#include "saml2/metadata/AbstractMetadataProvider.h"
#include <fstream>
+#include <xmltooling/io/HTTPResponse.h>
#include <xmltooling/util/NDC.h>
#include <xmltooling/util/ReloadableXMLFile.h>
#include <xmltooling/util/Threads.h>
namespace opensaml {
namespace saml2md {
+ static const XMLCh minRefreshDelay[] = UNICODE_LITERAL_15(m,i,n,R,e,f,r,e,s,h,D,e,l,a,y);
+ static const XMLCh refreshDelayFactor[] = UNICODE_LITERAL_18(r,e,f,r,e,s,h,D,e,l,a,y,F,a,c,t,o,r);
+
class SAML_DLLLOCAL XMLMetadataProvider : public AbstractMetadataProvider, public ReloadableXMLFile
{
public:
- XMLMetadataProvider(const DOMElement* e)
- : AbstractMetadataProvider(e), ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML")),
- m_object(nullptr), m_maxCacheDuration(m_reloadInterval) {
- }
+ XMLMetadataProvider(const DOMElement* e);
+
virtual ~XMLMetadataProvider() {
shutdown();
delete m_object;
}
void init() {
- background_load(); // guarantees an exception or the metadata is loaded
+ background_load();
+ startup();
}
const XMLObject* getMetadata() const {
}
protected:
+ pair<bool,DOMElement*> load(bool backup);
pair<bool,DOMElement*> background_load();
private:
using AbstractMetadataProvider::index;
- void index();
+ void index(time_t& validUntil);
+ time_t computeNextRefresh();
XMLObject* m_object;
- time_t m_maxCacheDuration;
+ double m_refreshDelayFactor;
+ unsigned int m_backoffFactor;
+ time_t m_minRefreshDelay,m_maxRefreshDelay,m_lastValidUntil;
};
MetadataProvider* SAML_DLLLOCAL XMLMetadataProviderFactory(const DOMElement* const & e)
#pragma warning( pop )
#endif
-pair<bool,DOMElement*> XMLMetadataProvider::background_load()
+XMLMetadataProvider::XMLMetadataProvider(const DOMElement* e)
+ : AbstractMetadataProvider(e), ReloadableXMLFile(e, Category::getInstance(SAML_LOGCAT".MetadataProvider.XML"), false),
+ m_object(nullptr), m_refreshDelayFactor(0.75), m_backoffFactor(1), m_minRefreshDelay(600),
+ m_maxRefreshDelay(m_reloadInterval), m_lastValidUntil(SAMLTIME_MAX)
{
- // Turn off auto-backup so we can filter first.
- m_backupIndicator = false;
+ if (!m_local && m_maxRefreshDelay) {
+ const XMLCh* setting = e ? e->getAttributeNS(nullptr, refreshDelayFactor) : NULL;
+ if (setting && *setting) {
+ auto_ptr_char delay(setting);
+ m_refreshDelayFactor = atof(delay.get());
+ if (m_refreshDelayFactor <= 0.0 || m_refreshDelayFactor >= 1.0) {
+ m_log.error("invalid refreshDelayFactor setting, using default");
+ m_refreshDelayFactor = 0.75;
+ }
+ }
+ setting = e ? e->getAttributeNS(nullptr, minRefreshDelay) : NULL;
+ if (setting && *setting) {
+ m_minRefreshDelay = XMLString::parseInt(setting);
+ if (m_minRefreshDelay == 0) {
+ m_log.error("invalid minRefreshDelay setting, using default");
+ m_minRefreshDelay = 600;
+ }
+ else if (m_minRefreshDelay > m_maxRefreshDelay) {
+ m_log.error("minRefreshDelay setting exceeds maxRefreshDelay/refreshInterval setting, lowering to match it");
+ m_minRefreshDelay = m_maxRefreshDelay;
+ }
+ }
+ }
+}
+
+pair<bool,DOMElement*> XMLMetadataProvider::load(bool backup)
+{
+ // Lower the refresh rate in case of an error.
+ m_reloadInterval = m_minRefreshDelay;
- // Load from source using base class.
- pair<bool,DOMElement*> raw = ReloadableXMLFile::load();
+ // Call the base class to load/parse the appropriate XML resource.
+ pair<bool,DOMElement*> raw = ReloadableXMLFile::load(backup);
// If we own it, wrap it for now.
XercesJanitor<DOMDocument> docjanitor(raw.first ? raw.second->getOwnerDocument() : nullptr);
throw MetadataException("Metadata instance failed manual validation checking.");
}
- // If the backup indicator is flipped, then this was a remote load and we need a backup.
