2 * Copyright 2001-2010 Internet2
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * XMLMetadataProvider.cpp
20 * Supplies metadata from an XML file
24 #include "binding/SAMLArtifact.h"
25 #include "saml2/metadata/Metadata.h"
26 #include "saml2/metadata/MetadataFilter.h"
27 #include "saml2/metadata/AbstractMetadataProvider.h"
30 #include <xmltooling/util/NDC.h>
31 #include <xmltooling/util/ReloadableXMLFile.h>
32 #include <xmltooling/util/Threads.h>
33 #include <xmltooling/validation/ValidatorSuite.h>
35 using namespace opensaml::saml2md;
36 using namespace xmltooling::logging;
37 using namespace xmltooling;
40 #if defined (_MSC_VER)
41 #pragma warning( push )
42 #pragma warning( disable : 4250 )
48 class SAML_DLLLOCAL XMLMetadataProvider : public AbstractMetadataProvider, public ReloadableXMLFile
51 XMLMetadataProvider(const DOMElement* e)
52 : AbstractMetadataProvider(e), ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML")),
53 m_object(NULL), m_maxCacheDuration(m_reloadInterval) {
55 virtual ~XMLMetadataProvider() {
61 background_load(); // guarantees an exception or the metadata is loaded
64 const XMLObject* getMetadata() const {
69 pair<bool,DOMElement*> background_load();
72 using AbstractMetadataProvider::index;
76 time_t m_maxCacheDuration;
79 MetadataProvider* SAML_DLLLOCAL XMLMetadataProviderFactory(const DOMElement* const & e)
81 return new XMLMetadataProvider(e);
87 #if defined (_MSC_VER)
88 #pragma warning( pop )
91 pair<bool,DOMElement*> XMLMetadataProvider::background_load()
93 // Turn off auto-backup so we can filter first.
94 m_backupIndicator = false;
96 // Load from source using base class.
97 pair<bool,DOMElement*> raw = ReloadableXMLFile::load();
99 // If we own it, wrap it for now.
100 XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : NULL);
102 // Unmarshall objects, binding the document.
103 auto_ptr<XMLObject> xmlObject(XMLObjectBuilder::buildOneFromElement(raw.second, true));
104 docjanitor.release();
106 if (!dynamic_cast<const EntitiesDescriptor*>(xmlObject.get()) && !dynamic_cast<const EntityDescriptor*>(xmlObject.get()))
107 throw MetadataException(
108 "Root of metadata instance not recognized: $1", params(1,xmlObject->getElementQName().toString().c_str())
111 // Preprocess the metadata (even if we schema-validated).
113 SchemaValidators.validate(xmlObject.get());
115 catch (exception& ex) {
116 m_log.error("metadata intance failed manual validation checking: %s", ex.what());
117 throw MetadataException("Metadata instance failed manual validation checking.");
120 // If the backup indicator is flipped, then this was a remote load and we need a backup.
121 // This is the best place to take a backup, since it's superficially "correct" metadata.
123 if (m_backupIndicator) {
124 // We compute a random filename extension to the "real" location.
125 SAMLConfig::getConfig().generateRandomBytes(backupKey, 2);
126 backupKey = m_backing + '.' + SAMLArtifact::toHex(backupKey);
127 m_log.debug("backing up remote metadata resource to (%s)", backupKey.c_str());
129 ofstream backer(backupKey.c_str());
130 backer << *raw.second->getOwnerDocument();
132 catch (exception& ex) {
133 m_log.crit("exception while backing up metadata: %s", ex.what());
139 doFilters(*xmlObject.get());
142 if (!backupKey.empty())
143 remove(backupKey.c_str());
147 if (!backupKey.empty()) {
148 m_log.debug("committing backup file to permanent location (%s)", m_backing.c_str());
149 Locker locker(getBackupLock());
150 remove(m_backing.c_str());
151 if (rename(backupKey.c_str(), m_backing.c_str()) != 0)
152 m_log.crit("unable to rename metadata backup file");
155 xmlObject->releaseThisAndChildrenDOM();
156 xmlObject->setDocument(NULL);
158 // Swap it in after acquiring write lock if necessary.
161 SharedLock locker(m_lock, false);
162 bool changed = m_object!=NULL;
164 m_object = xmlObject.release();
169 // If a remote resource, adjust the reload interval if cacheDuration is set.
171 const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object);
172 if (cacheable && cacheable->getCacheDuration() && cacheable->getCacheDurationEpoch() < m_maxCacheDuration)
173 m_reloadInterval = cacheable->getCacheDurationEpoch();
175 m_reloadInterval = m_maxCacheDuration;
178 return make_pair(false,(DOMElement*)NULL);
181 void XMLMetadataProvider::index()
183 clearDescriptorIndex();
184 EntitiesDescriptor* group=dynamic_cast<EntitiesDescriptor*>(m_object);
186 AbstractMetadataProvider::index(group, SAMLTIME_MAX);
189 AbstractMetadataProvider::index(dynamic_cast<EntityDescriptor*>(m_object), SAMLTIME_MAX);