https://issues.shibboleth.net/jira/browse/CPPOST-47

[shibboleth/cpp-opensaml.git] / saml / saml2 / metadata / impl / XMLMetadataProvider.cpp

diff --git a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
index aa9c0cd..bf359c9 100644 (file)
--- a/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
+++ b/saml/saml2/metadata/impl/XMLMetadataProvider.cpp
@@ -27,6 +27,7 @@
 #include "saml2/metadata/AbstractMetadataProvider.h"
 
 #include <fstream>
+#include <xmltooling/io/HTTPResponse.h>
 #include <xmltooling/util/NDC.h>
 #include <xmltooling/util/ReloadableXMLFile.h>
 #include <xmltooling/util/Threads.h>
@@ -45,20 +46,22 @@ using namespace std;
 namespace opensaml {
     namespace saml2md {
 
+        static const XMLCh minRefreshDelay[] =      UNICODE_LITERAL_15(m,i,n,R,e,f,r,e,s,h,D,e,l,a,y);
+        static const XMLCh refreshDelayFactor[] =   UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
+
         class SAML_DLLLOCAL XMLMetadataProvider : public AbstractMetadataProvider, public ReloadableXMLFile
         {
         public:
-            XMLMetadataProvider(const DOMElement* e)
-                : AbstractMetadataProvider(e), ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML")),
-                    m_object(nullptr), m_maxCacheDuration(m_reloadInterval) {
-            }
+            XMLMetadataProvider(const DOMElement* e);
+
             virtual ~XMLMetadataProvider() {
                 shutdown();
                 delete m_object;
             }
 
             void init() {
-                background_load(); // guarantees an exception or the metadata is loaded
+                background_load();
+                startup();
             }
 
             const XMLObject* getMetadata() const {
@@ -66,14 +69,18 @@ namespace opensaml {
             }
 
         protected:
+            pair<bool,DOMElement*> load(bool backup);
             pair<bool,DOMElement*> background_load();
 
         private:
             using AbstractMetadataProvider::index;
-            void index();
+            void index(time_t& validUntil);
+            time_t computeNextRefresh();
 
             XMLObject* m_object;
-            time_t m_maxCacheDuration;
+            double m_refreshDelayFactor;
+            unsigned int m_backoffFactor;
+            time_t m_minRefreshDelay,m_maxRefreshDelay,m_lastValidUntil;
         };
 
         MetadataProvider* SAML_DLLLOCAL XMLMetadataProviderFactory(const DOMElement* const & e)
@@ -88,13 +95,43 @@ namespace opensaml {
     #pragma warning( pop )
 #endif
 
-pair<bool,DOMElement*> XMLMetadataProvider::background_load()
+XMLMetadataProvider::XMLMetadataProvider(const DOMElement* e)
+    : AbstractMetadataProvider(e), ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML"), false),
+        m_object(nullptr), m_refreshDelayFactor(0.75), m_backoffFactor(1), m_minRefreshDelay(600),
+        m_maxRefreshDelay(m_reloadInterval), m_lastValidUntil(SAMLTIME_MAX)
 {
-    // Turn off auto-backup so we can filter first.
-    m_backupIndicator = false;
+    if (!m_local && m_maxRefreshDelay) {
+        const XMLCh* setting = e ? e->getAttributeNS(nullptr, refreshDelayFactor) : NULL;
+        if (setting && *setting) {
+            auto_ptr_char delay(setting);
+            m_refreshDelayFactor = atof(delay.get());
+            if (m_refreshDelayFactor <= 0.0 || m_refreshDelayFactor >= 1.0) {
+                m_log.error("invalid refreshDelayFactor setting, using default");
+                m_refreshDelayFactor = 0.75;
+            }
+        }
+        setting = e ? e->getAttributeNS(nullptr, minRefreshDelay) : NULL;
+        if (setting && *setting) {
+            m_minRefreshDelay = XMLString::parseInt(setting);
+            if (m_minRefreshDelay == 0) {
+                m_log.error("invalid minRefreshDelay setting, using default");
+                m_minRefreshDelay = 600;
+            }
+            else if (m_minRefreshDelay > m_maxRefreshDelay) {
+                m_log.error("minRefreshDelay setting exceeds maxRefreshDelay/refreshInterval setting, lowering to match it");
+                m_minRefreshDelay = m_maxRefreshDelay;
+            }
+        }
+    }
+}
+
+pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
+{
+    // Lower the refresh rate in case of an error.
+    m_reloadInterval = m_minRefreshDelay;
 
-    // Load from source using base class.
-    pair<bool,DOMElement*> raw = ReloadableXMLFile::load();
+    // Call the base class to load/parse the appropriate XML resource.
+    pair<bool,DOMElement*> raw = ReloadableXMLFile::load(backup);
 
     // If we own it, wrap it for now.
     XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : nullptr);
@@ -117,17 +154,16 @@ pair<bool,DOMElement*> XMLMetadataProvider::background_load()
         throw MetadataException("Metadata instance failed manual validation checking.");
     }
 
