2 * Copyright 2001-2008 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * RequireValidUntilMetadataFilter.cpp
20 * MetadataFilter that enforces expiration requirements.
24 #include "saml2/metadata/Metadata.h"
25 #include "saml2/metadata/MetadataFilter.h"
27 #include <xmltooling/logging.h>
28 #include <xmltooling/util/NDC.h>
30 using namespace opensaml::saml2md;
31 using namespace xmltooling::logging;
32 using namespace xmltooling;
38 class SAML_DLLLOCAL RequireValidUntilMetadataFilter : public MetadataFilter
41 RequireValidUntilMetadataFilter(const DOMElement* e);
42 ~RequireValidUntilMetadataFilter() {}
44 const char* getId() const { return REQUIREVALIDUNTIL_METADATA_FILTER; }
45 void doFilter(XMLObject& xmlObject) const;
48 time_t m_maxValidityInterval;
51 MetadataFilter* SAML_DLLLOCAL RequireValidUntilMetadataFilterFactory(const DOMElement* const & e)
53 return new RequireValidUntilMetadataFilter(e);
59 static const XMLCh maxValidityInterval[] = UNICODE_LITERAL_19(m,a,x,V,a,l,i,d,i,t,y,I,n,t,e,r,v,a,l);
61 RequireValidUntilMetadataFilter::RequireValidUntilMetadataFilter(const DOMElement* e) : m_maxValidityInterval(60 * 60 * 24 * 7)
63 const XMLCh* mvi = e ? e->getAttributeNS(NULL,maxValidityInterval) : NULL;
65 m_maxValidityInterval = XMLString::parseInt(mvi);
66 if (m_maxValidityInterval == 0)
67 m_maxValidityInterval = 60 * 60 * 24 * 7;
71 void RequireValidUntilMetadataFilter::doFilter(XMLObject& xmlObject) const
73 const TimeBoundSAMLObject* tbo = dynamic_cast<const TimeBoundSAMLObject*>(&xmlObject);
75 throw MetadataFilterException("Metadata root element was invalid.");
77 if (!tbo->getValidUntil())
78 throw MetadataFilterException("Metadata did not include a validUntil attribute.");
80 if (tbo->getValidUntilEpoch() - time(NULL) > m_maxValidityInterval)
81 throw MetadataFilterException("Metadata validity interval is larger than permitted.");