// This is the best place to take a backup, since it's superficially "correct" metadata.
string backupKey;
- if (m_backupIndicator) {
+ if (!backup && !m_backing.empty()) {
// We compute a random filename extension to the "real" location.
SAMLConfig::getConfig().generateRandomBytes(backupKey, 2);
backupKey = m_backing + '.' + SAMLArtifact::toHex(backupKey);
m_log.debug("backing up remote metadata resource to (%s)", backupKey.c_str());
try {
ofstream backer(backupKey.c_str());
- backer << *raw.second->getOwnerDocument();
+ backer << *(raw.second->getOwnerDocument());
}
catch (exception& ex) {
m_log.crit("exception while backing up metadata: %s", ex.what());
bool changed = m_object!=nullptr;
delete m_object;
m_object = xmlObject.release();
- index();
+ m_lastValidUntil = SAMLTIME_MAX;
+ index(m_lastValidUntil);
if (changed)
emitChangeEvent();
- // If a remote resource, adjust the reload interval if cacheDuration is set.
- if (!m_local) {
- const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object);
- if (cacheable && cacheable->getCacheDuration() && cacheable->getCacheDurationEpoch() < m_maxCacheDuration)
- m_reloadInterval = cacheable->getCacheDurationEpoch();
- else
- m_reloadInterval = m_maxCacheDuration;
+ // Tracking cacheUntil through the tree is TBD, but
+ // validUntil is the tightest interval amongst the children.
+
+ // If a remote resource, adjust the reload interval.
+ if (!backup) {
+ m_backoffFactor = 1;
+ m_reloadInterval = computeNextRefresh();
+ m_log.info("adjusted reload interval to %d seconds", m_reloadInterval);
}
+ m_loaded = true;
return make_pair(false,(DOMElement*)nullptr);
}
-void XMLMetadataProvider::index()
+pair<bool,DOMElement*> XMLMetadataProvider::background_load()
+{
+ try {
+ return load(false);
+ }
+ catch (long& ex) {
+ if (ex == HTTPResponse::XMLTOOLING_HTTP_STATUS_NOTMODIFIED) {
+ // Unchanged document, so re-establish previous refresh interval.
+ m_reloadInterval = computeNextRefresh();
+ m_log.info("adjusted reload interval to %d seconds", m_reloadInterval);
+ }
+ else {
+ // Any other status code, just treat as an error.
+ m_reloadInterval = m_minRefreshDelay * m_backoffFactor++;
+ if (m_reloadInterval > m_maxRefreshDelay)
+ m_reloadInterval = m_maxRefreshDelay;
+ m_log.warn("adjusted reload interval to %d seconds", m_reloadInterval);
+ }
+ if (!m_loaded && !m_backing.empty())
+ return load(true);
+ throw;
+ }
+ catch (exception&) {
+ m_reloadInterval = m_minRefreshDelay * m_backoffFactor++;
+ if (m_reloadInterval > m_maxRefreshDelay)
+ m_reloadInterval = m_maxRefreshDelay;
+ m_log.warn("adjusted reload interval to %d seconds", m_reloadInterval);
+ if (!m_loaded && !m_backing.empty())
+ return load(true);
+ throw;
+ }
+}
+
+void XMLMetadataProvider::index(time_t& validUntil)
{
clearDescriptorIndex();
EntitiesDescriptor* group=dynamic_cast<EntitiesDescriptor*>(m_object);
if (group) {
- AbstractMetadataProvider::index(group, SAMLTIME_MAX);
+ indexGroup(group, validUntil);
return;
}
- AbstractMetadataProvider::index(dynamic_cast<EntityDescriptor*>(m_object), SAMLTIME_MAX);
+ indexEntity(dynamic_cast<EntityDescriptor*>(m_object), validUntil);
+}
+
+time_t XMLMetadataProvider::computeNextRefresh()
+{
+ time_t now = time(nullptr);
+
+ // If some or all of the metadata is already expired, reload after the minimum.
+ if (m_lastValidUntil < now) {
+ return m_minRefreshDelay;
+ }
+ else {
+ // Compute the smaller of the validUntil / cacheDuration constraints.
+ time_t ret = m_lastValidUntil - now;
+ const CacheableSAMLObject* cacheable = dynamic_cast<const CacheableSAMLObject*>(m_object);
+ if (cacheable && cacheable->getCacheDuration())
+ ret = min(ret, cacheable->getCacheDurationEpoch());
+
+ // Adjust for the delay factor.
+ ret *= m_refreshDelayFactor;
+
+ // Bound by max and min.
+ if (ret > m_maxRefreshDelay)
+ return m_maxRefreshDelay;
+ else if (ret < m_minRefreshDelay)
+ return m_minRefreshDelay;
+
+ return ret;
+ }
}