-    // If the backup indicator is flipped, then this was a remote load and we need a backup.
     // This is the best place to take a backup, since it's superficially "correct" metadata.
     string backupKey;
-    if (m_backupIndicator) {
+    if (!backup && !m_backing.empty()) {
         // We compute a random filename extension to the "real" location.
         SAMLConfig::getConfig().generateRandomBytes(backupKey, 2);
         backupKey = m_backing + '.' + SAMLArtifact::toHex(backupKey);
         m_log.debug("backing up remote metadata resource to (%s)", backupKey.c_str());
         try {
             ofstream backer(backupKey.c_str());
-            backer << *raw.second->getOwnerDocument();
+            backer << *(raw.second->getOwnerDocument());
         }
         catch (exception& ex) {
             m_log.crit("exception while backing up metadata: %s", ex.what());
@@ -162,29 +198,93 @@ pair<bool,DOMElement*> XMLMetadataProvider::background_load()
     bool changed = m_object!=nullptr;
     delete m_object;
     m_object = xmlObject.release();
-    index();
+    m_lastValidUntil = SAMLTIME_MAX;
+    index(m_lastValidUntil);
     if (changed)
         emitChangeEvent();
 
-    // If a remote resource, adjust the reload interval if cacheDuration is set.
-    if (!m_local) {
-        const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object);
-        if (cacheable && cacheable->getCacheDuration() && cacheable->getCacheDurationEpoch() < m_maxCacheDuration)
-            m_reloadInterval = cacheable->getCacheDurationEpoch();
-        else
-            m_reloadInterval = m_maxCacheDuration;
+    // Tracking cacheUntil through the tree is TBD, but
+    // validUntil is the tightest interval amongst the children.
+
+    // If a remote resource, adjust the reload interval.
+    if (!backup) {
+        m_backoffFactor = 1;
+        m_reloadInterval = computeNextRefresh();
+        m_log.info("adjusted reload interval to %d seconds", m_reloadInterval);
     }
 
+    m_loaded = true;
     return make_pair(false,(DOMElement*)nullptr);
 }
 
-void XMLMetadataProvider::index()
+pair<bool,DOMElement*> XMLMetadataProvider::background_load()
+{
+    try {
+        return load(false);
+    }
+    catch (long& ex) {
+        if (ex == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED) {
+            // Unchanged document, so re-establish previous refresh interval.
+            m_reloadInterval = computeNextRefresh();
+            m_log.info("adjusted reload interval to %d seconds", m_reloadInterval);
+        }
+        else {
+            // Any other status code, just treat as an error.
+            m_reloadInterval = m_minRefreshDelay * m_backoffFactor++;
+            if (m_reloadInterval > m_maxRefreshDelay)
+                m_reloadInterval = m_maxRefreshDelay;
+            m_log.warn("adjusted reload interval to %d seconds", m_reloadInterval);
+        }
+        if (!m_loaded && !m_backing.empty())
+            return load(true);
+        throw;
+    }
+    catch (exception&) {
+        m_reloadInterval = m_minRefreshDelay * m_backoffFactor++;
+        if (m_reloadInterval > m_maxRefreshDelay)
+            m_reloadInterval = m_maxRefreshDelay;
+        m_log.warn("adjusted reload interval to %d seconds", m_reloadInterval);
+        if (!m_loaded && !m_backing.empty())
+            return load(true);
+        throw;
+    }
+}
+
+void XMLMetadataProvider::index(time_t& validUntil)
 {
     clearDescriptorIndex();
     EntitiesDescriptor* group=dynamic_cast<EntitiesDescriptor*>(m_object);
     if (group) {
-        AbstractMetadataProvider::index(group, SAMLTIME_MAX);
+        indexGroup(group, validUntil);
         return;
     }
-    AbstractMetadataProvider::index(dynamic_cast<EntityDescriptor*>(m_object), SAMLTIME_MAX);
+    indexEntity(dynamic_cast<EntityDescriptor*>(m_object), validUntil);
+}
+
+time_t XMLMetadataProvider::computeNextRefresh()
+{
+    time_t now = time(nullptr);
+
+    // If some or all of the metadata is already expired, reload after the minimum.
+    if (m_lastValidUntil < now) {
+        return m_minRefreshDelay;
+    }
+    else {
+        // Compute the smaller of the validUntil / cacheDuration constraints.
+        time_t ret = m_lastValidUntil - now;
+        const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object);
+        if (cacheable && cacheable->getCacheDuration())
+            ret = min(ret, cacheable->getCacheDurationEpoch());
+            
+        // Adjust for the delay factor.
+        ret *= m_refreshDelayFactor;
+
+        // Bound by max and min.
+        if (ret > m_maxRefreshDelay)
+            return m_maxRefreshDelay;
+        else if (ret < m_minRefreshDelay)
+            return m_minRefreshDelay;
+
+        return ret;
+    }
 }