/*
- * Copyright 2001-2007 Internet2
+ * Copyright 2001-2009 Internet2
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include "saml2/metadata/MetadataCredentialCriteria.h"
#include <xercesc/util/XMLUniDefs.hpp>
+#include <xmltooling/logging.h>
+#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/security/Credential.h>
#include <xmltooling/security/KeyInfoResolver.h>
+#include <xmltooling/security/SecurityHelper.h>
+#include <xmltooling/util/Threads.h>
#include <xmltooling/util/XMLHelper.h>
using namespace opensaml::saml2md;
+using namespace xmltooling::logging;
using namespace xmltooling;
using namespace std;
using opensaml::SAMLArtifact;
}
// Hash the ID.
- m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
+ m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site));
// Load endpoints for type 0x0002 artifacts.
const vector<ArtifactResolutionService*>& locs=const_cast<const IDPSSODescriptor*>(*i)->getArtifactResolutionServices();
// SAML 2.0?
if ((*i)->hasSupport(samlconstants::SAML20P_NS)) {
// Hash the ID.
- m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
+ m_sources.insert(sitemap_t::value_type(SecurityHelper::doHash("SHA1", id.get(), strlen(id.get())),site));
}
}
}
const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const
{
- pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=m_groups.equal_range(name);
+ pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=const_cast<const groupmap_t&>(m_groups).equal_range(name);
time_t now=time(NULL);
for (groupmap_t::const_iterator i=range.first; i!=range.second; i++)
if (now < i->second->getValidUntilEpoch())
return i->second;
- if (!strict && range.first!=range.second)
- return range.first->second;
-
+ if (range.first != range.second) {
+ Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider");
+ if (strict) {
+ log.warn("ignored expired metadata group (%s)", range.first->first.c_str());
+ }
+ else {
+ log.info("no valid metadata found, returning expired metadata group (%s)", range.first->first.c_str());
+ return range.first->second;
+ }
+ }
+
return NULL;
}
{
pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range;
if (criteria.entityID_ascii)
- range = m_sites.equal_range(criteria.entityID_ascii);
+ range = const_cast<const sitemap_t&>(m_sites).equal_range(criteria.entityID_ascii);
else if (criteria.entityID_unicode) {
auto_ptr_char id(criteria.entityID_unicode);
- range = m_sites.equal_range(id.get());
+ range = const_cast<const sitemap_t&>(m_sites).equal_range(id.get());
}
else if (criteria.artifact)
- range = m_sources.equal_range(criteria.artifact->getSource());
+ range = const_cast<const sitemap_t&>(m_sources).equal_range(criteria.artifact->getSource());
else
return pair<const EntityDescriptor*,const RoleDescriptor*>(NULL,NULL);
}
}
- if (!result.first && !criteria.validOnly && range.first!=range.second)
- result.first = range.first->second;
-
- if (result.first && criteria.role && criteria.protocol) {
+ if (!result.first && range.first!=range.second) {
+ Category& log = Category::getInstance(SAML_LOGCAT".MetadataProvider");
+ if (criteria.validOnly) {
+ log.warn("ignored expired metadata instance for (%s)", range.first->first.c_str());
+ }
+ else {
+ log.info("no valid metadata found, returning expired instance for (%s)", range.first->first.c_str());
+ result.first = range.first->second;
+ }
+ }
+
+ if (result.first && criteria.role) {
result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol);
if (!result.second && criteria.protocol2)
result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol2);