#include "binding/SAMLArtifact.h"
#include "saml2/metadata/Metadata.h"
#include "saml2/metadata/AbstractMetadataProvider.h"
+#include "saml2/metadata/MetadataCredentialContext.h"
#include "saml2/metadata/MetadataCredentialCriteria.h"
#include <xercesc/util/XMLUniDefs.hpp>
AbstractMetadataProvider::~AbstractMetadataProvider()
{
for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
- for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+ for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
delete m_credentialLock;
delete m_resolver;
}
-void AbstractMetadataProvider::emitChangeEvent()
+void AbstractMetadataProvider::emitChangeEvent() const
{
for (credmap_t::iterator c = m_credentialMap.begin(); c!=m_credentialMap.end(); ++c)
- for_each(c->second.begin(), c->second.end(), cleanup_pair<const XMLCh*,Credential>());
+ for_each(c->second.begin(), c->second.end(), xmltooling::cleanup<Credential>());
m_credentialMap.clear();
ObservableMetadataProvider::emitChangeEvent();
}
-void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil)
+void AbstractMetadataProvider::index(EntityDescriptor* site, time_t validUntil, bool replace) const
{
if (validUntil < site->getValidUntilEpoch())
site->setValidUntil(validUntil);
auto_ptr_char id(site->getEntityID());
if (id.get()) {
- m_sites.insert(make_pair(id.get(),site));
+ if (replace) {
+ m_sites.erase(id.get());
+ for (sitemap_t::iterator s = m_sources.begin(); s != m_sources.end();) {
+ if (s->second == site) {
+ sitemap_t::iterator temp = s;
+ ++s;
+ m_sources.erase(temp);
+ }
+ else {
+ ++s;
+ }
+ }
+ }
+ m_sites.insert(sitemap_t::value_type(id.get(),site));
}
// Process each IdP role.
if (sid) {
auto_ptr_char sourceid(sid->getID());
if (sourceid.get()) {
- m_sources.insert(pair<string,const EntityDescriptor*>(sourceid.get(),site));
+ m_sources.insert(sitemap_t::value_type(sourceid.get(),site));
break;
}
}
}
// Hash the ID.
- m_sources.insert(
- pair<string,const EntityDescriptor*>(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)
- );
+ m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
// Load endpoints for type 0x0002 artifacts.
const vector<ArtifactResolutionService*>& locs=const_cast<const IDPSSODescriptor*>(*i)->getArtifactResolutionServices();
for (vector<ArtifactResolutionService*>::const_iterator loc=locs.begin(); loc!=locs.end(); loc++) {
auto_ptr_char location((*loc)->getLocation());
if (location.get())
- m_sources.insert(pair<string,const EntityDescriptor*>(location.get(),site));
+ m_sources.insert(sitemap_t::value_type(location.get(),site));
}
}
// SAML 2.0?
if ((*i)->hasSupport(samlconstants::SAML20P_NS)) {
// Hash the ID.
- m_sources.insert(
- pair<string,const EntityDescriptor*>(SAMLConfig::getConfig().hashSHA1(id.get(), true),site)
- );
+ m_sources.insert(sitemap_t::value_type(SAMLConfig::getConfig().hashSHA1(id.get(), true),site));
}
}
}
-void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil)
+void AbstractMetadataProvider::index(EntitiesDescriptor* group, time_t validUntil) const
{
if (validUntil < group->getValidUntilEpoch())
group->setValidUntil(validUntil);
auto_ptr_char name(group->getName());
if (name.get()) {
- m_groups.insert(make_pair(name.get(),group));
+ m_groups.insert(groupmap_t::value_type(name.get(),group));
}
const vector<EntitiesDescriptor*>& groups=const_cast<const EntitiesDescriptor*>(group)->getEntitiesDescriptors();
index(*j,group->getValidUntilEpoch());
}
-void AbstractMetadataProvider::clearDescriptorIndex()
+void AbstractMetadataProvider::clearDescriptorIndex(bool freeSites)
{
- m_sources.clear();
+ if (freeSites)
+ for_each(m_sites.begin(), m_sites.end(), cleanup_const_pair<string,EntityDescriptor>());
m_sites.clear();
m_groups.clear();
+ m_sources.clear();
}
const EntitiesDescriptor* AbstractMetadataProvider::getEntitiesDescriptor(const char* name, bool strict) const
{
- pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=m_groups.equal_range(name);
+ pair<groupmap_t::const_iterator,groupmap_t::const_iterator> range=const_cast<const groupmap_t&>(m_groups).equal_range(name);
time_t now=time(NULL);
for (groupmap_t::const_iterator i=range.first; i!=range.second; i++)
return NULL;
}
