormat(), Attribute::UNSPECIFIED) ||
172 XMLString::equals(tag->getNameFormat(), a->getNameFormat()))) {
174 // Check each tag value's simple content for a match.
175 for (vector<XMLObject*>::size_type tagindex = 0; tagindex < tagvals.size(); ++tagindex) {
176 const XMLObject* tagval = tagvals[tagindex];
177 const XMLCh* tagvalstr = (tagval->getDOM()) ? tagval->getDOM()->getTextContent() : tagval->getTextContent();
180 // Check for a regex flag.
181 if (dynamic_cast<const AttributeExtensibleXMLObject*>(tagval)) {
182 const XMLCh* reflag = dynamic_cast<const AttributeExtensibleXMLObject*>(tagval)->getAttribute(regexQName);
183 if (reflag && (*reflag == chDigit_1 || *reflag == chLatin_t)) {
185 re.reset(new RegularExpression(tagvalstr));
187 catch (XMLException& ex) {
188 auto_ptr_char msg(ex.getMessage());
189 Category::getInstance(SAML_LOGCAT".EntityMatcher.EntityAttributes").error(msg.get());
194 const vector<XMLObject*>& cvals = const_cast<const Attribute&>(*a).getAttributeValues();
195 for (indirect_iterator<vector<XMLObject*>::const_iterator> cval = make_indirect_iterator(cvals.begin());
196 cval != make_indirect_iterator(cvals.end()); ++cval) {
197 const XMLCh* cvalstr = cval->getDOM() ? cval->getDOM()->getTextContent() : cval->getTextContent();
198 if (tagvalstr && cvalstr) {
201 if (re->matches(cvalstr)) {
202 flags[tagindex] = true;
206 catch (XMLException& ex) {
207 auto_ptr_char msg(ex.getMessage());
208 Category::getInstance(SAML_LOGCAT".EntityMatcher.EntityAttributes").error(msg.get());
211 else if (XMLString::equals(tagvalstr, cvalstr)) {
212 flags[tagindex] = true;
215 else if (m_trimTags) {
216 XMLCh* dup = XMLString::replicate(cvalstr);
217 XMLString::trim(dup);
218 if (XMLString::equals(tagvalstr, dup)) {
219 XMLString::release(&dup);
220 flags[tagindex] = true;
223 XMLString::release(&dup);
231 if (find(flags.begin(), flags.end(), false) == flags.end())