-const EntityDescriptor* AbstractMetadataProvider::getEntityDescriptor(const char* name, bool strict) const
+pair<const EntityDescriptor*,const RoleDescriptor*> AbstractMetadataProvider::getEntityDescriptor(const Criteria& criteria) const
{
- pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range=m_sites.equal_range(name);
-
+ pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range;
+ if (criteria.entityID_ascii)
+ range = const_cast<const sitemap_t&>(m_sites).equal_range(criteria.entityID_ascii);
+ else if (criteria.entityID_unicode) {
+ auto_ptr_char id(criteria.entityID_unicode);
+ range = const_cast<const sitemap_t&>(m_sites).equal_range(id.get());
+ }
+ else if (criteria.artifact)
+ range = const_cast<const sitemap_t&>(m_sources).equal_range(criteria.artifact->getSource());
+ else
+ return pair<const EntityDescriptor*,const RoleDescriptor*>(NULL,NULL);
+
+ pair<const EntityDescriptor*,const RoleDescriptor*> result;
+ result.first = NULL;
+ result.second = NULL;
+
time_t now=time(NULL);
- for (sitemap_t::const_iterator i=range.first; i!=range.second; i++)
- if (now < i->second->getValidUntilEpoch())
- return i->second;
+ for (sitemap_t::const_iterator i=range.first; i!=range.second; i++) {
+ if (now < i->second->getValidUntilEpoch()) {
+ result.first = i->second;
+ break;
+ }
+ }
- if (!strict && range.first!=range.second)
- return range.first->second;
+ if (!result.first && !criteria.validOnly && range.first!=range.second)
+ result.first = range.first->second;
- return NULL;
-}
-
-const EntityDescriptor* AbstractMetadataProvider::getEntityDescriptor(const SAMLArtifact* artifact) const
-{
- pair<sitemap_t::const_iterator,sitemap_t::const_iterator> range=m_sources.equal_range(artifact->getSource());
-
- time_t now=time(NULL);
- for (sitemap_t::const_iterator i=range.first; i!=range.second; i++)
- if (now < i->second->getValidUntilEpoch())
- return i->second;
-
- return NULL;
+ if (result.first && criteria.role) {
+ result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol);
+ if (!result.second && criteria.protocol2)
+ result.second = result.first->getRoleDescriptor(*criteria.role, criteria.protocol2);
+ }
+
+ return result;
}
const Credential* AbstractMetadataProvider::resolve(const CredentialCriteria* criteria) const
const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
- if (matches(*c,criteria))
- return c->second;
+ if (metacrit->matches(*(*c)))
+ return *c;
return NULL;
}
const credmap_t::mapped_type& creds = resolveCredentials(metacrit->getRole());
for (credmap_t::mapped_type::const_iterator c = creds.begin(); c!=creds.end(); ++c)
- if (matches(*c,criteria))
- results.push_back(c->second);
+ if (metacrit->matches(*(*c)))
+ results.push_back(*c);
return results.size();
}
AbstractMetadataProvider::credmap_t::mapped_type& resolved = m_credentialMap[&role];
for (vector<KeyDescriptor*>::const_iterator k = keys.begin(); k!=keys.end(); ++k) {
if ((*k)->getKeyInfo()) {
- Credential* c = resolver->resolve((*k)->getKeyInfo());
- resolved.push_back(make_pair((*k)->getUse(), c));
+ auto_ptr<MetadataCredentialContext> mcc(new MetadataCredentialContext(*(*k)));
+ Credential* c = resolver->resolve(mcc.get());
+ mcc.release();
+ resolved.push_back(c);
}
}
return resolved;
}
-
-bool AbstractMetadataProvider::matches(const pair<const XMLCh*,Credential*>& cred, const CredentialCriteria* criteria) const
-{
- if (criteria) {
- // Check for a usage mismatch.
- if ((criteria->getUsage()==CredentialCriteria::SIGNING_CREDENTIAL || criteria->getUsage()==CredentialCriteria::TLS_CREDENTIAL) &&
- XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_ENCRYPTION))
- return false;
- else if (criteria->getUsage()==CredentialCriteria::ENCRYPTION_CREDENTIAL && XMLString::equals(cred.first,KeyDescriptor::KEYTYPE_SIGNING))
- return false;
-
- if (cred.second->getPublicKey()) {
- // See if we have to match a specific key.
- auto_ptr<Credential> critcred(
- XMLToolingConfig::getConfig().getKeyInfoResolver()->resolve(*criteria,Credential::RESOLVE_KEYS)
- );
- if (critcred.get())
- if (!critcred->isEqual(*(cred.second->getPublicKey())))
- return false;
- }
- }
- return true;
-}
projects / shibboleth / cpp-opensaml.git / blobdiff